Just as the feds back down from one fight to unlock an Apple iPhone linked to terrorist activity, another is ongoing. It revolves around another man suspected of links to terrorist group ISIS, though this time the alleged perp, Aws Mohammed Younis Al-Jayab, is alive.
A warrant filed on March 1 and found by FORBES shows the FBI was granted access to data on an iPhone 6S and a Samsung Galaxy S5 belonging to 23-year-old Al-Jayab, who was indicted in Chicago on 17 March for allegedly attempting to provide material support to violent terrorists overseas. Previous charges filed in Sacramento this January had claimed Al-Jayab in Sacremento made false statements in 2014 to immigration services about his support of extremist groups in Syria.
The warrant, filed in Sacramento, shows the police bypassed protections on the Samsung device, having already acquired access to a number of Facebook accounts linked to Al-Jayab. But there’s no indication the FBI has managed to break the passcode of the iPhone.
Whilst the filing FBI agent wrote the government believed access to the phones was authorized in an previous “omnibus affidavit” that included a request to search Al-Jayab’s person for digital devices, the government wrote up a new warrant “out of an abundance of caution”. That second warrant contained the details of the specific phones.
Al-Jayab’s legal representative, assistant federal defender Ben Galloway, told FORBES over email his team did not yet know whether the data has been retrieved from the devices and didn’t have any information about the phones beyond what’s in the filings. He also did not know whether the FBI needed forensic means to access the iPhone, though the warrant authorizes “forensic examination”. A DoJ spokesperson added: “At this moment, the status of the iPhone is not publicly available.”
FORBES contacted Apple and the Sacramento division of the FBI, but both declined to comment.
The digital case against Al-Jayab
Al-Jayab has been tracked by the US government for some time. “I strongly suspect that Mr. Al-Jayab has been under a microscope since his return to the United States in early 2014. I think there is almost nothing about his life during that time that the government does not already know. And the government has gone on record stating there is no indication that he planned any acts of terrorism in this country. So I don’t think there is any sense of urgency about the phones,” said Galloway.
Separate warrants from January granted access to four Facebook accounts police believe Al-Jayab either used or communicated with. A complaint containing quotes from social media profiles indicated Al-Jayab claimed to be fighting for Ansar al-Islam, a group that merged with ISIS in 2014. In some quotes, the suspect says he is fighting alongside “the State”, believed to be shorthand for Islamic State, or ISIS, according to the complaint.
Al-Jayab moved to America in 2012 as an Iraqi refugee. Sometime between October 2012 and November 2013, he used social media to delineate his plans to head to Syria to fight for terrorist organizations, according to a DoJ announcement this month. It claimed he did just that between November 2013 and January 2014, then returning to settle in Sacramento.
For both the Sacramento and Chicago cases, Al-Jayab is awaiting trial. He has already pleaded not guilty in Sacramento, where he is currently incarcerated.
The latest warrant, filed by one of the FBI’s Sacramento Joint Terrorism Task Forces, notes the iPhone and the Samsung were recovered from Al-Jayab on January 7, the day he was arrested in Sacramento. While the warrant has been granted, it has not been executed, according to court records, which lack any evidence obtained from the iPhone, even though the devices have been in the possession of the Sacramento FBI for nearly four months. The document reveals that in early February, an FBI special agent was able to bypass the lock on the Galaxy phone, which FORBES believes is a 5S model, and made a copy of the contents, though they have not yet been searched. The warrant does not detail any such bypass for the iPhone 6S.
Need for Apple assistance?
It may be that Al-Jayab neglected to use a passcode, or willingly gave it to investigators. But police could have a hard time cracking open the iPhone 6S (or any new iPhone) if it was protected with a code, like on the device that belonged to San Bernardino shooter Syed Rizwan Farook.
Al-Jayab’s iPhone 6S is a more recent model than the 5C Farook was given by his employer, San Bernardino County. The iPhone 6S came with a number of security improvements, such as “Secure Enclave” technology that “tangles” a passcode with another key and together they unlock the phone. When a user tries a passcode and is incorrect, the enclave ensures a delay between attempts, up to one hour after nine false guesses. It was previously thought by security researchers at Trail of Bits that any attempt to alter the Secure Enclave would result in all keys being destroyed and the data rendered inaccessible, but an Apple update like the one requested in the Farook case could undo all those security protections. The researchers later retracted that assessment, leaving questions around the security of newer models of iPhone. Then this week it emerged the FBI had hacked Farook’s device with third-party assistance, showing that at the very least, iOS 9 could be prized open.
With Al-Jayab in custody, it could have been possible to use his finger to unlock his phone using TouchID, but that could have been disabled by the accused. And, as detailed in a previous FORBES report, if a fingerprint hasn’t been used to open an iPhone in 48 hours, Apple forces the user to enter their passcode.
Meanwhile, in New York, the government is appealing a judge’s decision to prevent it using the All Writs Act to force Apple into providing data from an iPhone 5S as part of a narcotics investigation. The government said today it was happy for Apple to be given an extension to respond to the appeal. The tech giant must now respond on or before 15 April.
Another 12 requests have been made by the government between September 2015 and February 2016 under the All Writs Act for access to data on iPhones, according to a recently-filed letter from Apple’s lawyer.
And the Department of Justice is intent on getting through its “going dark” problem of getting access to encrypted data. Following the announcement it had hacked Farook’s device, a DoJ spokesperson said: “It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails. We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.”
Whatever the state of play in all the government’s investigations, it’s clear the Farook case was one of many upcoming battles between the FBI, Apple and the tech community at large.
This article was written by Thomas Fox-Brewster from Forbes and was legally licensed through the NewsCred publisher network.