Skip to main content

San Bernardino DA: Shooter’s iPhone May Be Trigger to ‘Cyber Pathogen’


Syed Farook and Tashfeen Malik, via ABC screengrab

The Apple vs. federal government face-off has a new wrinkle. The iPhone of San Bernardino shooter Syed Farook, who killed 14 people in a killing rampage in December, may have been the trigger to unleash a “cyber pathogen,” according to a court filing by county prosecutors.

Michael Ramos, the San Bernardino County district attorney, told a federal judge late Thursday that Apple must assist in the decryption, or unlocking, of Farook’s cell phone because it was a work phone. Now, let’s not forget, Farook was an environmental health services inspector for the county’s Public Health Department. This means that Farook’s iPhone was issued as part of the ISIS-aligned killer’s official Health Department duties.

In the court filing, Ramos said, “the iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure.”

This development adds a new layer to the debate. It indicates that the iPhone might hold more than just tertiary information on co-conspirators. Less than two weeks ago, FBI Director James Comey, said, “Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t.”

The San Bernardino District Attorney’s office, in a statement to Ars Technica, said there is a

compelling governmental interest in acquiring any evidence of criminal conduct, additional perpetrators, potential damage to the infrastructure of San Bernardino County, and in protecting the California Constitutionally guaranteed due process rights of the victims, deceased and living, arising from state crimes committed on December 2, 2015.

Jonathan Zdziarski, a prominent iPhone forensics expert, rebuked Ramos’s contentions outright, suggesting that Ramos is looking for a “magical unicorn,” one you might expect from “24” or “Homeland,” but one that has no basis in reality.

It sounds like he’s making up these terms as he goes. We’ve never used these terms in computer science. I think what he’s trying to suggest is that Farook was somehow working with someone to install a program on the iPhone that would infect the local network with some kind of virus or worm or something along those lines. Anything is possible, right? Do they have any evidence whatsoever to show there is any kind of cyber pathogen on the network or any logs or network captures to show that Farook’s phone tried to introduce some unauthorized code into the system?

He continued,

This reads as an amicus designed to mislead the courts into acting irrationally in an attempt to manipulate a decision in the FBI’s favor. It offers no evidence whatsoever that the device has, or even might have, malware on it. It offers no evidence that their network was ever compromised. They are essentially saying that a magical unicorn might exist on this phone.

Given the novelty of Ramos’s claims, either we’re all missing something, or he’s the crazy guy in the room spouting the truth we keenly reject.

[h/t ArsTechnica]

Have a tip we should know? [email protected]

Filed Under:

Follow Law&Crime: