View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 17, 2023

Hacktivists leak data apparently from digital forensics vendors Cellebrite and MSAB

The data was passed on to hacktivists Enlace Hacktivista by an anonymous whistleblower.

By Claudia Glover

A combined 1.83 terabytes of data has been leaked from two digital forensics companies. The information on Israeli platform Cellebrite and its Swiss competitor MSAB has been passed onto a hacktivism collective by an anonymous whistleblower. 

Spyware can be used to access the mobile phones of victims. (Photo by wee dezign/Shutterstock)

Hacktivism gang Enlace Hacktivista and non-profit whistleblower news site Distributed-denial-of-Secrets (DDoSecrets) have published the information in full. The companies say no sensitive data was leaked and their systems remain secure.

Spyware data leaked by whistleblower to hacktivists

Enlace Hacktivista, which is thought to operate out of central and Latin America, said in a brief statement: “An anonymous whistleblower sent us phone forensics software and documentation from Cellebrite and MSAB. These companies sell to police and governments around the world who use it to collect information from the phones of journalists, activists and dissidents. Both companies’ software is well documented as being used in human rights abuses.”

So-called ‘phone forensics’ programmes can be used as an advanced spyware similar to Pegasus, developed by another Israeli company, the NSO Group.

Analysis of the data has revealed that 103GB was released from MSAB leaving 1.7 terabytes of data leaked from Cellebrite. It is thought to contain details of the systems themselves, as well as technical documentation and some customer documents, though information on the identify of clients does not appear to be part of the database.

This is the second hacktivism attack on Cellebrite in five months. Last August four terabytes of data was donated to DDoSecrets by the global hacktivism collective Anonymous. The information was made up of the company’s flagship product Cellebrite Mobilology and data from the Cellebrite Team Foundation Server.

The leaked information was only accessible to researchers and journalists upon request from DDoSecrets. They do not appear to have exhibited the same level of caution this time around. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

What is Cellebrite and MSAB?

Cellebrite is best known for its flagship product Universal Forensic Extraction Device (UFED) which unblocks mobile phones and other devices by bypassing passwords and encryption. It then extracts data to be analysed by another product called Physical Analyser. This allows operators to analyse data and prepare reports. 

The website of Cellebrite’s parent company, the Sun Corporation, reveals that the UFED has been sold to police, military, law enforcement agencies and secret services in more than 150 countries.

A Cellebrite spokesperson said: “We are aware of the post. To be clear, we were not hacked. There was no sensitive information exposed. Additionally, neither Cellebrite’s systems nor customer information were jeopardized.

“The post contains files that are available to Cellebrite customers and will not work without an active license. The overwhelming majority (1.4 of the 1.7 TB) of the files are world maps and translation packs, which were likely included to inflate the size and gain undue attention.”

MSAB describes itself as a “world leader in forensic technology for extracting and analysing data in seized mobile devices. Its software was allegedly used in Myanmar during the military coup of 2021, where 860 protesters and bystanders were killed by security forces, with thousands injured and political prisoners apparently tortured MSAB does not deny its tools were sold to Myanmar, but says it did so legally when the country had an operating democracy.

The company has offices in the USA, Canada, the UK, Europe, Asia and Australia and its software is in use by clients including the UK police. 

A spokesperson claimed reports of a leak are “incorrect”. They said: “MSAB has not been hacked. All customer data is safe, and so are all systems, code, or information internal to MSAB.

“What has happened is simply this: An unauthorised party, using stolen customer credentials, logged in to a customer account and downloaded whatever product releases that particular customer was entitled to. Note that this does not include any license files that are needed to activate and actually use the products. Our systems and customer data remain well protected.”

Read more: Iranian citizens targeted by spyware

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.