NORTH DAKOTA (KXNET) — It appears that investigators may have been able to recover some of former North Dakota Attorney General Wayne Stenehjem’s emails.
Stenehjem died suddenly in January 2022.
The next day, his executive assistant told state IT workers to delete Stenehjem’s email account, which was said to be standard protocol.
Last year, the state legislature passed a law that requires department heads not to delete those records if something happens.
But less than a week later, Stenehjem’s family took his cell phone to BCI, asking if they could get into the phone and save some of Wayne’s pictures.
Investigators told KX News that BCI had previously used a program, Graykey, to look into cellphones, but said they were unable to get past Stenehjem’s code.
However, on Valentine’s Day, investigators used an updated version of Graykey, which found the phone’s passcode, then said the phone went into error mode and was unavailable.
This week we learned that BCI has switched to the “Cellebrite Premium” program since last June.
Last month, it appeared that the program may have automatically extracted a copy of Stenehjem’s emails since he was using his phone to access his work emails.
Bismarck State College cybersecurity instructor Nick See said that if the phone is a newer version, the security system can also be difficult to hack and that investigators just have to wait until they find someone who eventually finds the vulnerability in the phone.
Vidi also explained that there is certain software that they use at the state level to access information or delete it as needed.
“Assuming that the appropriate IT steps are taken, and one of those IT steps is usually, I think in a government environment you would have a mobile device management device software that would be put on that personal phone that allows it to connect to work resources. And should someone steal that phone because that’s kind of personal information for an organization, but there’s a way with that mobile phone management software to basically throw out an update that says jailbreak the phone or wipe everything. Or something similar that will delete all that business stuff. That the phone made backups and uploaded them to the cloud. Then you could go to that cloud provider and retrieve those backups as well,” See said.
We are not sure if Stenehjem or anyone else took these actions with their phone.
However, current Attorney General Drew Wrigley says BCI notified him of the development last month.
BCI said there were state government emails on Stenehjem’s phone when they used Cellebrite to extract them.
North Dakota Democratic leaders, meanwhile, are calling for more information to be shared about the latest information about what’s happening with the email.
Dem-NPL party chairman Adam Goldwyn said: “Today’s revelation shows that we cannot back down from pressing for a thorough investigation into this matter. We need to see these emails immediately; they belong to the people of North Dakota. Bismarck’s club of good old boys cannot keep us in the dark.”