Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Denies It Held iPhone UDIDs Stolen By AntiSec

Unknown Lamer posted about 2 years ago | from the it-was-actually-the-nsa dept.

Crime 216

judgecorp writes "The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"

cancel ×

216 comments

Sorry! There are no comments related to the filter you selected.

So where did they come from? (5, Insightful)

fustakrakich (1673220) | about 2 years ago | (#41233525)

The FBI... What, does anybody expect them to admit it?

Re:So where did they come from? (1)

siddesu (698447) | about 2 years ago | (#41233551)

Nyet. J. Edgar Hoover.

Re:So where did they come from? (5, Funny)

Sarten-X (1102295) | about 2 years ago | (#41233605)

On the other hand, finding the names of agents is pretty easy, and dropping one makes for a much juicier story than "AntiSec managed to get a UDID-sniffing trojan into the app store".

In the absence of any further evidence, I must assume that everybody's lying. The real story is that the UDIDs were harvested wirelessly using petahertz radio scanners mounted on the invisible black helicopters flown by the lizard aliens who, due to their shared ancestry with birds, make excellent pilots, even in aircraft that are based on Martian stealth technology (which is why we're giving the Martians our nuclear-powered cars now).

So where does that assumption get you? (5, Funny)

Anonymous Coward | about 2 years ago | (#41233659)

The FBI are lying about it not being theirs and ANON are lying it about it being theirs.

Is this some sort of Schroedinger's laptop?

Re:So where does that assumption get you? (4, Funny)

jythie (914043) | about 2 years ago | (#41233933)

I do not know how.. I do not know when... I do not even know why.. but I will find and excuse to use the phrase 'Schroedinger's Laptop' someday.

Re:So where does that assumption get you? (1)

dr2chase (653338) | about 2 years ago | (#41233965)

Quantum dual boot?

Re:So where does that assumption get you? (0)

Anonymous Coward | about 2 years ago | (#41234177)

A laptop that boots and doesn't boot at the same time ?

Re:So where does that assumption get you? (2)

Sarten-X (1102295) | about 2 years ago | (#41234187)

A small sample of a radioactive isotope in front of a Geiger counter attached to a GPIO pin, whose value is used by the bootloader to pick which OS to load. If the isotope has decayed (and emitted a particle toward the sensor) recently enough that the pin is high, boot Debian. If the sample has been stable long enough that leakage has grounded the pin, boot Fedora.

This is AWESOME! Another triumph of mad computer science!

Re:So where did they come from? (3, Interesting)

crazyjj (2598719) | about 2 years ago | (#41233817)

In the absence of any further evidence, I must assume that everybody's lying.

Except that Anon has real evidence in this case, and specifics. The FBI is just issuing a blanket denial. And, for that matter, if this agent is real and doesn't do this, why aren't they hiding him and not making him available for interviews? Seems like he would be the most credible source to deny it.

Re:So where did they come from? (1)

bluefoxlucid (723572) | about 2 years ago | (#41233997)

Yes because I totally did not have sexual relations with that donkey.

Re:So where did they come from? (0)

Anonymous Coward | about 2 years ago | (#41234013)

The "AntiSec" guy has no evidence. He could have done what he says he did. Or he could be completely lying. There is no evidence whatsoever either way. Don't make stuff up.

Re:So where did they come from? (3, Insightful)

NatasRevol (731260) | about 2 years ago | (#41234111)

Or they could have hacked some small developer who wasn't overly careful with his records and AntiSec ended up with a few real UDIDs.
Then blamed it on the FBI.

Or they could have hacked an FBI laptop, just the one that had Apple UDIDs on it.

I have no idea, but I have heard of Occam's Razor.

Re:So where did they come from? (4, Insightful)

Sarten-X (1102295) | about 2 years ago | (#41234145)

I have a few agent business cards in my desk at home. I could claim any one of them gave me a receipt that proves Lee Harvey Oswald's innocence. I could show you a receipt dated November 22, 1963. The agent I name could deny it, of course, but then his denial could just as easily be dismissed as "protecting his job" or some other obvious ploy.

Anon has shown only that they:

  1. have UDIDs, some of which are valid
  2. have the name of an FBI agent

There is no evidence that the UDIDs actually came from the FBI. There is no evidence that Special Agent Stangl is related to the case in anything but name, and any statement from him must be considered questionable, just as any statement from Anonymous must also be questionable.

As the saying goes, extraordinary claims require extraordinary proof, and there is very little actual proof available... just names and numbers mentioned in close proximity.

Re:So where did they come from? (4, Insightful)

crazyjj (2598719) | about 2 years ago | (#41233779)

Wouldn't it be nice to think the FBI would ever release a press release with the header "Yes, We Screwed-Up and Yes, We're Illegally Spying on You." But inevitably, that's the kind of admission that only comes out decades after the fact. It's not like if you had asked J. Edgar Hoover "Hey are you spying on Martin Luther King with illegal wiretaps and recording devices?" back in the 60's he would have replied "Oh yeah, we're doing that."

Re:So where did they come from? (2)

Lumpy (12016) | about 2 years ago | (#41233897)

FBI can legally spy on you. It's the CIA that cant legally spy on you.

Re:So where did they come from? (2)

crazyjj (2598719) | about 2 years ago | (#41233991)

FBI can legally spy on you.

Not without a warrant. Care to guess whether or not they had one when they were putting recording devices in Martin Luther King's motel rooms and home?

If you answered "No," congratulations.

Re:So where did they come from? (3)

tmosley (996283) | about 2 years ago | (#41234121)

Wow, a time traveler has come to us from some time before 9/11/2001. Tell me, friend, what is it like to live in a free society? It has been so long I have forgotten.

Re:So where did they come from? (2)

Yvanhoe (564877) | about 2 years ago | (#41233913)

Usually they blame a subcontractor.

Re:So where did they come from? (1)

crazyjj (2598719) | about 2 years ago | (#41234041)

From their perspective, this is no doubt a beneficial side-effect of the massive expansion [amazon.com] of the private national security industry since 9-11. I guess at least it's providing jobs.

Re:So where did they come from? (0)

Anonymous Coward | about 2 years ago | (#41233797)

The FBI... What, does anybody expect them to admit it?

No more than anybody expects you to believe them when they actually DIDN'T do anything.

Re:So where did they come from? (0)

Anonymous Coward | about 2 years ago | (#41234001)

They've cried wolf a few too many times for us to just take them at their word. Do you believe every inmate who says they're innocent?

Re:So where did they come from? (5, Interesting)

falcon5768 (629591) | about 2 years ago | (#41233815)

Only people foolish enough to think antisec actually cares about being truthful would think that. Lets face the facts here

12 million is a piss in the pond in terms of iOS UDID codes. Its less than half the iPhones sold LAST QUARTER. If the FBI was realistically trying to build a database of them, there is no way at this point they would ONLY have 12 Million.

12 million is more easily explained by being leaked from a developer, as up until half a year ago, developers were using the code to identify individual iPhones for various reasons like automatic sign-in to certain services like some of the multiplayer game services. Apple banned them from using it though half a year ago so at this point there was no reason to keep.

The data it's self was incomplete. Some had legit names and addresses while most were just a ID code. If this was from a official source then there would have been a lot more data on most of these. On the otherhand if it was stolen from a developer who let users opt out of giving their information but used the code for autologin purposes, then there would be clear reason why most of the data has no user info attached.

Antisec is still smarting from getting much of its higher ranking leadership arrested from a FBI plant

So really there is no reason AT ALL to believe antisec's claims that they stole the info. There is however a lot more reason to suspect they were trying to stir the pot in the tech community by stoking already present fears of FBI spying which they did a pretty good job at. It gets clueless script kiddies riled up and makes them look cool. Sure the FBI can be shady, but of the law enforcement agencies out there I would honestly have to say they are the least shady of the bunch and tend to release information without bending the truth too much, even when it has the possibility of embarrassing them. Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.

Ya no shit (0)

Sycraft-fu (314770) | about 2 years ago | (#41233995)

I'm not saying we should just blindly believe the government, but it is even stupider to blindly believe random wanna-be hackers.

The FBI actually does have some reason to tell the truth. Law enforcement often has a pretty strict policy for public statements of "Tell the truth, else say 'no comment'" This isn't for altruistic reasons so much as to make sure they don't leak anything relating to a case they don't want to. The idea is that stuff either is or is not approved to be released and if it isn't you just don't talk about it. The reason is that if you lie, the lies could accidentally lead people to the truth.

Sort of the reverse of why you don't talk to the police in interrogations. If you sit there and lie, rather than mislead them it can actually end up leading them to the truth. However if you just shut up and don't say anything, they get no information.

So while I'm not saying I'm going to believe the FBI 100% here, antisec needs to provide more proof. They have plenty of reason to make shit up

Re:So where did they come from? (1)

fustakrakich (1673220) | about 2 years ago | (#41234009)

Only people foolish enough to think the FBI actually cares about being truthful would think that.

You're welcome. The first one is always free. More likely you're half right. Both sides are lying. But for anybody to believe that the FBI doesn't harvest this info, is an exercise in naivety.

Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.

Not sure what you base that on. Getting anything out of the FBI usually takes reams of FOI requests... I've rarely, if ever that I can remember, seen them come forth without them. They have every reason in the book to deny everything. SOP

File name instructive (3, Interesting)

Anonymous Coward | about 2 years ago | (#41234227)

"NCFTA_iOS_devices_intel.csv'

National Cyber-Forensics and Training Alliance(1) is that FBI-sponsored industry cybersecurity PR, lobbying, and info-sharing consortium that was going to replace CERT et al, make sure the Bureau's position on cybersecurity was advanced, and pass out a lot of white hats to all the "Walker, Cyber Ranger"s out there. Stangl (sic) apparently may have some role there. As others have pointed out, the data could have come directly from Apple.

So maybe the Fibbies are *technically* truthful here. It's called plausible deniability. That's why you have captive shadow orgs like NCFTA, ostensibly not taxpayer funded. Congress won't oblige your agency's agenda or funding? Just set up a non-profit org. They can do things you can't. Welcome to "continuity of government", though this process is now largely a quaint and unneccessary anachronism in a post PATRIOT, post DMCA, post NDAA, executive order, UN Treaty, Homeland Security world. That kind of deceptive charm may be it's only lingering utility, in fact. Sugar-coating and Cosmetics are big business, after all.

(1) http://yro.slashdot.org/index2.pl?fhfilter=NCFTA

Re:So where did they come from? (1)

Sez Zero (586611) | about 2 years ago | (#41234229)

The FBI... What, does anybody expect them to admit it?

FBI: Hello, Supervisor Special Agent Christopher K. Stangl, would you please step under this bus? We don't want to throw you.

Collection != leak (3, Interesting)

AwaxSlashdot (600672) | about 2 years ago | (#41233537)

There are 3 issues here:
* who collected them ? (most probably an app)
* who "lost" them ? (AntiSec claim they found it on a FBI agent laptop they compromised)
* how the data went from #1 to #2 ?

And the 3rd one is the most interesting.

Re:Collection != leak (0)

Anonymous Coward | about 2 years ago | (#41233663)

yeah, maybe the agent is investigating somebody who is stealing udids and if they say "oh yes this was part of our investigation into udid theft" the tinfoil freaks will still wouldn't believe it anyways and the crooks will close up shop and hide out. so basically anti-sec just disrupted an investigation into an internet crime (and i mean real crime for once not piracy) way to go script kiddie assholes.

Re:Collection != leak (1)

zill (1690130) | about 2 years ago | (#41233673)

I see several people mentioning it was a Trojan app, but then where did the addresses and zipcodes come from?

Do people actually store addresses and zipcodes on their phones?

Re:Collection != leak (2, Funny)

Anonymous Coward | about 2 years ago | (#41233841)

> Do people actually store addresses and zipcodes on their phones?

No grandpa, no one would ever have addresses and zip codes in a phone! That wouldn't make a lick of sense!

they came from my balls (-1)

Anonymous Coward | about 2 years ago | (#41233539)

who gives a shitty dicknip

Re:they came from my balls (0)

Anonymous Coward | about 2 years ago | (#41233783)

Your mom. Oh wait, no, she gave me a shitty dicknip.

Possibilities... (3, Insightful)

Severus Snape (2376318) | about 2 years ago | (#41233563)

1. AntiSec is lying.
2. FBI is lying.
3. AntiSec is telling the truth and the FBI's methods of obtaining the UDID codes means they can't admit to it.

Re:Possibilities... (1)

Anonymous Coward | about 2 years ago | (#41233599)

Point 3 is redundant after point 2.

Re:Possibilities... (3, Insightful)

jfdavis668 (1414919) | about 2 years ago | (#41233665)

Another option, AntiSec hacked someone pretending to be an FBI agent. I have run across people like this, who are trying to con you or just getting their jollies.

Re:Possibilities... (1)

Impy the Impiuos Imp (442658) | about 2 years ago | (#41233705)

"Dwight, pull over. Dwight, stop throwing weapons out of the car. Dwight..."

Re:Possibilities... (1)

zill (1690130) | about 2 years ago | (#41233741)

Wait, so you're saying there's a con man out there who pretends to be an FBI agent and he somehow has the personal information of a million iPhone owners?

Re:Possibilities... (1)

jfdavis668 (1414919) | about 2 years ago | (#41233831)

If it is real data, no. I have tools that create test data which can make millions of very realistic records. Has Apple verified it?

Re:Possibilities... (2)

zill (1690130) | about 2 years ago | (#41234021)

It's been publicly verified. Since the data is public, any iOS user can see [dazzlepod.com] if their device is on the list or not.

This whole discussion is moot if it's just junk data. Whether FBI, Anonymous, or some other party collected the data, its very creation means that laws were broken.

Re:Possibilities... (1)

slackware 3.6 (2524328) | about 2 years ago | (#41234101)

If you generate a million phone numbers some one is going to find their number in the list.

Re:Possibilities... (1)

vlm (69642) | about 2 years ago | (#41233929)

Another option, AntiSec hacked someone pretending to be an FBI agent. I have run across people like this, who are trying to con you or just getting their jollies.

Infinitely more likely is they hacked a civilian employee or contractor of the FBI who merely happened to have the named agent log into the laptop once, or maybe the named agent worked closely with the civilian. That way the FBI can truthfully deny, yes, indeed, the FBI has no UDIDs...

They also VERY SPECIFICALLY stated that no "FBI laptop was compromised". This is very important. The MIB might have copied the file onto his personal laptop, or it was technically a FBI leased laptop instead of being a FBI owned laptop, or in some sharing arrangement the laptop was technically owned by the treasury dept as some kind of expense sharing arrangement, or the FBI gets this data (from apple?) by having apple mail a apple owned laptop full of data to the FBI, or its part of a cooperative cross departmental arrangement where the NSA provides the hardware, the FBI provides the men on the ground to lean on apple to release the data, and the DSA provides physical security/office space, so technically in the narrowest possible definition yes that is not a "FBI" laptop.

Re:Possibilities... (1)

cornicefire (610241) | about 2 years ago | (#41233723)

Another option is that some third agency, as yet unnamed, officially owns the UDID values, and they were just sharing them with this guy. The agencies always play this game. They'll say "No one at ABC did this" knowing full well it was someone at the XYZ agency who was assigned to ABC. In the mean time, XYZ will deny authorizing anyone to do it, knowing full well that the authorization was done by someone at ABC.

Re:Possibilities... (1)

jfdavis668 (1414919) | about 2 years ago | (#41233887)

I agree, Another possibility.

Re:Possibilities... (1)

a_n_d_e_r_s (136412) | about 2 years ago | (#41234253)

You pulling the NSA card out of your hat ?

Re:Possibilities... (1)

guises (2423402) | about 2 years ago | (#41233911)

It seems possible to me that the FBI had the UDIDs but didn't know it. With warrantless searches now the norm and the unscrupulous attitude that that implies, agents don't have or expect the oversight that they used to. So it could easily be that an agent collected those, thinking it was no big thing.

Re:Possibilities... (1)

IMathGood (2722541) | about 2 years ago | (#41234219)

1. AntiSec is lying. 2. FBI is lying. 3. AntiSec is telling the truth and the FBI's methods of obtaining the UDID codes means they can't admit to it.

aren't 2 and 3 the same thing?

Re:Possibilities... (1)

gman003 (1693318) | about 2 years ago | (#41234257)

4. They're both lying
5. AntiSec isn't deliberately lying, but were misinformed (eg. the list was actually used by $sinisterGovernmentAgency, but they were masquerading as FBI for some sinister reason)
6. The FBI isn't deliberately lying, but those speaking were misinformed (eg. it was part of some project spearheaded by some upstart who didn't get authorization)

Misleading headline. (5, Insightful)

Anonymous Coward | about 2 years ago | (#41233569)

From TFA: "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data"

Saying there's no evidence isn't the same as saying it didn't happen.

Re:Misleading headline. (1)

benjamindees (441808) | about 2 years ago | (#41233725)

That just means they destroyed all evidence of having collected the data in the first place. You see, the US now practices "quantum" intelligence gathering. If they collect data, but don't look at it, it's the same as never having collected it to begin with. Likewise, if they collect data, and lose the data, and then delete the evidence that they collected the data, and deny that they lost the data, everything turns out fine. It's all very complicated physics that you wouldn't understand, documented in detail in the Back To The Future movies. The lost data should begin erasing itself any minute now. Any. Minute. Now.

Re:Misleading headline. (1)

Shavano (2541114) | about 2 years ago | (#41233799)

Proving a laptop has not been hacked is impossible. If the FBI determines data that were on his laptop have been compromised they'll send him back to data security 404 and give him a new laptop.

Re:Misleading headline. (3, Insightful)

crazyjj (2598719) | about 2 years ago | (#41233881)

Yeah, anytime you're dealing with a government press release or statement you have to CAREFULLY parse the language. These things are carefully crafted to imply things they don't actually say. "I personally have no knowledge of such an event happening" is NOT the same as saying "This event didn't happen." There are a million ways to imply things without saying them, and a dumb and gullible press will usually swallow them hook-line-and-sinker 99% of the time.

Re:Misleading headline. (1)

JBMcB (73720) | about 2 years ago | (#41233953)

No, but if you're claiming you hacked into an FBI laptop and stole data that the FBI claims doesn't exist, you'd better have *some* sort of proof.

Maybe a script kiddie hacked into an AT&T server and got the UDIDs, but claiming that they hacked into the FBI would make them sound cooler.

Which is more likely (2)

thePowerOfGrayskull (905905) | about 2 years ago | (#41233577)

Which is more likely - the fbi just happened to lose a laptop with millions of UDIDs that it had no reason to have and anonymous just happened to find that particular laptop? Or that someone in anonymous wanted to make waves and so made a bold (but unverifiable) claim?

Pardon me, I need to go shave.

Re:Which is more likely (2)

siddesu (698447) | about 2 years ago | (#41233609)

In a perfect world, the second would be more likely. However, if you stack it againt the hundreds of cases every year where officials or executive lose equipment with mega or gigabytes of personal information, I'd say that IRL the first is at least as likely as the second.

Re:Which is more likely (4, Insightful)

Gaygirlie (1657131) | about 2 years ago | (#41233619)

Laptops are being lost all the god damn time and Anon is a very, very large group of people -- I'd say the chances are actually darn good. Also, I'd say the chances are darn good for FBI to lie whenever something like this happens, just for the sake of looking good in the eyes of the general public and for painting anyone who disagrees in bad light.

As for unverifiability: apparently some of those UDIDs have already been verified.

Re:Which is more likely (2)

flaming error (1041742) | about 2 years ago | (#41233717)

"Chances are darn good"?

I don't know the numbers, but I believe the formula would look something like this:

(odds fbi collects apple udids) * (odds udids kept on agent's laptop) * (odds of fbi agent losing laptop) * (odds member of anonymous finds it)

I think that product will be a pretty small number.

Re:Which is more likely (1)

EasyTarget (43516) | about 2 years ago | (#41233787)

Actually it looks like this:

(1) * (1) * (odds anon target well known fbi man and hack into his laptop over the evil internet)

Re:Which is more likely (1)

Terrasque (796014) | about 2 years ago | (#41234243)

The odds of them hacking an FBI laptop is pretty damn good considering:

1. FBI is probably investigating AntiSec
2. AntiSec knows that FBI are probably investigating them
3. New security hole for Java released, not patched
4. Lots of government'y stuff use Java

AntiSec could just make a page using that security hole and "accidentally" let it slip to the FBI, and pronto, one (or many) hacked FBI box(es) served right up.

So, the chance of them gaining access to a few FBI boxes are rather high, all considering. And the chance of them finding *something* interesting on one of them is also rather high IMHO (birthday paradox theory).

Re:Which is more likely (0)

Anonymous Coward | about 2 years ago | (#41233937)

Laptops are being lost all the god damn time

Well, duh. Did anyone say otherwise? The operative part of that was "a laptop with millions of UDIDs that it had no reason to have". Beyond the question of why the FBI would need them at all, there's no reason something like that would be on a laptop, let alone an SSA's. Something that dry and supplmental isn't something any investigator is going to need to carry around with them - that's for analysts, not field agents, let alone senior ones who spend most of their time supervising and directing their juniors. And any DoJ/FBI computer, especially a laptop - for the obvious, common-sense reason you gave - is going to have encryption forced on it, usually smartcard-based. There's a million holes in the idea that a senior special agent was walking around with a list of millions of Apple UDIDs on his laptop, lost said laptop, and neckbeards were able to get into it, finding nothing to release or publish except said list. Especially since Anon is usually all over dumping anything they can when they have a chance to humiliate an agency, like dumping their email, personal documents, internal memos.

Re:Which is more likely (1)

JBMcB (73720) | about 2 years ago | (#41234035)

Also, I'd say the chances are darn good for FBI to lie whenever something like this happens, just for the sake of looking good in the eyes of the general public and for painting anyone who disagrees in bad light.

I find it very difficult to believe that this, the most *transparent* administration in recent history, would allow such lies to be promulgated.

Re:Which is more likely (1)

EasyTarget (43516) | about 2 years ago | (#41233641)

Anonymous targeted the FBI guy, he is moderately senior and very active + well known in white-hat circles; what goes around, comes around. .. or in your haste to fud did you skip the article, and all the articles yesterday, where it is made clear he was hacked and did not 'lose' his laptop.

Re:Which is more likely (1)

Cronock (1709244) | about 2 years ago | (#41233675)

There were quite a few apps that were caught collecting UDIDs, if I remember correctly. It's not actually all that far-fetched to believe that somebody, in order to gain some "street cred" actually obtained it in this manner, then released it saying it had come from the FBI to undeservingly inflate their reputation.

Re:Which is more likely (1)

wbr1 (2538558) | about 2 years ago | (#41233695)

The FBI did not lose the laptop. According to Anonymous, it was broken into using a Java exploit.

Re:Which is more likely (1)

circletimessquare (444983) | about 2 years ago | (#41233795)

I don't trust Anonymous more or less than the FBI, but the motivation to pull this story out of their ass seems smaller than an FBI stooge's motivation to deny and cover their ass.

FBI brass might even be pitted against FBI agent: brass said don't get the UDIDs and the agent went and obtained them anyway. The FBI is a large bureaucracy with complicated relationships between semi-independent operatives, and it's possible there is low coordination between FBI spokesman and FBI worker. Anonymous may have more operational integrity, at least on this isolated issue.

Is your barber named Occam?

Re:Which is more likely (0)

Anonymous Coward | about 2 years ago | (#41233879)

That's funny. Funny you think companies aren't hilariously ignorant to the fact they are carrying millions of peoples sensitive information.

Why, I remember when someone in the UK "lost" (forgot to pick up the damn) laptop with millions of peoples financial information on it. 2 discs worth I think it was.
NO encryption in the slightest.

You'd think these damn SECURITY agencies would use encryption.

Cat's out of bag. (1)

Ostracus (1354233) | about 2 years ago | (#41233601)

"The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"

Maybe from a soon to be blown case were the FBI is investigating an anonymous hacker group?

Re:Cat's out of bag. (1)

crazyjj (2598719) | about 2 years ago | (#41233959)

Maybe from a soon to be blown case were the FBI is investigating an anonymous hacker group?

Or evidence that they're building a giant fishing net (with ALL of us in it) for future fishing trips. When there are 12 million entries in a database on a single laptop, all just from iPhones and iPads alone, I tend to think this is much larger than just some individual investigation. Shit, that's over 10% of Apple's *ENTIRE* active U.S. iPad and iPhone userbase, on that one laptop alone. That's not from any one investigation, or even several.

Aliens. (1)

craznar (710808) | about 2 years ago | (#41233615)

We all know that alien computers talk seamlessly to Apple devices.

So the aliens have been collecting them for years.

What took the aliens so long to publish them - was talking to a Dell Windows laptop.

Issue? (2, Interesting)

symes (835608) | about 2 years ago | (#41233621)

This is not something I know a great deal about, but surely the UDID is pretty easy to get hold of. Surely most suppliers will keep a record for warranty/insurance reasons. AFAIK, many apps can access this information. ITunes relies on it. These data could just be from the FBI looking for patterns of insurance fraud, or similar. And I wouldn't be surprised if a load or organizations hold this sort of data for a range of gadgets. I bought a fridge a while back and had to send the serial number off to some third party to have my warranty set up. I am happy to be corrected though, and told this is a huge privacy thing.

Re:Issue? (1)

Sarten-X (1102295) | about 2 years ago | (#41233711)

This is a huge privacy thing, just like any American's Social Security number. You know, that number where the last four digits are used frequently for identification to third parties, the first three are based on where you were born, and the middle two are based on when you were born...

Being a privacy issue doesn't necessarily mean it's kept particularly secure.

Re:Issue? (1)

O('_')O_Bush (1162487) | about 2 years ago | (#41233739)

Any app developers out there? If it is anything like Android, any app with sufficient privileges can send the phone's unique identifier to a server to be stored. Whether it be the hash looking thing for the phone itself, or the phone number for that account.

Re:Issue? (1)

platypusfriend (1956218) | about 2 years ago | (#41234205)

Access to the UDID is deprecated. iOS developers now have to generate and maintain their own UUID, which can of course be wiped by the phone owner. The reason for this, at least partly, is so phones aren't permanently tied to service X or Y when the device changes ownership. --- http://developer.apple.com/library/ios/#DOCUMENTATION/UIKit/Reference/UIDevice_Class/DeprecationAppendix/AppendixADeprecatedAPI.html [apple.com]

Re:Issue? (1)

Bogtha (906264) | about 2 years ago | (#41234077)

Surely most suppliers will keep a record for warranty/insurance reasons.

The UDID is separate to the serial number; there's no reason to use the UDID for this purpose.

This sort of fits... (5, Informative)

Revotron (1115029) | about 2 years ago | (#41233635)

...with the general attitude I saw from Slashdot regarding the original story. It almost sounds like a complete fake just because what the hell would the FBI possibly do with a deprecated SHA1 hash of a few device-unique identifiers? Verify that their super-secret gub'mint database of everyone's iPhone MAC addresses and MEIDs has no row errors?

It's worth reiterating from the other story that Apple doesn't even accept apps that reference the UDID any more, and it was never used as a security or authentication feature in the first place. It's like saying "lol, you got pwned, I just got the MD5 hash of your entire hard drive, LULZ LULZ LULZ WE ARE ANON"

If the FBI really wanted some useful information, they could swipe your ESN/MEID and track you down to a cellular level. Hell, they probably already have. Smile at the camera!

Re:This sort of fits... (1)

wbr1 (2538558) | about 2 years ago | (#41233781)

If the DB contained names and other person identifiers (which were supposedly stripped before release), then if an FBI agent snatched a phone briefly, it could be used to quickly verify the phones owner.
In addition, even though its use as a device identifier is depreciated, apps still use it, and could be used to spoof authentication to certain apps central servers, thereby allowing the holder (if the UDID was used as the single form of ID), to mine data from the app, or log in as you from a jailbroken iDevice.

Re:This sort of fits... (0)

Anonymous Coward | about 2 years ago | (#41233861)

then if an FBI agent snatched a phone briefly, it could be used to quickly verify the phones owner.

This is a big problem lately. Why just the other day, some guy in a black suit and sunglasses came up to me, snatched my phone, scanned it with a little scanjigger and I was just like "Aw man now they're going to know that that was my phone!".

Re:This sort of fits... (1)

Revotron (1115029) | about 2 years ago | (#41233941)

other person identifiers (which were supposedly stripped before release)

Hopefully you can understand why I have my doubts in this scenario. It's like Joseph Smith and the gold tablets. "Only I'm allowed to see them, so I'll stare into this top hat and read everything to you."

Also, apps (and app updates) from the last year or so that use the UDID in any way have been rejected by Apple on that basis alone. Any app that uses the UDID as its sole authentication mechanism would hopefully not contain any sensitive personal information, and fortunately anyone that dumb probably couldn't code their way out of a wet paper bag.

I could be completely wrong and the FBI might just like to track some magic hashes for shits and giggles, but I think it's far more likely that Anon slipped some random fart app through to collect a bunch of UDIDs and used the conveniently-timed Java vulnerability to conjure up a believable breach scenario.

Plausible deniability (1)

GeekWithAKnife (2717871) | about 2 years ago | (#41233677)

If the data is obtained illegally, without due process that's all the FBI really needs to do. "It wasn't me". Of course, as history might educate us, later on they might u-turn and pull one of those "Well actually..." So if the data is real, it came from somewhere, someone was holding it, who was it? I thank the FBI for its response as it will only spur further investigation. Let's get down to the bottom of this.

I hate to be the one to say this... (2, Insightful)

tekrat (242117) | about 2 years ago | (#41233693)

But I trust the hacker group more than I trust the FBI.

It's more likely the FBI is lying to cover up something. I mean, we're talking about the *government* -- not exactly our best and brightest, but definitely good at the "cover your ass" game.

Re:I hate to be the one to say this... (5, Insightful)

PRMan (959735) | about 2 years ago | (#41233895)

Exactly. Anonymous and Antisec have seemingly been completely honest in the past, when it comes to claiming responsibility for hacks. The FBI is known to lie and cover up. Given past experience, Antisec is more likely to be telling the truth.

Phew! (1)

hackula (2596247) | about 2 years ago | (#41233709)

Sigh... What a relief!

At least two possibilities (1)

MikeRT (947531) | about 2 years ago | (#41233743)

1. They're just lying. This is the FBI, after all. The group whose IG basically called their field agents a bunch of incorrigible criminals when it came to obeying the law on when and how to use National Security Letters from 2006 onward.

2. This was done by a few agents and their management and the FBI leadership and public relations genuinely had no idea that some of their people were soliciting and/or receiving (solicited or not) such information. If this be the case, I wouldn't be surprised if the FBI throws this agent under the bus and runs it over him several times for a federal offense or two related to dragneting. It's not that they'd be genuinely upset by him getting this data, so much as the FBI does not suffer employees who make it look bad for any reason (I have relatives who used to be federal law enforcement, and they used to refer to the FBI as publicity whores).

cause it's not like they would lie, is it? (1)

chris.alex.thomas (1718644) | about 2 years ago | (#41233747)

I mean, if the FBI says it didnt happen, then it didn't happen, right guys??

"Misinformation" (1)

lkcl (517947) | about 2 years ago | (#41233751)

uhnnn.... is this the same FBI that was to be involved with the *deliberate* disinformation "strategy" - if it can be called that - to put out complete whopper lies and try to back-track where they came from in order to catch "terrorists" and other criminals?

Odds are (0)

Anonymous Coward | about 2 years ago | (#41233765)

Odds are the FBI is trying to get Antisec to release the remaining information so they can be tracked and identified.

1. The information is not a direct security threat to the FBI so they have no concern in protecting it.

2. The fact the hacker group gave themselves a unique name "AntiSec" will make it a lot easier to pattern match and track them down. In fact I would bet the FBI already has a majority of the leg work done and they are just waiting to spring the trap.

3. The FBI has a proven history of not being trustworthy.

Let's see whay AntiSec does and how careful they are at doing it.

Re:Odds are (2)

EasyTarget (43516) | about 2 years ago | (#41234073)

"unique name "AntiSec" will make it a lot easier to pattern match and track them down"

For instance, if (as I just did) you type it into google; you get taken straight to the homepage of their leader, complete with pictures of his monorail.

Someone really needs to kick the FBI's asses over this, I mean, why are they taking so long to arrest them all when it's so easy.

The agent is a hacker (1)

Cigarra (652458) | about 2 years ago | (#41233767)

Maybe the FBI agent (the laptop owner) moonlights as a hacker.

This could get interesting... (2)

Atomus (2500840) | about 2 years ago | (#41233793)

Now that the FBI basically rejected AniSec's claims and Adrian Chen put on a pink tutu with a shoe on top of his head (Source: Link [gawker.com] ), AntiSec can now respond to the FBI's denied claims. I just threw some popcorn in the microwave.....

Here is the Deal (1)

M0j0_j0j0 (1250800) | about 2 years ago | (#41233801)

You help us ban our competition; we will give you full access to our data deal??

Re:Here is the Deal (1)

benjamindees (441808) | about 2 years ago | (#41233905)

We'll also help you with that pesky "citizens recording things they shouldn't" problem.

FBI Sux (0)

Anonymous Coward | about 2 years ago | (#41233857)

Anyone who believes anything the FBI says is a complete idiot. Their main job is to lie to the public. Welcome to 1984.

Fourth possibility (1)

puddingebola (2036796) | about 2 years ago | (#41233869)

Fourth possibilty: Hacker group is telling the truth, FBI doesn't know of existence of laptop, FBI didn't know information was on laptop, maybe agent that illegally obtained information had on laptop, FBI can deny in complete ignorance. Fifth possibility: IDs obtained by aliens in Hangar 18 and placed on laptop. Occam's razor is a lie.

Sounds familiar.. (1)

BVis (267028) | about 2 years ago | (#41233877)

"There are no tanks in Baghdad!"

TRIFECTA (0)

Anonymous Coward | about 2 years ago | (#41233945)

Perhaps the perp is a triple agent CIA posing as FBI and Anon obfuscate the CIA role in survelance and data gathering against US citizens, the laptop and agent name as a red herring, what is the actual operational design, it is for this disinformational debreifing to disguise ; )

Iphone/ipad ap (0)

Anonymous Coward | about 2 years ago | (#41233961)

Scan to PDF - http://itunes.apple.com/us/app/scan-to-pdf-scan-multi-page/id549095412?ls=1&mt=8

This app turns your iPhone or iPad into a Handy Scanner, Fax, File Storage or an Air Printer in your pocket. It lets you scan high quality multi-page documents, print it to any AirPrint capable printer in your wifi network, email it or save it to a document folder on your device, post it to Google Docs or fax it to any fax number, directly from your iPhone, iPad or iPod Touch.

A highly useful app designed for individual or businesses use.

I'm more inclined to believe AntiSec (2)

realsilly (186931) | about 2 years ago | (#41233969)

...based on the information they put out.

And the disinformation tactics of Govt. agencies. I think the FBI is try to call the AntiSec bluff, to get them to release more info. And once more info is released, then the FBI will use this info to try to track back to source, arrest and use the info as evidence against AntiSec individuals.

But this is my hunch.

Misleading Summary (0)

Anonymous Coward | about 2 years ago | (#41233989)

The FBI did not say the attack never happened, nor did it deny that it had the UDID records. It just said that there was no evidence to support either claim.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

IOW, Antisec didn't publish details of the hack, and nobody has any proof that we had the records in the first place.

Remember, it's not you know that's important, it's what you can prove.

Cellphone numbers, Addresses, Zip codes etc. (0)

Anonymous Coward | about 2 years ago | (#41234135)

Antisec released a sample of the UDID's which they said they have un unredacted version including names, addresses, zip codes, phone numbers etc. From the original article:

"NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

I'm inclined to believe that a spreadsheet of mobile phones would at the very least include the telephone numbers, if not the user name and other details. As to whether it came from the FBI? Proof would be more data from Antisec, however FBI have a reason to lie (FFS, if they have the iOS user list, of course they'd lie about it! It would be a wholesale violation of privacy.).

The Application, and an open request... (1)

nweaver (113078) | about 2 years ago | (#41234195)

It really depends on the application in question: The Push tokens are application specific, and Apple knows or can trivially find out which application vendor is the source of this information.

If its a game, then the Anons are full of it, there is no reason for the FBI to have gotten that data.

If its something like, well, who knows, then the Anons are probably telling the truth.

If some slashdot reader's UUID is on the list, please contact me. It may be possible to use the phone backup file to determine which application was responsible for this data breach.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>