or Connect
AppleInsider › Forums › General › General Discussion › FBI refutes claims of hacked agency laptop, Apple UDID database
New Posts  All Forums:Forum Nav:

FBI refutes claims of hacked agency laptop, Apple UDID database

post #1 of 66
Thread Starter 
Less than one day after hacker group AntiSec claimed to have found over 12 million Apple UDIDs on a purportedly compromised agency laptop, the FBI issued a statement saying the group's allegations are false and distanced itself from the gathering of such private information.

Earlier on Tuesday, AntiSec published what it claimed to be 1,000,001 unique device identifiers (UDIDs) belonging to cellular-enabled Apple iPhones and iPads, saying the leak was just a small sampling of over 12 million such IDs purportedly stolen from an FBI laptop.

In a statement obtained by All Things D, the FBI denies the claims, saying that there is no evidence tying the agency to the purported UDID leak.

The group alleges that personal information like phone numbers, full names and addresses were included in the database alongside the UDIDs, information not usually available to developers.

FBI Logo


From the FBI's statement:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.


When AntiSec first posted its purported findings, the group noted the leaked UDIDs had varying amounts of associated personal data, ranging from zip codes to more comprehensive datasets like full names and addresses. UDID codes are available to app developers, however access is limited and doesn't usually include personal information.

The FBI's denial raises the question of where the leak originated as at least some of the unique identifiers were verified as legitimate.
post #2 of 66

I have 6 iOS devices, none of which seem to have been compromised. Yet.

 

Perhaps my life is not interesting enough........ :-/

post #3 of 66
Originally Posted by anantksundaram View Post
I have 6 iOS devices, none of which seem to have been compromised. Yet.

 

How do you know they weren't?

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #4 of 66

.


Edited by sneamia - 9/5/12 at 9:01am
post #5 of 66

An interesting observation. Think WinPhone is guilty of this? BB? 

 

Curiously, as Android is open source, you (can) know exactly what's on your device--and who has access to what, specifically. There is nothing magical under the hood that may talk through Google--or Apple, or Microsoft--without your knowledge.

post #6 of 66

Is it wrong to feel equally trusting of the FBI and the Hackers?  Either could be lying and I would not be surprised.

post #7 of 66
Perhaps the headline should have been "refute". "Rebuke" is an odd choice.
post #8 of 66
Quote:
Curiously, as Android is open source, you (can) know exactly what's on your device--and who has access to what, specifically. There is nothing magical under the hood that may talk through Google--or Apple, or Microsoft--without your knowledge.

Is every application open source too? What about all the crapware the phone manufacturer and telco adds? Is their source open?
post #9 of 66
Quote:
Originally Posted by Brian Ward View Post

Is it wrong to feel equally trusting of the FBI and the Hackers?  Either could be lying and I would not be surprised.

Both could be lying... maybe they didn't hack the Special Agent's PC, but got into more 'sensitive' FBI systems.

 

My issue is the spin that it's an Apple Leak.  I can't see how if choosing to claim hacking FBI or Apple, you would choose the FBI...  The value of the prize for lying about an FBI leak seems so minor compared to showing proof that you hacked through Apple defense.  And if Apple had 12Million exposed, they'd have 120Million exposed

post #10 of 66
Quote:
Originally Posted by noelos View Post


Is every application open source too? What about all the crapware the phone manufacturer and telco adds? Is their source open?

 

No, but what you load is ultimately up to the user--and you can replace the software on your device with your old build, should you so desire.

post #11 of 66
Quote:
Originally Posted by noelos View Post

Perhaps the headline should have been "refute". "Rebuke" is an odd choice.

refute was probably what they were gunning for

 

and of course the fbi is going to deny they were inept.

post #12 of 66

Wouldn't the UDID be required to associate a cell-tower connection with a particular mobile device? If so, I'm pretty sure your cellphone service provider has this info and it can be obtained by the FBI directly from them. Hopefully with some kind of warrant, but nowadays (Patriot Act etc.) who knows? I doubt a phone hack is needed for this information to become available to the FBI should they want it for some reason.

 

I'd like to know if the numbers in the database were obtained by the FBI via legal warrant or via some less official "procedure".

 

Oh, and yeah, it would be expected for the FBI to deny any collection activity unless challenged by congress. Now it's up to anonymous to somehow tie that data to the agent's laptop. Perhaps via some Wikileaks disclosures.

 

Really must buy more popcorn.

post #13 of 66

Pretty terrible headline to this article. The FBI has not, in fact, "refuted" anything. They merely stated that there is no proof. That's only a "refutation" if you live in some Bizarro World where everything the FBI says is accepted as true.

post #14 of 66
Quote:
Originally Posted by AppleInsider 
there is no evidence tying the agency to the purported UDID leak.

Notice they didn't deny it, they probably just killed everyone linking it back to them.

It could be another leak from a service provider:

http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

They'd have address info and might track device identifiers for service usage. But, if the info is international, it would have to be a global carrier like T-Mobile.

If it was an app that collected it, it would have to be a very popular app to collect so many.
post #15 of 66

Why the **** does the FBI have a list of UDID's ?! what. the. ****. 

post #16 of 66

No, "rebuke" is an accurate choice. "Refute" is a terrible and false choice, since the FBI has not refuted anything.

post #17 of 66
Quote:
Originally Posted by softeky View Post

Wouldn't the UDID be required to associate a cell-tower connection with a particular mobile device? If so, I'm pretty sure your cellphone service provider has this info and it can be obtained by the FBI directly from them. Hopefully with some kind of warrant, but nowadays (Patriot Act etc.) who knows? I doubt a phone hack is needed for this information to become available to the FBI should they want it for some reason.

 

I'd like to know if the numbers in the database were obtained by the FBI via legal warrant or via some less official "procedure".

 

Oh, and yeah, it would be expected for the FBI to deny any collection activity unless challenged by congress. Now it's up to anonymous to somehow tie that data to the agent's laptop. Perhaps via some Wikileaks disclosures.

 

Really must buy more popcorn.

No, Apple and Apps use the UDID, carriers use the IMEI.

post #18 of 66

The most likely scenario is that the NSA had that data, perhaps with Apple's assistance, and someone there leaked it, unofficially of course, to this FBI agent. Cracking an individual agent's laptop would be a lot easier than cracking computers at Apple or some federal agency. Why would hackers claim to have done much less than what they actually did?

 

The other alternatives include:

 

  1. The hackers got the data from some federal agency that got the data from Apple without Apple's permission. Perhaps Apple's assistance in supplying court-ordered UDIDs gave that agency the clues it needed to crack Apple's computers. 
  2. The hackers got the data directly from Apple. But if that's the case, why did they just get 12 million records? Getting in to get some, should have gotten all of them.
  3. The FBI, while not exactly lying, has operations going on that those speaking for it don't know about. This data really is from the FBI and being used by the FBI.

 

Behind this fuss is a more fundamental one. Why is so much data about us not only available to the government, but ending up being stored willy-nilly on laptops that can be cracked, stolen or lost? It's bad enough to contemplate the government even having all this data. It's far worse that it's  being guarded so poorly that it's ending up on laptops.

 

One cause of this sort of mess is that working for the government at any level bestows far too much protection on individual wrongdoers. If this FBI agent really was a rogue acting without authorization, then "Supervisor Special Agent Christopher K. Stangl" should be facing the mother of all class action lawsuits.

post #19 of 66

The FBI has denied it, but the FBI has not refuted anything.  To refute the claims, the FBI would need evidence showing that the claims are false.  The FBI seems to have no such evidence.

Mac user since August 1983.
Reply
Mac user since August 1983.
Reply
post #20 of 66
Quote:
Originally Posted by Shidell View Post

An interesting observation. Think WinPhone is guilty of this? BB? 

 

Curiously, as Android is open source, you (can) know exactly what's on your device--and who has access to what, specifically. There is nothing magical under the hood that may talk through Google--or Apple, or Microsoft--without your knowledge.

This is a false statement as been shown many times over from various malware reports for Android. They have a much higher exposure to malware than Apple does at this point.

 

http://tech2.in.com/news/android/android-more-vulnerable-to-malware-than-ios/263032

Also assuming joe user would be able to open the source for an app (again assuming it was even open) and verify what it was doing isn't even remotely likely to happen. Besides that, most apps are probably not open source, and claiming 'nothing' on your phone could be doing something bad is just foolish.

 

Just because the OS might be open source is no way indicative that your user experience is any safer. Quite the contrary based on found malware on each platform.

iMac 27" 2.8 Quad i7 / 24" Dual Core 3.06 / 17" Macbook Pro Unibody / Mac Mini HTPC / iPhone 4
Reply
iMac 27" 2.8 Quad i7 / 24" Dual Core 3.06 / 17" Macbook Pro Unibody / Mac Mini HTPC / iPhone 4
Reply
post #21 of 66
The FBI has been compromised by agents of the illuminati. Burn everything. Disappear for a while.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #22 of 66
Quote:
Originally Posted by Jeff Fields View Post

Pretty terrible headline to this article. The FBI has not, in fact, "refuted" anything. They merely stated that there is no proof. That's only a "refutation" if you live in some Bizarro World where everything the FBI says is accepted as true.

To refute can be to prove wrong or simply to deny.

http://www.merriam-webster.com/dictionary/refute
post #23 of 66
Quote:
Originally Posted by mcarling View Post

The FBI has denied it, but the FBI has not refuted anything.  To refute the claims, the FBI would need evidence showing that the claims are false.  The FBI seems to have no such evidence.

See a dictionary: http://www.merriam-webster.com/dictionary/refute

Oxford also has a definition of denying an accusation.
post #24 of 66

This is not an Apple thing nearly as much as it is a government spying on citizen thing.  That is the relevance.  The FBI is monitoring device usage is mass fashion.  How the FBI received the data is secondary at this point.

post #25 of 66
Quote:
Originally Posted by Shidell View Post

An interesting observation. Think WinPhone is guilty of this? BB? 

 

Curiously, as Android is open source, you (can) know exactly what's on your device--and who has access to what, specifically. There is nothing magical under the hood that may talk through Google--or Apple, or Microsoft--without your knowledge.

If you use a self compiled version of Android, you would be on more solid ground with your claim. However, every commercial Android-based phone from a manufacturer has plenty customizations and additional layers of software. I can't be bothered looking up the recent news (5-6 months ago) with the integrated "debugging" software that gave pretty much full access to all of the device's data. But there it was ...

 

Operators put a lot of pressure on handset makers to integrate additional software. Apple is, in fact, the seemingly lone company that hasn't complied with those requests. Of course, they have complied with requests to restrict built-in functionality (e.g. FaceTime over 3G, tethering)

post #26 of 66
Quote:
Originally Posted by softeky View Post

Wouldn't the UDID be required to associate a cell-tower connection with a particular mobile device? If so, I'm pretty sure your cellphone service provider has this info and it can be obtained by the FBI directly from them. Hopefully with some kind of warrant, but nowadays (Patriot Act etc.) who knows? I doubt a phone hack is needed for this information to become available to the FBI should they want it for some reason.

 

Other than through data packets, the UDID is not transmitted by the cellular technology itself. You're possibly thinking of the IMEI and ICCID numbers.

post #27 of 66

How about the phone's firmware? Is *that* open source?

post #28 of 66

Or they both could be telling the truth as they know it at this time.    It is always possible a rogue element at the FBI created the list.   Read the FBI statement carefully, they didn't say they aren't responsible just that they don't know of any authorized programs.      On the other hand somebody could be leading the hackers on a wild goose chase.    In between all of this is the possibility of a contractor working with the FBI getting access to this data and loosing control of it.

Quote:
Originally Posted by Brian Ward View Post

Is it wrong to feel equally trusting of the FBI and the Hackers?  Either could be lying and I would not be surprised.

post #29 of 66
Quote:
Originally Posted by focher View Post

 

Other than through data packets, the UDID is not transmitted by the cellular technology itself. You're possibly thinking of the IMEI and ICCID numbers.

Yup, looks like I'm completely off base there. What use is UDID to the FBI when they can get IMEI and ICCID codes from the service provider? How would they be expected to use the UDID to further their "investigations"?

post #30 of 66
Quote:
Originally Posted by BoxMacCary View Post

Uh-oh .... 
Now those FBI assholes have officially put it out there that this is all bullshit & it never happened .... 
All AltSec has to do, now, is somehow/someway prove that this is genuine.
Of course, this could all be a feint by the feds to see exactly how AltSec got the data ....

Supposedly from a stolen laptop computer. That seems pretty simple and not really what i would consider to be a hack. The more profound question is how did the F.B.I. Get the information? Google? Facebook?
post #31 of 66

Please read this again:

 

 

Quote:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

 

They never said it didn't happen.   Again read this: "At this time there is no evidence", that is called wiggle room.   

 

Frankly I'm amazed that people can read so much into statements like these and think in absolute terms when there is nothing at all absolute here.

 

It already looks like the data is genuine.    So the only thing they need to do is to show where it actually came from.   

Quote:
Originally Posted by BoxMacCary View Post

Uh-oh .... 
Now those FBI assholes have officially put it out there that this is all bullshit & it never happened .... 
All AltSec has to do, now, is somehow/someway prove that this is genuine.
Of course, this could all be a feint by the feds to see exactly how AltSec got the data ....
post #32 of 66

This site needs literate editors.  "Rebuke" is certainly not the right word, but there's nothing in the FBI's statement which "refutes" (i.e. definitely disproves) AntiSec's account either.  

 

"denies" 

 

(a weak and mealy-mouthed denial, at that)

 

or "challenges" or "pushes back against"

post #33 of 66
Quote:
Originally Posted by wizard69 View Post

Please read this again:



They never said it didn't happen.   Again read this: "At this time there is no evidence", that is called wiggle room.   


Frankly I'm amazed that people can read so much into statements like these and think in absolute terms 
when there is nothing at all absolute here.


It already looks like the data is genuine.    So the only thing they need to do is to show where it actually came from.   
I was just going to post the same thing.

The FBI didn't rebuke, refute, deny, or otherwise dispute the claim. They made an objective neutral observation that states absolutely no new information and says nothing about whether or not they were involved. It might imply it if you don't read it carefully but you would be wrong if you think it does.
post #34 of 66
The FBI hasn't got your information. And Eric Holder never ran guns illegally. I'm from the government, and I'm here to help. Trust me!
post #35 of 66
Quote:
Originally Posted by Vadania View Post


Supposedly from a stolen laptop computer. That seems pretty simple and not really what i would consider to be a hack. The more profound question is how did the F.B.I. Get the information? Google? Facebook?

 

Not only that, but how did the "hacker" know who had the list? This whole thing stinks to high heaven.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #36 of 66

At this point I would tend to believe the hackers over the FBI.  The hackers call out the compromised FBI agent by name and give enough info about it to make it at least sound genuine on the surface.  Of course the FBI is going to deny any vulnerabilities in their network.  Don't forget that it IS an election year as well, so I'm sure heads are rolling behind the scenes.

post #37 of 66
Quote:
Quote:
Originally Posted by mcarling View Post

The FBI has denied it, but the FBI has not refuted anything.  To refute the claims, the FBI would need evidence showing that the claims are false.  The FBI seems to have no such evidence.

Getting any type of claim validation from either side would be ludicrous. If the F.B.I. did make a statement saying this agent didn't lose his laptop and actually showed the agents laptop, no one would believe it was the same one regardless if it were true.

On the other side of the equation would be a 'thief', not a hacker, raising his/her hand telling the F.B.I. "It's true! I got it! Hey! Over here! Yea me!". I don't believe anyone would be that naive... but then crazier things have happened! 1smile.gif
post #38 of 66
post #39 of 66

 

Oh, yeah. I'm certainly giving any portion of my UDID to that text field… lol.gif

 

If they didn't get it before, they'll get it now!

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #40 of 66
Quote:
Originally Posted by wizard69 View Post

Or they both could be telling the truth as they know it at this time.    It is always possible a rogue element at the FBI created the list.   Read the FBI statement carefully, they didn't say they aren't responsible just that they don't know of any authorized programs.      On the other hand somebody could be leading the hackers on a wild goose chase.    In between all of this is the possibility of a contractor working with the FBI getting access to this data and loosing control of it.

Or, the Government is lying like always, there's that too.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › FBI refutes claims of hacked agency laptop, Apple UDID database