FBI Denies It Was the Source of Hacked Apple User Information

The Citizen's Guide to the Future
Sept. 4 2012 10:42 AM

FBI Denies It Was Source of Hacked Apple User Information

Apple UDID
Every Apple device has a unique identifying number. A hacker group claims the FBI has been compiling a database of those numbers, perhaps to keep tabs on users.

Screenshot / WhatsMyUDID.com

Update, Sept. 4, 5:32 p.m.: The FBI has issued a statement denying that it was the source of the leaked Apple user information. Or, at least, denying that there's any evidence that it was the source of the leaked Apple user information. Here's the full statement:

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

My colleague Ryan Gallagher has more here.

Original post, Sept. 4, 10:42 a.m.: The hacker group AntiSec claims the FBI has compiled a database of 12 million Apple UDIDs—the unique numbers that identify every Apple device, including iPhones and iPads—many of them complete with the device owner's personal information. To prove it, the Anonymous-affiliated group on Monday published one million of the IDs, along with the type (e.g. iPhone) and name (e.g. Jane Doe's iPhone) of each device. In a post accompanying the data dump, the group says it withheld other personally identifying information, including names, mobile phone numbers, and addresses. There's no indication that bank account numbers or passwords were included.

How did the group obtain the information? In its own words (and its own lackadaisical grammar):

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

The group suspects the FBI was using, or planned to use, the information to track Apple users. The FBI has yet to comment on the apparent breach, and it's unclear how it obtained the Apple IDs.

In a twist, the agent whose laptop AntiSec claims to have hacked appeared in a 2009 FBI recruiting video, urging hackers to join the bureau as cybersecurity experts. To AntiSec, which views cybersecurity experts as, essentially, tools of The Man, that makes him an ideal target.

Meanwhile, some security researchers are pouncing on Apple for hard-coding unique identifiers onto every device in the first place. In a post titled, "The UDID leak is a privacy catastrophe," security consultant Aldo Cortesi catalogs several of his own past blog posts warning about the potential for the device numbers to be misused.

Wondering whether your device was among those compromised? The Next Web has built a quick tool that lets you check whether your UDID matches any of the one million that AntiSec included in its data dump. The Next Web assures users that it isn’t storing the numbers they enter. You can find your UDID by following the easy steps outlined here. (Note: Even if yours isn't a match, it could still theoretically be among the other 11 million that AntiSec says it has but didn't publish.)

Future Tense is a partnership of SlateNew America, and Arizona State University.


War Stories

The Right Target

Why Obama’s airstrikes against ISIS may be more effective than people expect.

Why Is This Mother in Prison for Helping Her Daughter Get an Abortion?

The XX Factor
Sept. 23 2014 11:13 AM Why Is This Mother in Prison for Helping Her Daughter Get an Abortion?

Divestment Is Fine but Mostly Symbolic. There’s a Better Way for Universities to Fight Climate Change.

I Stand With Emma Watson on Women’s Rights

Even though I know I’m going to get flak for it.

It Is Very Stupid to Compare Hope Solo to Ray Rice

Building a Better Workplace

In Defense of HR

Startups and small businesses shouldn’t skip over a human resources department.

It’s Legal for Obama to Bomb Syria Because He Says It Is

How Ted Cruz and Scott Brown Misunderstand What It Means to Be an American Citizen

  News & Politics
War Stories
Sept. 23 2014 4:04 PM The Right Target Why Obama’s airstrikes against ISIS may be more effective than people expect.
Sept. 23 2014 2:08 PM Home Depot’s Former Lead Security Engineer Had a Legacy of Sabotage
Sept. 23 2014 1:57 PM Would a Second Sarkozy Presidency End Marriage Equality in France?
  Double X
The XX Factor
Sept. 23 2014 2:32 PM Politico Asks: Why Is Gabby Giffords So “Ruthless” on Gun Control?
  Slate Plus
Political Gabfest
Sept. 23 2014 3:04 PM Chicago Gabfest How to get your tickets before anyone else.
Brow Beat
Sept. 23 2014 4:45 PM Why Is Autumn the Only Season With Two Names?
Future Tense
Sept. 23 2014 1:50 PM Oh, the Futility! Frogs Try to Catch Worms off of an iPhone Video.
  Health & Science
Sept. 23 2014 4:33 PM Who Deserves Those 4 Inches of Airplane Seat Space? An investigation into the economics of reclining.
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.