Report: Apple User Data Stolen From App Firm, Not FBI Laptop

Future Tense
The Citizen's Guide to the Future
Sept. 10 2012 4:29 PM

Report: Apple User Data Stolen From App Firm, Not FBI Laptop

89133844
An Apple Store customer

Photo by Justin Sullivan/Getty Images

Last week, hackers claimed that they had managed to access an FBI agent’s laptop and siphon data from it. Now new evidence has emerged to support the theory that the claims were fabricated in a bid to embarrass the bureau.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

NBC reported today that the million-record database of Apple gadget identifiers released by hackers affiliated to the Anonymous collective does not appear to have been obtained from an FBI agent’s computer. Rather, the data were seemingly derived from a Florida-based digital publishing company, Blue Toad. Blue Toad said that its analysis found a 98 percent correlation between it and data stolen from its servers two weeks ago. "That's 100 percent confidence level, it's our data," CEO Paul DeHart told NBC.

Advertisement

DeHart also said that he could not rule out the possibility that the data stolen from his company’s servers was shared with others and eventually made its way onto an FBI computer. However, the hackers had said they obtained the data from the FBI agent’s laptop back in March. So if the hacked data came from Blue Toad’s servers in the last two weeks, this clearly calls into question the accuracy and reliability of the hackers’ claims.

A statement from the hacker collective AntiSec had said it had used a Java exploit to gain access to special agent Christopher Stangl’s computer. There, they said, they had found a database file containing identity information about more than 12 million Apple mobile devices and their users. The data seemed genuine, and immediately people began questioning why the FBI would have that information. But the FBI within hours issued a denial, and several things did not seem to stack up.

For one, no hackers would speak about how they had obtained the data. Amid the flurry of publicity last Tuesday, one told me that there would be “no direct comments about the acquisition.” The hackers had said they would give interviews if Gawker writer Adrian Chen donned a tutu and posed for a photo with a shoe on his head. To his credit, Chen took up the bizarre challenge, but no interviews were forthcoming.

It was also strange to me that the hackers had claimed to have accessed agent Stangl’s laptop using a fairly basic Java exploit to secretly access his files. Stangl is himself a supervisor in the bureau’s Cyber Action Team and has experience analyzing malware. So to think that he could be duped by a phoney email or a dodgy link, tricking him into downloading a Trojan of some sort—it seemed far-fetched to say the least. I also wondered why the hackers, if they had indeed gained access to an agent’s laptop, had not obtained and released lots of other files related to the FBI. Stangl’s laptop would surely have been teeming with classified and restricted information related to his work.

The hackers certainly have plenty reasons to want to embarrass the FBI, and Stangl in particular. The Cyber Action Team has been instrumental in building cases against a number of high-profile hackers linked to Anonymous and its spinoffs, like LulzSec. The New York unit also recruited one of the most notorious members of Anonymous, Sabu, as an informant, it was revealed in March.

Perhaps the hackers decided that it was time for some retribution, by any means necessary. But if they did indeed deliberately spread disinformation, their future claims will be treated with far greater skepticism—whether they happen to be true or not.

Future Tense is a partnership of SlateNew America, and Arizona State University.

  Slate Plus
Slate Picks
Nov. 21 2014 1:38 PM What Happened at Slate This Week? See if you can keep pace with the copy desk, Slate’s most comprehensive reading team.