FBI Denies It Held iPhone UDIDs Stolen By AntiSec

← Back to Stories (view on slashdot.org)

FBI Denies It Held iPhone UDIDs Stolen By AntiSec

Posted by Unknown on Wednesday September 5, 2012 @12:50AM from the it-was-actually-the-nsa dept.

judgecorp writes "The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"

158 of 216 comments (clear)

Min score:

Reason:

Sort:

So where did they come from? by fustakrakich · 2012-09-05 00:51 · Score: 5, Insightful

The FBI... What, does anybody expect them to admit it?

--
“He’s not deformed, he’s just drunk!”
1. Re:So where did they come from? by siddesu · 2012-09-05 00:55 · Score: 1
  
  Nyet. J. Edgar Hoover.
2. Re:So where did they come from? by Sarten-X · 2012-09-05 01:04 · Score: 5, Funny
  
  On the other hand, finding the names of agents is pretty easy, and dropping one makes for a much juicier story than "AntiSec managed to get a UDID-sniffing trojan into the app store".
  In the absence of any further evidence, I must assume that everybody's lying. The real story is that the UDIDs were harvested wirelessly using petahertz radio scanners mounted on the invisible black helicopters flown by the lizard aliens who, due to their shared ancestry with birds, make excellent pilots, even in aircraft that are based on Martian stealth technology (which is why we're giving the Martians our nuclear-powered cars now).
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
3. Re:So where did they come from? by crazyjj · 2012-09-05 01:23 · Score: 4, Insightful
  
  Wouldn't it be nice to think the FBI would ever release a press release with the header "Yes, We Screwed-Up and Yes, We're Illegally Spying on You." But inevitably, that's the kind of admission that only comes out decades after the fact. It's not like if you had asked J. Edgar Hoover "Hey are you spying on Martin Luther King with illegal wiretaps and recording devices?" back in the 60's he would have replied "Oh yeah, we're doing that."
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
4. Re:So where did they come from? by falcon5768 · 2012-09-05 01:26 · Score: 5, Interesting
  
  Only people foolish enough to think antisec actually cares about being truthful would think that. Lets face the facts here
  12 million is a piss in the pond in terms of iOS UDID codes. Its less than half the iPhones sold LAST QUARTER. If the FBI was realistically trying to build a database of them, there is no way at this point they would ONLY have 12 Million.
  12 million is more easily explained by being leaked from a developer, as up until half a year ago, developers were using the code to identify individual iPhones for various reasons like automatic sign-in to certain services like some of the multiplayer game services. Apple banned them from using it though half a year ago so at this point there was no reason to keep.
  The data it's self was incomplete. Some had legit names and addresses while most were just a ID code. If this was from a official source then there would have been a lot more data on most of these. On the otherhand if it was stolen from a developer who let users opt out of giving their information but used the code for autologin purposes, then there would be clear reason why most of the data has no user info attached.
  Antisec is still smarting from getting much of its higher ranking leadership arrested from a FBI plant
  So really there is no reason AT ALL to believe antisec's claims that they stole the info. There is however a lot more reason to suspect they were trying to stir the pot in the tech community by stoking already present fears of FBI spying which they did a pretty good job at. It gets clueless script kiddies riled up and makes them look cool. Sure the FBI can be shady, but of the law enforcement agencies out there I would honestly have to say they are the least shady of the bunch and tend to release information without bending the truth too much, even when it has the possibility of embarrassing them. Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
5. Re:So where did they come from? by crazyjj · 2012-09-05 01:27 · Score: 3, Interesting
  
  In the absence of any further evidence, I must assume that everybody's lying.
  Except that Anon has real evidence in this case, and specifics. The FBI is just issuing a blanket denial. And, for that matter, if this agent is real and doesn't do this, why aren't they hiding him and not making him available for interviews? Seems like he would be the most credible source to deny it.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
6. Re:So where did they come from? by Lumpy · 2012-09-05 01:36 · Score: 2
  
  FBI can legally spy on you. It's the CIA that cant legally spy on you.
  
  --
  Do not look at laser with remaining good eye.
7. Re:So where did they come from? by Yvanhoe · 2012-09-05 01:36 · Score: 2
  
  Usually they blame a subcontractor.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
8. Re:So where did they come from? by crazyjj · 2012-09-05 01:45 · Score: 2
  
  FBI can legally spy on you.
  Not without a warrant. Care to guess whether or not they had one when they were putting recording devices in Martin Luther King's motel rooms and home?
  If you answered "No," congratulations.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
9. Re:So where did they come from? by bluefoxlucid · 2012-09-05 01:45 · Score: 1
  
  Yes because I totally did not have sexual relations with that donkey.
  
  --
  Support my political activism on Patreon.
10. Re:So where did they come from? by fustakrakich · 2012-09-05 01:46 · Score: 1
  
  Only people foolish enough to think the FBI actually cares about being truthful would think that.
  You're welcome. The first one is always free. More likely you're half right. Both sides are lying. But for anybody to believe that the FBI doesn't harvest this info, is an exercise in naivety.
  Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.
  Not sure what you base that on. Getting anything out of the FBI usually takes reams of FOI requests... I've rarely, if ever that I can remember, seen them come forth without them. They have every reason in the book to deny everything. SOP
  
  --
  “He’s not deformed, he’s just drunk!”
11. Re:So where did they come from? by crazyjj · 2012-09-05 01:48 · Score: 1
  
  From their perspective, this is no doubt a beneficial side-effect of the massive expansion of the private national security industry since 9-11. I guess at least it's providing jobs.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
12. Re:So where did they come from? by NatasRevol · 2012-09-05 01:56 · Score: 3, Insightful
  
  Or they could have hacked some small developer who wasn't overly careful with his records and AntiSec ended up with a few real UDIDs.
  Then blamed it on the FBI.
  Or they could have hacked an FBI laptop, just the one that had Apple UDIDs on it.
  I have no idea, but I have heard of Occam's Razor.
  
  --
  There are two types of people in the world: Those who crave closure
13. Re:So where did they come from? by tmosley · 2012-09-05 01:56 · Score: 3
  
  Wow, a time traveler has come to us from some time before 9/11/2001. Tell me, friend, what is it like to live in a free society? It has been so long I have forgotten.
14. Re:So where did they come from? by Sarten-X · 2012-09-05 01:58 · Score: 4, Insightful
  I have a few agent business cards in my desk at home. I could claim any one of them gave me a receipt that proves Lee Harvey Oswald's innocence. I could show you a receipt dated November 22, 1963. The agent I name could deny it, of course, but then his denial could just as easily be dismissed as "protecting his job" or some other obvious ploy.
  Anon has shown only that they:
  
  have UDIDs, some of which are valid
  have the name of an FBI agent
  There is no evidence that the UDIDs actually came from the FBI. There is no evidence that Special Agent Stangl is related to the case in anything but name, and any statement from him must be considered questionable, just as any statement from Anonymous must also be questionable.
  As the saying goes, extraordinary claims require extraordinary proof, and there is very little actual proof available... just names and numbers mentioned in close proximity.
  --
  You do not have a moral or legal right to do absolutely anything you want.
15. Re:So where did they come from? by Sez+Zero · 2012-09-05 02:09 · Score: 1
  
  The FBI... What, does anybody expect them to admit it?
  FBI: Hello, Supervisor Special Agent Christopher K. Stangl, would you please step under this bus? We don't want to throw you.
16. Re:So where did they come from? by somersault · 2012-09-05 02:21 · Score: 2, Insightful
  
  Why do they need to waste time getting a "credible source" to deny not very credible accusations? If I gave a list of accusations for 100 agents right now, should the FBI take those 100 agents off of whatever they're doing to give a press report?
  Really, who cares?
  
  --
  which is totally what she said
17. Re:So where did they come from? by RyuuzakiTetsuya · 2012-09-05 02:32 · Score: 1
  
  in theory, they still need FISA warrants.
  
  --
  Non impediti ratione cogitationus.
18. Re:So where did they come from? by Anonymous Coward · 2012-09-05 02:39 · Score: 2
  
  There is no evidence that the UDIDs actually came from the FBI. There is no evidence that Special Agent Stangl is related to the case in anything but name, and any statement from him must be considered questionable, just as any statement from Anonymous must also be questionable.
  As the saying goes, extraordinary claims require extraordinary proof, and there is very little actual proof available... just names and numbers mentioned in close proximity.
  All absolutely valid points.
  Unfortunately, you cannot confirm or deny any of it, and therefore with regards to statements made by our Government, the sane majority must default to the history books and say that they're lying.
  All of them.
  Now prove me wrong.
19. Re:So where did they come from? by Anonymous Coward · 2012-09-05 02:46 · Score: 1
  Anon has shown only that they:
  have UDIDs, some of which are valid
  have the name of an FBI agent
  Actually, all they have shown is that one side of the FBI agent is black
20. Re:So where did they come from? by Sarten-X · 2012-09-05 02:49 · Score: 1
  
  The sane majority also must refer to history books when dealing with statements made by activist groups and say that they're trying to look more important than they really are, and therefore also lying.
  Hence my original point: I must assume everyone's lying. There is as much proof of invisible black Martian spy planes as there is of anyone's claims here.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
21. Re:So where did they come from? by Anonymous Coward · 2012-09-05 02:50 · Score: 1
  
  The FBI is lying!
  They have so much more information than what they say they have. Antisec also grabbed a database of slashdot userid's, handles, and personal information at the same time. I've removed all the personal information, but here's an except of the first 5 slashdot userid's and handles:
  CmdrTaco (1)
  CowboyNeal (4)
  siddesu (698447)
  Sycraft-fu (314770)
  Sez Zero (586611)
  AwaxSlashdot (600672)
  zill (1690130)
  Yvanhoe (564877)
  crazyjj (2598719)
  falcon5768 (629591)
  You are being watched! Or conned! Or both!
22. Re:So where did they come from? by falcon5768 · 2012-09-05 03:10 · Score: 1
  
  For what purpose. Its been pointed out many times the UDID has no real value to the FBI so why would they be taking them?
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
23. Re:So where did they come from? by fustakrakich · 2012-09-05 03:17 · Score: 1
  
  Every little 'bit' helps...
  Sorry
  
  --
  “He’s not deformed, he’s just drunk!”
24. Re:So where did they come from? by fadethepolice · 2012-09-05 03:18 · Score: 4, Interesting
  
  This is likely to be true of every action of every whistleblower from now until the end of time. The very act of getting protected data from an organization by definition results in this situation. The only resort is to look at context and evaluate the information on the knowledge you have of the participants. http://en.wikipedia.org/wiki/Carnivore_(software) http://en.wikipedia.org/wiki/NarusInsight The FBI has a proven track record of secretly monitoring Americans for close to 100 years. Anonymous has a decent reputation as occasionally competent hackers. Given these facts I would tend to give more weight to the evidence presented by anonymous than the denials by the FBI.
25. Re:So where did they come from? by crakbone · 2012-09-05 03:23 · Score: 4, Insightful
  
  Only problem is that Anon has a better record of telling the truth.
26. Re:So where did they come from? by cavreader · 2012-09-05 03:33 · Score: 1
  
  Anon has presented no evidence of how or where they got the data and refuse to give any more information on the subject. They listed an agents name but how did they know to target this individual? The exploit they claimed they used (the Java Atomic Array flaw) is not exploitable on every machine that has Java installed and requires a specific configuration and usage patterns before the flaw could be exploited. And the FBI would be wary of issuing a blanket denial because they could not be sure there was not more incriminating proof waiting to be released. Since a particular agent was mentioned they could have discovered rather easily if the agents machine had the data and was vulnerable to the exploit. It's not like they would had to investigate their entire network infrastructure looking for evidence of the hack. But of course they are pure as the driven snow when it comes to issuing their accomplishments. Maybe they are pissed that the FBI (ie. the MAN) has caught and prosecuted a couple members of their little hacker collective and want to retaliate.
27. Re:So where did they come from? by zzsmirkzz · 2012-09-05 03:42 · Score: 4, Insightful
  
  Only problem is that Anon has a better record of telling the truth.
  A nameless, faceless, identity that anyone can assume at any time, by definition, does not have a record .
28. Re:So where did they come from? by fustakrakich · 2012-09-05 03:49 · Score: 1
  
  The law is a quaint anachronism... Merely a philosophical theory from the distant past. It was never meant to be a universal standard to apply to everyone. It is simply a tool of domination and authority.
  
  --
  “He’s not deformed, he’s just drunk!”
29. Re:So where did they come from? by Zero__Kelvin · 2012-09-05 03:49 · Score: 1
  
  "The "AntiSec" guy has no evidence. He could have done what he says he did. Or he could be completely lying. There is no evidence whatsoever either way. Don't make stuff up."
  Maybe he's bucking for a job with the FBI.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
30. Re:So where did they come from? by Anonymous Coward · 2012-09-05 03:51 · Score: 4, Funny
  
  on average random ACs have a better rate of telling the truth than the FBI. (this post included?)
31. Re:So where did they come from? by blueg3 · 2012-09-05 03:53 · Score: 4, Interesting
  
  ...finding the names of agents is pretty easy...
  Yeah, especially when the agent stated his name in a well-known FBI PR video targeting hackers.
32. Re:So where did they come from? by Zero__Kelvin · 2012-09-05 03:54 · Score: 1
  
  "A nameless, faceless, identity that anyone can assume at any time, by definition, does not have a record ."
  Tell that to the UNABOM task force circa 1995. You see, I don't know your name. I haven't seen your face. Yet you already have a record of making clueless statements ;-)
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
33. Re:So where did they come from? by Lumpy · 2012-09-05 03:59 · Score: 1
  
  I suggest you read the PATRIOT act and what pesky freedoms were removed that law enforcement hated to deal with.
  
  --
  Do not look at laser with remaining good eye.
34. Re:So where did they come from? by Lumpy · 2012-09-05 04:00 · Score: 2
  
  They have a roll of FISA warrants next to the sink. Many of the guys here at the office mistakenly use them as paper towels.
  
  --
  Do not look at laser with remaining good eye.
35. Re:So where did they come from? by CanHasDIY · 2012-09-05 04:06 · Score: 1
  
  Its been pointed out many times...
  by whom? What reason would we have to believe this hereforeto unnamed source?
  
  UDID has no real value to the FBI so why would they be taking them
  Anybody who tells you that your personal identifying information (or information that personally identifies your devices) has no value is a liar, probably trying to misdirect you. All data is valuable to someone, somewhere, sometime.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
36. Re:So where did they come from? by amicusNYCL · 2012-09-05 05:05 · Score: 1
  
  If the FBI was realistically trying to build a database of them, there is no way at this point they would ONLY have 12 Million.
  You're assuming they got everything the FBI has? They claimed to have stolen a CSV file that was sitting on some guy's desktop in his machine, that doesn't exactly sound like the sum total of knowledge possessed by the FBI. Excel wouldn't be able to open a CSV file with that many records in it, so the data probably is destined for a database import script somewhere. This is more data for the database, not the entire database.
  
  12 million is more easily explained by being leaked from a developer
  Sure, like a single developer sending their data to the FBI for inclusion in the larger database. That would definitely explain why an FBI agent would have a CSV file containing "only" 12 million UDIDs sitting on his desktop.
  
  The data it's self was incomplete. Some had legit names and addresses while most were just a ID code. If this was from a official source then there would have been a lot more data on most of these.
  I don't know what you mean by "official source", but why wouldn't they compare this data with what they already have to see if they can add new records or update existing ones? If the ID is all they have then that's all they have, if there's more information associated with it then they'll add that to their records. Like you said, some have legit names and addresses.
  
  Sure the FBI can be shady, but of the law enforcement agencies out there I would honestly have to say they are the least shady of the bunch and tend to release information without bending the truth too much, even when it has the possibility of embarrassing them. Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.
  Yeah, that's just a ringing endorsement for why we should trust the FBI instead of people who have previously attacked the government claiming to now be attacking the FBI.
  There's really no reason to believe either of them, frankly. Either side lying would suit their ends. I see less of a threat of AntiSec lying because it would damage their reputation more than if the FBI was caught in a lie. People expect the FBI to lie about things like this, if AntiSec wants to be taken seriously then they can't have a reputation for lying about where they get their data.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
37. Re:So where did they come from? by sjames · 2012-09-05 05:26 · Score: 1
  
  Yes. Let's see, who do we trust here, an anonymous group of people who have never lied to me before or a TLA that has a long history of 'disinformation' and is a champion of the gag order.
  Unless/until more information comes to light, the preponderance favors believing Anon.
38. Re:So where did they come from? by Mike+Buddha · 2012-09-05 05:29 · Score: 1
  
  So they released a more detailed lie, and that makes it true? Sounds legit.
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
39. Re:So where did they come from? by sjames · 2012-09-05 05:30 · Score: 1
  
  No record is a better position than a TLA with a long history of lying to everyone including the President and Congress on numerous occasions.
40. Re:So where did they come from? by thetoadwarrior · 2012-09-05 05:32 · Score: 1
  
  Of course not or people will start believing those rumours about backdoors built into windows, OS X, etc for the government and might demand that changes.
41. Re:So where did they come from? by Mike+Buddha · 2012-09-05 05:32 · Score: 1
  
  Life in America is so much worse now than it was pre 9/11. Oh wait, no it isn't.
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
42. Re:So where did they come from? by zzsmirkzz · 2012-09-05 05:34 · Score: 1
  
  Yes, tied to my single UID (zzsmirkzz). That is a record of a single person's actions/speech which can be used to predict that single person's future actions/speech.
  However, when dealing with Anonymous their actions/speech can not be tied to any single person, organization or group. Due to the fact that anyone can use the identity (or lack thereof) at any time and for any reason, past actions/speech tied to the identity (Anonymous) cannot be reliably (or logically) used to predict future actions/speech of the identity. So the statement "Anon has a better record of telling the truth" has no real meaning because Anonymous can encompass everyone, no one, and all of the points in-between (depending on the context). The person who used the identity yesterday and happened to be truthful tells you nothing about truthfulness of the person who is using the identity today.
43. Re:So where did they come from? by Zero__Kelvin · 2012-09-05 05:40 · Score: 1
  
  "That is a record of a single person's actions/speech which can be used to predict that single person's future actions/speech."
  No. It is not. It is a Slashdot account, which can be easily hacked into. Assuming for the moment that only legitimate users have the account password there is still no tying it to any single subset of people as far as we as Slashdot users are concerned.
  
  "The person who used the identity yesterday and happened to be truthful tells you nothing about truthfulness of the person who is using the identity today."
  The same can be said about you if you present ID and I verify your identity. Your point is beyond clueless.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
44. Re:So where did they come from? by zzsmirkzz · 2012-09-05 05:43 · Score: 1
  
  Argued that way, I can accept that as a reasonable conclusion. However, I realize that Anonymous could include that very same TLA, although it is unlikely, or someone who is even more of a pathological liar. While the odds may be in your favor (it's arguable) it is not a slam-dunk.
45. Re:So where did they come from? by KhabaLox · 2012-09-05 05:57 · Score: 1
  
  Well, we got 3 out of 5 taken care of so far.
  
  --
  Ceci n'est pas un sig.
46. Re:So where did they come from? by drinkypoo · 2012-09-05 05:57 · Score: 2
  
  Life in America is so much worse now than it was pre 9/11. Oh wait, no it isn't.
  It's not dramatically worse, but it is worse. Unless, you know, you really like having your nuts squeezed before you get on an airplane, for example.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
47. Re:So where did they come from? by PhxBlue · 2012-09-05 06:00 · Score: 1
  
  A nameless, faceless, identity that anyone can assume at any time, by definition, does not have a record .
  Which makes it all the more sad that their record is still better than the FBI's.
  
  --
  !#@%*)anks for hanging up the phone, dear.
48. Re:So where did they come from? by helix2301 · 2012-09-05 06:20 · Score: 1
  
  The concern of most people is if the FBI did not collect this data. Then where did the cache of UDID’s come from? How were they collected? Who else had access to them? What other information does the anonymous source have?
  
  --
  http://www.thetechnologygeek.org
49. Re:So where did they come from? by sjames · 2012-09-05 06:21 · Score: 1
  
  Agreed, it's a guess, but it is an educated guess.
50. Re:So where did they come from? by zzsmirkzz · 2012-09-05 06:22 · Score: 1
  
  Yeah, I'm clueless in the sense that I have no clue what point you are trying to make. This happens to reflect more on you than it does on me. My arguments are at least logical and make sense. Yours seem to be alluding to knowing things in absolute terms which is ridiculous considering the context of the original conversation. Based on your logic, we know nothing because it cannot be proven that we are not just a brain in jar with our sensory inputs being manipulated and fed to us, matrix-style. Sure, that is a useful philosophical concept/argument but it is completely useless in all other facets of life and understanding.
51. Re:So where did they come from? by Zero__Kelvin · 2012-09-05 06:44 · Score: 1
  
  Go read David Hume's "A Treatise On Human Nature", get somebody to explain it to you, and then get back to me.
  
  "My arguments are at least logical and make sense."
  No. Your argument (singular) is pointless and means nothing.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
52. Re:So where did they come from? by BasilBrush · 2012-09-05 07:32 · Score: 1
  
  They have no need to comment. So no, if they had done it, they wouldn't have had to admit it. Equally because they had the option not to comment, the fact that they have denied it has more weight. Why choose to lie rather than not comment?
53. Re:So where did they come from? by BasilBrush · 2012-09-05 07:42 · Score: 1
  
  Except that Anon has real evidence in this case, and specifics.
  They have a partial list of UDIDs with some correct data and some incorrect data in it. That's evidence they have a list. It's not evidence where it came from.
  Remember when Heartland documents were aquired by an anon person, and they couldn't resist adding one forged document to the collection. I'm afraid you can't assume that you're hgetting the truth and the whole truth from an anonymous person.
  
  And, for that matter, if this agent is real and doesn't do this, why aren't they hiding him and not making him available for interviews?
  That would be a silly precedent to set.
54. Re:So where did they come from? by BasilBrush · 2012-09-05 07:45 · Score: 1
  
  Heartland leaked documents. Most real, the most damming one faked. Maybe the name anon, maybe a different one. I'm afraid one can't attribute a good track record to random anon claims.
55. Re:So where did they come from? by BasilBrush · 2012-09-05 07:51 · Score: 1
  
  Then where did the cache of UDIDâ(TM)s come from? How were they collected?
  UDIDs used to be a de-facto standard way of third party developer's apps having a unique index of users. Many developers could have collected this. More recently it's been banned - such apps will be rejected by the app store. Thus it's probably an old list, and chances are, not from the FBI.
56. Re:So where did they come from? by Em+Adespoton · 2012-09-05 09:42 · Score: 1
  
  The sane majority also must refer to history books when dealing with statements made by activist groups and say that they're trying to look more important than they really are, and therefore also lying.
  Hence my original point: I must assume everyone's lying. There is as much proof of invisible black Martian spy planes as there is of anyone's claims here.
  Truly, you have a dizzying intellect.
  Good thing I've built up an immunity....
57. Re:So where did they come from? by grcumb · 2012-09-05 10:18 · Score: 1
  
  In the absence of any further evidence, I must assume that everybody's lying. The real story is that the UDIDs were harvested wirelessly using petahertz radio scanners mounted on the invisible black helicopters flown by the lizard aliens who, due to their shared ancestry with birds, make excellent pilots, even in aircraft that are based on Martian stealth technology (which is why we're giving the Martians our nuclear-powered cars now).
  Occam, I told you that razor was sharp. Now you've gone and taken your whole foot off with it.
  And just look at my carpet! Do you know how hard arterial blood is to clean up...?
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
58. Re:So where did they come from? by Xebikr · 2012-09-05 10:23 · Score: 1
  
  A nameless, faceless, identity that anyone can assume at any time, by definition, does not have a record
  
  And yet it still manages to have a better one than the FBI.
59. Re:So where did they come from? by SomePoorSchmuck · 2012-09-05 10:46 · Score: 1
  
  Only people foolish enough to think antisec actually cares about being truthful would think that. Lets face the facts here
  12 million is a piss in the pond in terms of iOS UDID codes. Its less than half the iPhones sold LAST QUARTER. If the FBI was realistically trying to build a database of them, there is no way at this point they would ONLY have 12 Million.
  12 million is more easily explained by being leaked from a developer, as up until half a year ago, developers were using the code to identify individual iPhones for various reasons like automatic sign-in to certain services like some of the multiplayer game services. Apple banned them from using it though half a year ago so at this point there was no reason to keep.
  The data it's self was incomplete. Some had legit names and addresses while most were just a ID code. If this was from a official source then there would have been a lot more data on most of these. On the otherhand if it was stolen from a developer who let users opt out of giving their information but used the code for autologin purposes, then there would be clear reason why most of the data has no user info attached.
  Antisec is still smarting from getting much of its higher ranking leadership arrested from a FBI plant
  So really there is no reason AT ALL to believe antisec's claims that they stole the info. There is however a lot more reason to suspect they were trying to stir the pot in the tech community by stoking already present fears of FBI spying which they did a pretty good job at. It gets clueless script kiddies riled up and makes them look cool. Sure the FBI can be shady, but of the law enforcement agencies out there I would honestly have to say they are the least shady of the bunch and tend to release information without bending the truth too much, even when it has the possibility of embarrassing them. Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.
  Why do you think that using caps would make your stupid points any more valid?
  You need to get over it. It's not like this is a 1993 IRC flamewar with people "SHOUTING". The very very occasional use of caps in that post is quite obviously an attempt by the author to compensate for the lack of inflection and affect in pure text and render the text more conversational. The caps indicate words which in spoken discussion would be given extra emphasis. "Not saying they ALWAYS do it", for example, is the way normal people talk in the normal world which you seem intent on scoring Internet Warrior points by scoffing at. I wonder, when you're in administrative planning sessions at your job, do you commonly listen to people speak and then ask them, "Why do you think that varying your tone and accenting different words in your sentence would make your stupid points any more valid?". Good luck assimilating the other 7 billion people on the planet into your world of preferential monotone.
  
  --
  
  Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
60. Re:So where did they come from? by Mike+Buddha · 2012-09-05 13:39 · Score: 1
  
  Life in America is so much worse now than it was pre 9/11. Oh wait, no it isn't.
  It's not dramatically worse, but it is worse. Unless, you know, you really like having your nuts squeezed before you get on an airplane, for example.
  You used to have to pay for that.
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
61. Re:So where did they come from? by BasilBrush · 2012-09-10 05:49 · Score: 1
  
  Except that Anon has real evidence in this case, and specifics.
  Told you so. The list came from a third party app developer, not the FBI.
  http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week
Collection != leak by AwaxSlashdot · 2012-09-05 00:54 · Score: 3, Interesting

There are 3 issues here:
* who collected them ? (most probably an app)
* who "lost" them ? (AntiSec claim they found it on a FBI agent laptop they compromised)
* how the data went from #1 to #2 ?
And the 3rd one is the most interesting.

--
Sig (appended to the end of comments you post, 120 chars)
1. Re:Collection != leak by zill · 2012-09-05 01:14 · Score: 1
  
  I see several people mentioning it was a Trojan app, but then where did the addresses and zipcodes come from?
  
  Do people actually store addresses and zipcodes on their phones?
2. Re:Collection != leak by Anonymous Coward · 2012-09-05 01:31 · Score: 2, Funny
  
  > Do people actually store addresses and zipcodes on their phones?
  No grandpa, no one would ever have addresses and zip codes in a phone! That wouldn't make a lick of sense!
3. Re:Collection != leak by Sarten-X · 2012-09-05 02:19 · Score: 2
  
  Yeah, that's the weird part. My phone has phone numbers, and that's it. Of course, I don't use my phone for much other than phone calls, so I'm pretty secure. I don't even download many apps, just some games now and then. Oh, and there was this one app a friend recommended to me, where I just download it and fill out a survey for a chance to win a $50 Wal-mart gift card! For each person I refer, I'll get another chance to win! Of course they wanted my mailing address for that, but that's okay. I'm expecting a gift card any day now!
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
4. Re:Collection != leak by canajin56 · 2012-09-05 06:59 · Score: 1
  
  I'd imagine that some people have their home address in their phone for GPS purposes. Or, the trojan could have been monitoring movements via GPS, and whoever was running it could have been reversing that into probable addresses. Or it could be cross referenced. If they use their wifi at home, the trojan could get an IP address. Many online stores will connect your IP address to your zip code and/or your address, and sell that data point to geomapping services. Even stores that do not sell online, but have a "find a store near me" will sell the same data. It's not always very accurate as people tend to put fake zip codes in when it doesn't matter. But still. It's important to remember that many (or most?) of these rows do not have address or zipcode information. AntiSec redacted those columns before releasing it so we actually don't even know they were present at all, and if they were, what percentage of rows had these data.
  
  --
  ASCII stupid question, get a stupid ANSI
Possibilities... by Severus+Snape · 2012-09-05 00:57 · Score: 3, Insightful

1. AntiSec is lying.
2. FBI is lying.
3. AntiSec is telling the truth and the FBI's methods of obtaining the UDID codes means they can't admit to it.
1. Re:Possibilities... by Anonymous Coward · 2012-09-05 01:02 · Score: 1
  
  Point 3 is redundant after point 2.
2. Re:Possibilities... by jfdavis668 · 2012-09-05 01:13 · Score: 3, Insightful
  
  Another option, AntiSec hacked someone pretending to be an FBI agent. I have run across people like this, who are trying to con you or just getting their jollies.
3. Re:Possibilities... by Impy+the+Impiuos+Imp · 2012-09-05 01:16 · Score: 1
  
  "Dwight, pull over. Dwight, stop throwing weapons out of the car. Dwight..."
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
4. Re:Possibilities... by cornicefire · 2012-09-05 01:18 · Score: 1
  
  Another option is that some third agency, as yet unnamed, officially owns the UDID values, and they were just sharing them with this guy. The agencies always play this game. They'll say "No one at ABC did this" knowing full well it was someone at the XYZ agency who was assigned to ABC. In the mean time, XYZ will deny authorizing anyone to do it, knowing full well that the authorization was done by someone at ABC.
5. Re:Possibilities... by zill · 2012-09-05 01:20 · Score: 1
  
  Wait, so you're saying there's a con man out there who pretends to be an FBI agent and he somehow has the personal information of a million iPhone owners?
6. Re:Possibilities... by jfdavis668 · 2012-09-05 01:29 · Score: 1
  
  If it is real data, no. I have tools that create test data which can make millions of very realistic records. Has Apple verified it?
7. Re:Possibilities... by jfdavis668 · 2012-09-05 01:35 · Score: 1
  
  I agree, Another possibility.
8. Re:Possibilities... by guises · 2012-09-05 01:36 · Score: 1
  
  It seems possible to me that the FBI had the UDIDs but didn't know it. With warrantless searches now the norm and the unscrupulous attitude that that implies, agents don't have or expect the oversight that they used to. So it could easily be that an agent collected those, thinking it was no big thing.
9. Re:Possibilities... by vlm · 2012-09-05 01:38 · Score: 1
  
  Another option, AntiSec hacked someone pretending to be an FBI agent. I have run across people like this, who are trying to con you or just getting their jollies.
  Infinitely more likely is they hacked a civilian employee or contractor of the FBI who merely happened to have the named agent log into the laptop once, or maybe the named agent worked closely with the civilian. That way the FBI can truthfully deny, yes, indeed, the FBI has no UDIDs...
  They also VERY SPECIFICALLY stated that no "FBI laptop was compromised". This is very important. The MIB might have copied the file onto his personal laptop, or it was technically a FBI leased laptop instead of being a FBI owned laptop, or in some sharing arrangement the laptop was technically owned by the treasury dept as some kind of expense sharing arrangement, or the FBI gets this data (from apple?) by having apple mail a apple owned laptop full of data to the FBI, or its part of a cooperative cross departmental arrangement where the NSA provides the hardware, the FBI provides the men on the ground to lean on apple to release the data, and the DSA provides physical security/office space, so technically in the narrowest possible definition yes that is not a "FBI" laptop.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
10. Re:Possibilities... by zill · 2012-09-05 01:46 · Score: 2
  
  It's been publicly verified. Since the data is public, any iOS user can see if their device is on the list or not.
  
  This whole discussion is moot if it's just junk data. Whether FBI, Anonymous, or some other party collected the data, its very creation means that laws were broken.
11. Re:Possibilities... by slackware+3.6 · 2012-09-05 01:55 · Score: 1
  
  If you generate a million phone numbers some one is going to find their number in the list.
12. Re:Possibilities... by IMathGood · 2012-09-05 02:08 · Score: 1
  
  1. AntiSec is lying. 2. FBI is lying. 3. AntiSec is telling the truth and the FBI's methods of obtaining the UDID codes means they can't admit to it.
  aren't 2 and 3 the same thing?
13. Re:Possibilities... by a_n_d_e_r_s · 2012-09-05 02:12 · Score: 1
  
  You pulling the NSA card out of your hat ?
  
  --
  Just saying it like it are.
14. Re:Possibilities... by gman003 · 2012-09-05 02:13 · Score: 1
  
  4. They're both lying
  5. AntiSec isn't deliberately lying, but were misinformed (eg. the list was actually used by $sinisterGovernmentAgency, but they were masquerading as FBI for some sinister reason)
  6. The FBI isn't deliberately lying, but those speaking were misinformed (eg. it was part of some project spearheaded by some upstart who didn't get authorization)
15. Re:Possibilities... by zill · 2012-09-05 02:24 · Score: 2
  
  The phone numbers wasn't released for privacy reasons. What was released (if you bother to click the link) was the UDID, APNS Token, and device name. I really don't see how a randomly generated list can match both the UDID and corresponding device name.
16. Re:Possibilities... by Nocturnal+Deviant · 2012-09-05 02:51 · Score: 1
  
  It's not like FBI agents are all IT nerds like us, I am SURE he has a personal laptop. usb drive? for email or something? just because it is against the rules doesn't mean people don't do it(case in point I have seen far too much and too scary porn in the workplace...its always awkward calling them down and telling them to stop.)
  
  --
  -Noc
17. Re:Possibilities... by gl4ss · 2012-09-05 03:31 · Score: 1
  
  If you generate a million phone numbers some one is going to find their number in the list.
  generating udids is a lot harder than generating phone numbers. generating them randomly and having them match to right device type/name for people is even harder.
  
  --
  world was created 5 seconds before this post as it is.
18. Re:Possibilities... by Culture20 · 2012-09-05 03:47 · Score: 1
  
  You pulling the NSA card out of your hat ?
  I believe that card is actually pulled from another three letter word.
Misleading headline. by Anonymous Coward · 2012-09-05 00:58 · Score: 5, Insightful

From TFA: "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data"
Saying there's no evidence isn't the same as saying it didn't happen.
1. Re:Misleading headline. by benjamindees · 2012-09-05 01:18 · Score: 1
  
  That just means they destroyed all evidence of having collected the data in the first place. You see, the US now practices "quantum" intelligence gathering. If they collect data, but don't look at it, it's the same as never having collected it to begin with. Likewise, if they collect data, and lose the data, and then delete the evidence that they collected the data, and deny that they lost the data, everything turns out fine. It's all very complicated physics that you wouldn't understand, documented in detail in the Back To The Future movies. The lost data should begin erasing itself any minute now. Any. Minute. Now.
  
  --
  "I assumed blithely that there were no elves out there in the darkness"
2. Re:Misleading headline. by __aaltlg1547 · 2012-09-05 01:25 · Score: 1
  
  Proving a laptop has not been hacked is impossible. If the FBI determines data that were on his laptop have been compromised they'll send him back to data security 404 and give him a new laptop.
3. Re:Misleading headline. by crazyjj · 2012-09-05 01:34 · Score: 3, Insightful
  
  Yeah, anytime you're dealing with a government press release or statement you have to CAREFULLY parse the language. These things are carefully crafted to imply things they don't actually say. "I personally have no knowledge of such an event happening" is NOT the same as saying "This event didn't happen." There are a million ways to imply things without saying them, and a dumb and gullible press will usually swallow them hook-line-and-sinker 99% of the time.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
4. Re:Misleading headline. by JBMcB · 2012-09-05 01:42 · Score: 1
  
  No, but if you're claiming you hacked into an FBI laptop and stole data that the FBI claims doesn't exist, you'd better have *some* sort of proof.
  Maybe a script kiddie hacked into an AT&T server and got the UDIDs, but claiming that they hacked into the FBI would make them sound cooler.
  
  --
  My Other Computer Is A Data General Nova III.
5. Re:Misleading headline. by blueg3 · 2012-09-05 04:00 · Score: 2
  
  No shit. They don't have magic spy software on their own laptops that can provide absolute proof. How's someone at the FBI going to determine, without a doubt, that none of the laptops the FBI uses was hacked? How are they going to determine that absolutely zero agents requested or managed to get their hands on the information being discussed? They can't.
  So, while they're using weasel words, it's also the correct way to respond: They can't be absolutely sure of their statement, but they have no evidence that would lead them to believe otherwise.
6. Re:Misleading headline. by game+kid · 2012-09-05 08:27 · Score: 1
  
  As I've said before about that Comcast-NBC thing, "PR guys love to reveal without revealing and lie without lying." I think this FBI stuff, like that thing three years before, is obviously another "inaccurate" but true report.
  I also think I'm even more glad that I don't own an iPhone.
  
  --
  You can hold down the "B" button for continuous firing.
Which is more likely by thePowerOfGrayskull · 2012-09-05 00:58 · Score: 2

Which is more likely - the fbi just happened to lose a laptop with millions of UDIDs that it had no reason to have and anonymous just happened to find that particular laptop? Or that someone in anonymous wanted to make waves and so made a bold (but unverifiable) claim?
Pardon me, I need to go shave.
1. Re:Which is more likely by siddesu · 2012-09-05 01:04 · Score: 2
  
  In a perfect world, the second would be more likely. However, if you stack it againt the hundreds of cases every year where officials or executive lose equipment with mega or gigabytes of personal information, I'd say that IRL the first is at least as likely as the second.
2. Re:Which is more likely by trout007 · 2012-09-05 01:06 · Score: 1
  
  http://www.dailytech.com/article.aspx?newsid=24281
  
  --
  I love Jesus, except for his foreign policy.
3. Re:Which is more likely by Gaygirlie · 2012-09-05 01:07 · Score: 4, Insightful
  
  Laptops are being lost all the god damn time and Anon is a very, very large group of people -- I'd say the chances are actually darn good. Also, I'd say the chances are darn good for FBI to lie whenever something like this happens, just for the sake of looking good in the eyes of the general public and for painting anyone who disagrees in bad light.
  As for unverifiability: apparently some of those UDIDs have already been verified.
4. Re:Which is more likely by EasyTarget · 2012-09-05 01:10 · Score: 1
  
  Anonymous targeted the FBI guy, he is moderately senior and very active + well known in white-hat circles; what goes around, comes around. .. or in your haste to fud did you skip the article, and all the articles yesterday, where it is made clear he was hacked and did not 'lose' his laptop.
  
  --
  "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
5. Re:Which is more likely by Cronock · 2012-09-05 01:14 · Score: 1
  
  There were quite a few apps that were caught collecting UDIDs, if I remember correctly. It's not actually all that far-fetched to believe that somebody, in order to gain some "street cred" actually obtained it in this manner, then released it saying it had come from the FBI to undeservingly inflate their reputation.
6. Re:Which is more likely by wbr1 · 2012-09-05 01:16 · Score: 1
  
  The FBI did not lose the laptop. According to Anonymous, it was broken into using a Java exploit.
  
  --
  Silence is a state of mime.
7. Re:Which is more likely by flaming+error · 2012-09-05 01:18 · Score: 2
  
  "Chances are darn good"?
  I don't know the numbers, but I believe the formula would look something like this:
  (odds fbi collects apple udids) * (odds udids kept on agent's laptop) * (odds of fbi agent losing laptop) * (odds member of anonymous finds it)
  I think that product will be a pretty small number.
8. Re:Which is more likely by EasyTarget · 2012-09-05 01:24 · Score: 1
  
  Actually it looks like this:
  (1) * (1) * (odds anon target well known fbi man and hack into his laptop over the evil internet)
  
  --
  "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
9. Re:Which is more likely by circletimessquare · 2012-09-05 01:24 · Score: 1
  
  I don't trust Anonymous more or less than the FBI, but the motivation to pull this story out of their ass seems smaller than an FBI stooge's motivation to deny and cover their ass.
  FBI brass might even be pitted against FBI agent: brass said don't get the UDIDs and the agent went and obtained them anyway. The FBI is a large bureaucracy with complicated relationships between semi-independent operatives, and it's possible there is low coordination between FBI spokesman and FBI worker. Anonymous may have more operational integrity, at least on this isolated issue.
  Is your barber named Occam?
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
10. Re:Which is more likely by JBMcB · 2012-09-05 01:47 · Score: 1
  
  Also, I'd say the chances are darn good for FBI to lie whenever something like this happens, just for the sake of looking good in the eyes of the general public and for painting anyone who disagrees in bad light.
  I find it very difficult to believe that this, the most *transparent* administration in recent history, would allow such lies to be promulgated.
  
  --
  My Other Computer Is A Data General Nova III.
11. Re:Which is more likely by Terrasque · 2012-09-05 02:11 · Score: 1
  
  The odds of them hacking an FBI laptop is pretty damn good considering:
  1. FBI is probably investigating AntiSec
  2. AntiSec knows that FBI are probably investigating them
  3. New security hole for Java released, not patched
  4. Lots of government'y stuff use Java
  AntiSec could just make a page using that security hole and "accidentally" let it slip to the FBI, and pronto, one (or many) hacked FBI box(es) served right up.
  So, the chance of them gaining access to a few FBI boxes are rather high, all considering. And the chance of them finding *something* interesting on one of them is also rather high IMHO (birthday paradox theory).
  
  --
  It's The Golden Rule: "He who has the gold makes the rules."
12. Re:Which is more likely by L4t3r4lu5 · 2012-09-05 02:25 · Score: 1
  
  As for unverifiability: apparently some of those UDIDs have already been verified.
  False conclusion. The fact that some UDIDs are valid does not verify they were taken from an FBI laptop.
  
  Some genuine UDIDs which were already known could have been included in a group of numbers which match the form of the others (I'll make you a script to generate them in a couple of minutes, if you like), but are in fact fakes, meaning only Apple could tell the two apart. As a lot of Anon's "work" is "for the lulz", I wouldn't put it past them to do something like that. Scruples are one thing they're lacking.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
13. Re:Which is more likely by freeze128 · 2012-09-05 03:07 · Score: 1
  
  Whoa there Nellie! The data was released by AntiSec, not Anonymous.
  
  Anonymous has been in the news so much, I'm sure you just got a little confused.
Cat's out of bag. by Ostracus · 2012-09-05 01:03 · Score: 1

"The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"
Maybe from a soon to be blown case were the FBI is investigating an anonymous hacker group?

--
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
1. Re:Cat's out of bag. by crazyjj · 2012-09-05 01:42 · Score: 1
  
  Maybe from a soon to be blown case were the FBI is investigating an anonymous hacker group?
  Or evidence that they're building a giant fishing net (with ALL of us in it) for future fishing trips. When there are 12 million entries in a database on a single laptop, all just from iPhones and iPads alone, I tend to think this is much larger than just some individual investigation. Shit, that's over 10% of Apple's *ENTIRE* active U.S. iPad and iPhone userbase, on that one laptop alone. That's not from any one investigation, or even several.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
Aliens. by craznar · 2012-09-05 01:06 · Score: 1

We all know that alien computers talk seamlessly to Apple devices.
So the aliens have been collecting them for years.
What took the aliens so long to publish them - was talking to a Dell Windows laptop.

--
EMail: 0110001101100010010000000110001101110010 0110000101111010011011100110000101110010 0010111001100011011011110110
Issue? by symes · 2012-09-05 01:07 · Score: 2, Interesting

This is not something I know a great deal about, but surely the UDID is pretty easy to get hold of. Surely most suppliers will keep a record for warranty/insurance reasons. AFAIK, many apps can access this information. ITunes relies on it. These data could just be from the FBI looking for patterns of insurance fraud, or similar. And I wouldn't be surprised if a load or organizations hold this sort of data for a range of gadgets. I bought a fridge a while back and had to send the serial number off to some third party to have my warranty set up. I am happy to be corrected though, and told this is a huge privacy thing.
1. Re:Issue? by Sarten-X · 2012-09-05 01:17 · Score: 1
  
  This is a huge privacy thing, just like any American's Social Security number. You know, that number where the last four digits are used frequently for identification to third parties, the first three are based on where you were born, and the middle two are based on when you were born...
  Being a privacy issue doesn't necessarily mean it's kept particularly secure.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
2. Re:Issue? by O('_')O_Bush · 2012-09-05 01:20 · Score: 1
  
  Any app developers out there? If it is anything like Android, any app with sufficient privileges can send the phone's unique identifier to a server to be stored. Whether it be the hash looking thing for the phone itself, or the phone number for that account.
  
  --
  while(1) attack(People.Sandy);
3. Re:Issue? by Bogtha · 2012-09-05 01:52 · Score: 1
  
  Surely most suppliers will keep a record for warranty/insurance reasons.
  
  The UDID is separate to the serial number; there's no reason to use the UDID for this purpose.
  
  --
  Bogtha Bogtha Bogtha
4. Re:Issue? by platypusfriend · 2012-09-05 02:07 · Score: 1
  
  Access to the UDID is deprecated. iOS developers now have to generate and maintain their own UUID, which can of course be wiped by the phone owner. The reason for this, at least partly, is so phones aren't permanently tied to service X or Y when the device changes ownership. --- http://developer.apple.com/library/ios/#DOCUMENTATION/UIKit/Reference/UIDevice_Class/DeprecationAppendix/AppendixADeprecatedAPI.html
This sort of fits... by Revotron · 2012-09-05 01:09 · Score: 5, Informative

...with the general attitude I saw from Slashdot regarding the original story. It almost sounds like a complete fake just because what the hell would the FBI possibly do with a deprecated SHA1 hash of a few device-unique identifiers? Verify that their super-secret gub'mint database of everyone's iPhone MAC addresses and MEIDs has no row errors?

It's worth reiterating from the other story that Apple doesn't even accept apps that reference the UDID any more, and it was never used as a security or authentication feature in the first place. It's like saying "lol, you got pwned, I just got the MD5 hash of your entire hard drive, LULZ LULZ LULZ WE ARE ANON"

If the FBI really wanted some useful information, they could swipe your ESN/MEID and track you down to a cellular level. Hell, they probably already have. Smile at the camera!
1. Re:This sort of fits... by wbr1 · 2012-09-05 01:23 · Score: 1
  
  If the DB contained names and other person identifiers (which were supposedly stripped before release), then if an FBI agent snatched a phone briefly, it could be used to quickly verify the phones owner.
  In addition, even though its use as a device identifier is depreciated, apps still use it, and could be used to spoof authentication to certain apps central servers, thereby allowing the holder (if the UDID was used as the single form of ID), to mine data from the app, or log in as you from a jailbroken iDevice.
  
  --
  Silence is a state of mime.
2. Re:This sort of fits... by Revotron · 2012-09-05 01:40 · Score: 1
  
  other person identifiers (which were supposedly stripped before release)
  Hopefully you can understand why I have my doubts in this scenario. It's like Joseph Smith and the gold tablets. "Only I'm allowed to see them, so I'll stare into this top hat and read everything to you."
  
  Also, apps (and app updates) from the last year or so that use the UDID in any way have been rejected by Apple on that basis alone. Any app that uses the UDID as its sole authentication mechanism would hopefully not contain any sensitive personal information, and fortunately anyone that dumb probably couldn't code their way out of a wet paper bag.
  
  I could be completely wrong and the FBI might just like to track some magic hashes for shits and giggles, but I think it's far more likely that Anon slipped some random fart app through to collect a bunch of UDIDs and used the conveniently-timed Java vulnerability to conjure up a believable breach scenario.
So where does that assumption get you? by Anonymous Coward · 2012-09-05 01:13 · Score: 5, Funny

The FBI are lying about it not being theirs and ANON are lying it about it being theirs.
Is this some sort of Schroedinger's laptop?
1. Re:So where does that assumption get you? by jythie · 2012-09-05 01:39 · Score: 4, Funny
  
  I do not know how.. I do not know when... I do not even know why.. but I will find and excuse to use the phrase 'Schroedinger's Laptop' someday.
2. Re:So where does that assumption get you? by dr2chase · 2012-09-05 01:43 · Score: 1
  
  Quantum dual boot?
3. Re:So where does that assumption get you? by Sarten-X · 2012-09-05 02:04 · Score: 2
  
  A small sample of a radioactive isotope in front of a Geiger counter attached to a GPIO pin, whose value is used by the bootloader to pick which OS to load. If the isotope has decayed (and emitted a particle toward the sensor) recently enough that the pin is high, boot Debian. If the sample has been stable long enough that leakage has grounded the pin, boot Fedora.
  This is AWESOME! Another triumph of mad computer science!
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
4. Re:So where does that assumption get you? by funwithBSD · 2012-09-05 03:03 · Score: 2
  
  It only boots if you don't observe it.
  
  --
  Never answer an anonymous letter. - Yogi Berra
5. Re:So where does that assumption get you? by 93+Escort+Wagon · 2012-09-05 03:12 · Score: 4, Funny
  
  Is this some sort of Schroedinger's laptop?
  I had one of those about 12 years ago - a Dell Inspiron 3800. At any given moment you wouldn't know whether it was going to work or not until you tried to turn it on.
  
  --
  #DeleteChrome
6. Re:So where does that assumption get you? by DarwinSurvivor · 2012-09-05 03:12 · Score: 1
  
  Or does it?
7. Re:So where does that assumption get you? by Zero__Kelvin · 2012-09-05 03:47 · Score: 2
  
  "A laptop that boots and doesn't boot at the same time ?"
  No good. Bill Gates already invented that.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
8. Re:So where does that assumption get you? by zlives · 2012-09-05 04:02 · Score: 1
  
  a dual boot laptop that boots into an os... but which os?
9. Re:So where does that assumption get you? by zlives · 2012-09-05 04:03 · Score: 1
  
  for the ms vs linux crowd
  a dual boot laptop with a crashed or non crashed os state
  which os? /troll
10. Re:So where does that assumption get you? by KhabaLox · 2012-09-05 05:51 · Score: 1
  
  The laptop could contain either a functional OS or a non-functional OS, but you won't know which one until you boot it.
  
  --
  Ceci n'est pas un sig.
11. Re:So where does that assumption get you? by mcgrew · 2012-09-05 05:58 · Score: 1
  
  I will find and excuse to use the phrase 'Schroedinger's Laptop' someday.
  
  I have an easier one for you -- Schroedinger's fridge!
  
  --
  Free Martian Whores!
12. Re:So where does that assumption get you? by geminidomino · 2012-09-05 08:30 · Score: 2
  
  Unless devices come with a 'fucked' indicator that I've just been missing for all these years?
  Laptops, at least, do.
  Look for "Designed for use with Windows Vista"
13. Re:So where does that assumption get you? by Em+Adespoton · 2012-09-05 09:38 · Score: 1
  
  I wonder what Schrodinger would have thought about LOLCats?
  The meme's only dead if we don't mention it....
Plausible deniability by GeekWithAKnife · 2012-09-05 01:14 · Score: 1

If the data is obtained illegally, without due process that's all the FBI really needs to do. "It wasn't me". Of course, as history might educate us, later on they might u-turn and pull one of those "Well actually..." So if the data is real, it came from somewhere, someone was holding it, who was it? I thank the FBI for its response as it will only spur further investigation. Let's get down to the bottom of this.

--
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
I hate to be the one to say this... by tekrat · 2012-09-05 01:15 · Score: 2, Insightful

But I trust the hacker group more than I trust the FBI.
It's more likely the FBI is lying to cover up something. I mean, we're talking about the *government* -- not exactly our best and brightest, but definitely good at the "cover your ass" game.

--
If telephones are outlawed, then only outlaws will have telephones.
1. Re:I hate to be the one to say this... by PRMan · 2012-09-05 01:35 · Score: 5, Insightful
  
  Exactly. Anonymous and Antisec have seemingly been completely honest in the past, when it comes to claiming responsibility for hacks. The FBI is known to lie and cover up. Given past experience, Antisec is more likely to be telling the truth.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re:I hate to be the one to say this... by cryptizard · 2012-09-05 03:21 · Score: 1
  
  Maybe they had the UDIDs as part of an investigation into actual hackers/criminals (i.e. evidence), which would prevent them from commenting on it now. Just another possibility that seems more likely to me than the FBI somehow harvesting relatively useless phone IDs.
Phew! by hackula · 2012-09-05 01:17 · Score: 1

Sigh... What a relief!
At least two possibilities by MikeRT · 2012-09-05 01:20 · Score: 1

1. They're just lying. This is the FBI, after all. The group whose IG basically called their field agents a bunch of incorrigible criminals when it came to obeying the law on when and how to use National Security Letters from 2006 onward.
2. This was done by a few agents and their management and the FBI leadership and public relations genuinely had no idea that some of their people were soliciting and/or receiving (solicited or not) such information. If this be the case, I wouldn't be surprised if the FBI throws this agent under the bus and runs it over him several times for a federal offense or two related to dragneting. It's not that they'd be genuinely upset by him getting this data, so much as the FBI does not suffer employees who make it look bad for any reason (I have relatives who used to be federal law enforcement, and they used to refer to the FBI as publicity whores).
cause it's not like they would lie, is it? by chris.alex.thomas · 2012-09-05 01:20 · Score: 1

I mean, if the FBI says it didnt happen, then it didn't happen, right guys??
"Misinformation" by lkcl · 2012-09-05 01:21 · Score: 1

uhnnn.... is this the same FBI that was to be involved with the *deliberate* disinformation "strategy" - if it can be called that - to put out complete whopper lies and try to back-track where they came from in order to catch "terrorists" and other criminals?
The agent is a hacker by Cigarra · 2012-09-05 01:22 · Score: 1

Maybe the FBI agent (the laptop owner) moonlights as a hacker.

--
I don't have a sig.
This could get interesting... by Atomus · 2012-09-05 01:24 · Score: 2

Now that the FBI basically rejected AniSec's claims and Adrian Chen put on a pink tutu with a shoe on top of his head (Source: Link), AntiSec can now respond to the FBI's denied claims. I just threw some popcorn in the microwave.....
Here is the Deal by M0j0_j0j0 · 2012-09-05 01:25 · Score: 1

You help us ban our competition; we will give you full access to our data deal??
1. Re:Here is the Deal by benjamindees · 2012-09-05 01:36 · Score: 1
  
  We'll also help you with that pesky "citizens recording things they shouldn't" problem.
  
  --
  "I assumed blithely that there were no elves out there in the darkness"
Fourth possibility by puddingebola · 2012-09-05 01:33 · Score: 1

Fourth possibilty: Hacker group is telling the truth, FBI doesn't know of existence of laptop, FBI didn't know information was on laptop, maybe agent that illegally obtained information had on laptop, FBI can deny in complete ignorance. Fifth possibility: IDs obtained by aliens in Hangar 18 and placed on laptop. Occam's razor is a lie.
Sounds familiar.. by BVis · 2012-09-05 01:34 · Score: 1

"There are no tanks in Baghdad!"

--
Never underestimate the power of stupid people in large groups.
I'm more inclined to believe AntiSec by realsilly · 2012-09-05 01:43 · Score: 2

...based on the information they put out.
And the disinformation tactics of Govt. agencies. I think the FBI is try to call the AntiSec bluff, to get them to release more info. And once more info is released, then the FBI will use this info to try to track back to source, arrest and use the info as evidence against AntiSec individuals.
But this is my hunch.

--
Life takes interesting turns, but the most interest is when you're off the beaten path.
Re:Odds are by EasyTarget · 2012-09-05 01:51 · Score: 2

"unique name "AntiSec" will make it a lot easier to pattern match and track them down"
For instance, if (as I just did) you type it into google; you get taken straight to the homepage of their leader, complete with pictures of his monorail.
Someone really needs to kick the FBI's asses over this, I mean, why are they taking so long to arrest them all when it's so easy.

--
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
The Application, and an open request... by nweaver · 2012-09-05 02:05 · Score: 1

It really depends on the application in question: The Push tokens are application specific, and Apple knows or can trivially find out which application vendor is the source of this information.
If its a game, then the Anons are full of it, there is no reason for the FBI to have gotten that data.
If its something like, well, who knows, then the Anons are probably telling the truth.
If some slashdot reader's UUID is on the list, please contact me. It may be possible to use the phone backup file to determine which application was responsible for this data breach.

--
Test your net with Netalyzr
File name instructive by Anonymous Coward · 2012-09-05 02:09 · Score: 3, Interesting

"NCFTA_iOS_devices_intel.csv'
National Cyber-Forensics and Training Alliance(1) is that FBI-sponsored industry cybersecurity PR, lobbying, and info-sharing consortium that was going to replace CERT et al, make sure the Bureau's position on cybersecurity was advanced, and pass out a lot of white hats to all the "Walker, Cyber Ranger"s out there. Stangl (sic) apparently may have some role there. As others have pointed out, the data could have come directly from Apple.
So maybe the Fibbies are *technically* truthful here. It's called plausible deniability. That's why you have captive shadow orgs like NCFTA, ostensibly not taxpayer funded. Congress won't oblige your agency's agenda or funding? Just set up a non-profit org. They can do things you can't. Welcome to "continuity of government", though this process is now largely a quaint and unneccessary anachronism in a post PATRIOT, post DMCA, post NDAA, executive order, UN Treaty, Homeland Security world. That kind of deceptive charm may be it's only lingering utility, in fact. Sugar-coating and Cosmetics are big business, after all.
(1) http://yro.slashdot.org/index2.pl?fhfilter=NCFTA
1. Re:File name instructive by gl4ss · 2012-09-05 03:29 · Score: 1
  
  well, what people who have their devices on the list should do would be to post their app history. that might give a clue.
  
  --
  world was created 5 seconds before this post as it is.
Sean Sullivan by jones_supa · 2012-09-05 02:16 · Score: 2

Also the F-Secure researcher Sean Sullivan was suspicious about the information really coming from FBI.
Piffle by onyxruby · 2012-09-05 02:19 · Score: 2

This all a bunch of nonsense! This was probably just a list from a given vendor. Track this down by doing the following:
Look for the ID's and find the most recent date one that you can. That gives you the date range that this is relevant for.
Look at the ID's and match them to locations? Are they all from the US? That might give credence to FBI angle (which I think is bullocks).
Look at the ID's and start matching users.
Look for commonality between said users, this far too large of a list of users to simply be a list of OWS protestors (sorry, if OWS was ever that large on just apple users alone OWS would have succeeded instead of being a punch line). Your doing this just to exclude conspiracy theories like a national we spy on people with shiny toys conspiracy theory.
Once you've concluded that there isn't anything in common between most of these people you can't start the real work:
Start matching the common thing or applications between those users. You will probably discover something really benign like they they all have AT&T accounts that belong to the western part of the US or they all have the Twitter application or something really boring.
///sorry to ruin your conspiracy theories, have but have fun reverse engineering this
From the same organization that brought you F& by scorp1us · 2012-09-05 03:01 · Score: 1

Now comes Crass and Curious, and effort to collect device UUIDs.
Does anyone believe any department under Eric Holder?

--
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Hey! by casca69 · 2012-09-05 04:15 · Score: 1

Didn't that guy used to work for Sadam Hussein?
Re:Ya no shit by HiThere · 2012-09-05 04:49 · Score: 3

I wish I could believe that. Unfortunately, the government generally, and law enforcement officials more specificly, have a WORSE track record for telling the truth than does J. Random Hacker.
If I go strictly by probabilities, I'd believe Antisec. But I happen to feel that it's OK to remain undecided.
P.S.: Saying "Antisec needs to provide more proof" is not reasonable. If they have tapped something, an incomplete result is to be expected. (I.e., if they intercepted communications in process rather than hacking the computer.) Saying that you won't believe then would be a bit better, but without expressing what additional evidence would convince you, not much better.
For that matter, I'm not sure what either side could do to convince me that they were telling the truth, but I don't count a simple assertion as worth even considering. Especially not from the govt., which has a horrible track record of lying even when the truth would be to its advantage.
I'd proof this better, but the combination of slashcode with firefox makes proofreading a painful process.

--

I think we've pushed this "anyone can grow up to be president" thing too far.
EXACTLY ! ! ! by sgt_doom · 2012-09-05 06:29 · Score: 1

http://www.whale.to/b/gelbspan_b.html
http://en.wikipedia.org/wiki/COINTELPRO
Present director, Robert Mueller III, was appointed to chief of DOJ's criminal division to interdict the BCCI investigation by then-president, George H.W. Bush, and later appointed to FBI director by George W. Bush, four days prior to 9/11/01. Director Mueller is the grandnewphew of Richard Bissell, while Mueller's wife is the granddaughter of Gen. Cabell --- two of the three top CIA types President Kennedy fired before he was assassinated. (The third, Allen Dulles, would be appointed to manage the Warren Commission to "investigate" the Kennedy assassination.)
Bet My Servers It's A Fake by Revotron · 2012-09-05 08:50 · Score: 1

...after all, I'm not expecting much from an organization (AntiSec) whose only penetration method is hitting a webserver with old obsolete phpMyAdmin vulnerabilities. Found this in my webserver logs today:

62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET /pma/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
Well gosh golly gee willikers, thems sure are some mighty clever hackers right there!