Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Denies It Held iPhone UDIDs Stolen By AntiSec

Posted by Unknown on from the it-was-actually-the-nsa dept.

judgecorp writes "The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"

52 of 216 comments (clear)

  1. So where did they come from? by fustakrakich · · Score: 5, Insightful

    The FBI... What, does anybody expect them to admit it?

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:So where did they come from? by Sarten-X · · Score: 5, Funny

      On the other hand, finding the names of agents is pretty easy, and dropping one makes for a much juicier story than "AntiSec managed to get a UDID-sniffing trojan into the app store".

      In the absence of any further evidence, I must assume that everybody's lying. The real story is that the UDIDs were harvested wirelessly using petahertz radio scanners mounted on the invisible black helicopters flown by the lizard aliens who, due to their shared ancestry with birds, make excellent pilots, even in aircraft that are based on Martian stealth technology (which is why we're giving the Martians our nuclear-powered cars now).

      --
      You do not have a moral or legal right to do absolutely anything you want.
    2. Re:So where did they come from? by crazyjj · · Score: 4, Insightful

      Wouldn't it be nice to think the FBI would ever release a press release with the header "Yes, We Screwed-Up and Yes, We're Illegally Spying on You." But inevitably, that's the kind of admission that only comes out decades after the fact. It's not like if you had asked J. Edgar Hoover "Hey are you spying on Martin Luther King with illegal wiretaps and recording devices?" back in the 60's he would have replied "Oh yeah, we're doing that."

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
    3. Re:So where did they come from? by falcon5768 · · Score: 5, Interesting

      Only people foolish enough to think antisec actually cares about being truthful would think that. Lets face the facts here

      12 million is a piss in the pond in terms of iOS UDID codes. Its less than half the iPhones sold LAST QUARTER. If the FBI was realistically trying to build a database of them, there is no way at this point they would ONLY have 12 Million.

      12 million is more easily explained by being leaked from a developer, as up until half a year ago, developers were using the code to identify individual iPhones for various reasons like automatic sign-in to certain services like some of the multiplayer game services. Apple banned them from using it though half a year ago so at this point there was no reason to keep.

      The data it's self was incomplete. Some had legit names and addresses while most were just a ID code. If this was from a official source then there would have been a lot more data on most of these. On the otherhand if it was stolen from a developer who let users opt out of giving their information but used the code for autologin purposes, then there would be clear reason why most of the data has no user info attached.

      Antisec is still smarting from getting much of its higher ranking leadership arrested from a FBI plant

      So really there is no reason AT ALL to believe antisec's claims that they stole the info. There is however a lot more reason to suspect they were trying to stir the pot in the tech community by stoking already present fears of FBI spying which they did a pretty good job at. It gets clueless script kiddies riled up and makes them look cool. Sure the FBI can be shady, but of the law enforcement agencies out there I would honestly have to say they are the least shady of the bunch and tend to release information without bending the truth too much, even when it has the possibility of embarrassing them. Not saying they ALWAYS do it, just saying they tend to be more forthcoming than other government agencies.

      --

      "Slashdot, where telling the truth is overrated but lying is insightful."

    4. Re:So where did they come from? by crazyjj · · Score: 3, Interesting

      In the absence of any further evidence, I must assume that everybody's lying.

      Except that Anon has real evidence in this case, and specifics. The FBI is just issuing a blanket denial. And, for that matter, if this agent is real and doesn't do this, why aren't they hiding him and not making him available for interviews? Seems like he would be the most credible source to deny it.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
    5. Re:So where did they come from? by Lumpy · · Score: 2

      FBI can legally spy on you. It's the CIA that cant legally spy on you.

      --
      Do not look at laser with remaining good eye.
    6. Re:So where did they come from? by Yvanhoe · · Score: 2

      Usually they blame a subcontractor.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    7. Re:So where did they come from? by crazyjj · · Score: 2

      FBI can legally spy on you.

      Not without a warrant. Care to guess whether or not they had one when they were putting recording devices in Martin Luther King's motel rooms and home?

      If you answered "No," congratulations.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
    8. Re:So where did they come from? by NatasRevol · · Score: 3, Insightful

      Or they could have hacked some small developer who wasn't overly careful with his records and AntiSec ended up with a few real UDIDs.
      Then blamed it on the FBI.

      Or they could have hacked an FBI laptop, just the one that had Apple UDIDs on it.

      I have no idea, but I have heard of Occam's Razor.

      --
      There are two types of people in the world: Those who crave closure
    9. Re:So where did they come from? by tmosley · · Score: 3

      Wow, a time traveler has come to us from some time before 9/11/2001. Tell me, friend, what is it like to live in a free society? It has been so long I have forgotten.

    10. Re:So where did they come from? by Sarten-X · · Score: 4, Insightful

      I have a few agent business cards in my desk at home. I could claim any one of them gave me a receipt that proves Lee Harvey Oswald's innocence. I could show you a receipt dated November 22, 1963. The agent I name could deny it, of course, but then his denial could just as easily be dismissed as "protecting his job" or some other obvious ploy.

      Anon has shown only that they:

      1. have UDIDs, some of which are valid
      2. have the name of an FBI agent

      There is no evidence that the UDIDs actually came from the FBI. There is no evidence that Special Agent Stangl is related to the case in anything but name, and any statement from him must be considered questionable, just as any statement from Anonymous must also be questionable.

      As the saying goes, extraordinary claims require extraordinary proof, and there is very little actual proof available... just names and numbers mentioned in close proximity.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    11. Re:So where did they come from? by somersault · · Score: 2, Insightful

      Why do they need to waste time getting a "credible source" to deny not very credible accusations? If I gave a list of accusations for 100 agents right now, should the FBI take those 100 agents off of whatever they're doing to give a press report?

      Really, who cares?

      --
      which is totally what she said
    12. Re:So where did they come from? by Anonymous Coward · · Score: 2

      There is no evidence that the UDIDs actually came from the FBI. There is no evidence that Special Agent Stangl is related to the case in anything but name, and any statement from him must be considered questionable, just as any statement from Anonymous must also be questionable.

      As the saying goes, extraordinary claims require extraordinary proof, and there is very little actual proof available... just names and numbers mentioned in close proximity.

      All absolutely valid points.

      Unfortunately, you cannot confirm or deny any of it, and therefore with regards to statements made by our Government, the sane majority must default to the history books and say that they're lying.

      All of them.

      Now prove me wrong.

    13. Re:So where did they come from? by fadethepolice · · Score: 4, Interesting

      This is likely to be true of every action of every whistleblower from now until the end of time. The very act of getting protected data from an organization by definition results in this situation. The only resort is to look at context and evaluate the information on the knowledge you have of the participants. http://en.wikipedia.org/wiki/Carnivore_(software) http://en.wikipedia.org/wiki/NarusInsight The FBI has a proven track record of secretly monitoring Americans for close to 100 years. Anonymous has a decent reputation as occasionally competent hackers. Given these facts I would tend to give more weight to the evidence presented by anonymous than the denials by the FBI.

    14. Re:So where did they come from? by crakbone · · Score: 4, Insightful

      Only problem is that Anon has a better record of telling the truth.

    15. Re:So where did they come from? by zzsmirkzz · · Score: 4, Insightful

      Only problem is that Anon has a better record of telling the truth.

      A nameless, faceless, identity that anyone can assume at any time, by definition, does not have a record .

    16. Re:So where did they come from? by Anonymous Coward · · Score: 4, Funny

      on average random ACs have a better rate of telling the truth than the FBI. (this post included?)

    17. Re:So where did they come from? by blueg3 · · Score: 4, Interesting

      ...finding the names of agents is pretty easy...

      Yeah, especially when the agent stated his name in a well-known FBI PR video targeting hackers.

    18. Re:So where did they come from? by Lumpy · · Score: 2

      They have a roll of FISA warrants next to the sink. Many of the guys here at the office mistakenly use them as paper towels.

      --
      Do not look at laser with remaining good eye.
    19. Re:So where did they come from? by drinkypoo · · Score: 2

      Life in America is so much worse now than it was pre 9/11. Oh wait, no it isn't.

      It's not dramatically worse, but it is worse. Unless, you know, you really like having your nuts squeezed before you get on an airplane, for example.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Collection != leak by AwaxSlashdot · · Score: 3, Interesting

    There are 3 issues here:
    * who collected them ? (most probably an app)
    * who "lost" them ? (AntiSec claim they found it on a FBI agent laptop they compromised)
    * how the data went from #1 to #2 ?

    And the 3rd one is the most interesting.

    --
    Sig (appended to the end of comments you post, 120 chars)
    1. Re:Collection != leak by Anonymous Coward · · Score: 2, Funny

      > Do people actually store addresses and zipcodes on their phones?

      No grandpa, no one would ever have addresses and zip codes in a phone! That wouldn't make a lick of sense!

    2. Re:Collection != leak by Sarten-X · · Score: 2

      Yeah, that's the weird part. My phone has phone numbers, and that's it. Of course, I don't use my phone for much other than phone calls, so I'm pretty secure. I don't even download many apps, just some games now and then. Oh, and there was this one app a friend recommended to me, where I just download it and fill out a survey for a chance to win a $50 Wal-mart gift card! For each person I refer, I'll get another chance to win! Of course they wanted my mailing address for that, but that's okay. I'm expecting a gift card any day now!

      --
      You do not have a moral or legal right to do absolutely anything you want.
  3. Possibilities... by Severus+Snape · · Score: 3, Insightful

    1. AntiSec is lying.
    2. FBI is lying.
    3. AntiSec is telling the truth and the FBI's methods of obtaining the UDID codes means they can't admit to it.

    1. Re:Possibilities... by jfdavis668 · · Score: 3, Insightful

      Another option, AntiSec hacked someone pretending to be an FBI agent. I have run across people like this, who are trying to con you or just getting their jollies.

    2. Re:Possibilities... by zill · · Score: 2

      It's been publicly verified. Since the data is public, any iOS user can see if their device is on the list or not.

      This whole discussion is moot if it's just junk data. Whether FBI, Anonymous, or some other party collected the data, its very creation means that laws were broken.

    3. Re:Possibilities... by zill · · Score: 2

      The phone numbers wasn't released for privacy reasons. What was released (if you bother to click the link) was the UDID, APNS Token, and device name. I really don't see how a randomly generated list can match both the UDID and corresponding device name.

  4. Misleading headline. by Anonymous Coward · · Score: 5, Insightful

    From TFA: "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data"

    Saying there's no evidence isn't the same as saying it didn't happen.

    1. Re:Misleading headline. by crazyjj · · Score: 3, Insightful

      Yeah, anytime you're dealing with a government press release or statement you have to CAREFULLY parse the language. These things are carefully crafted to imply things they don't actually say. "I personally have no knowledge of such an event happening" is NOT the same as saying "This event didn't happen." There are a million ways to imply things without saying them, and a dumb and gullible press will usually swallow them hook-line-and-sinker 99% of the time.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
    2. Re:Misleading headline. by blueg3 · · Score: 2

      No shit. They don't have magic spy software on their own laptops that can provide absolute proof. How's someone at the FBI going to determine, without a doubt, that none of the laptops the FBI uses was hacked? How are they going to determine that absolutely zero agents requested or managed to get their hands on the information being discussed? They can't.

      So, while they're using weasel words, it's also the correct way to respond: They can't be absolutely sure of their statement, but they have no evidence that would lead them to believe otherwise.

  5. Which is more likely by thePowerOfGrayskull · · Score: 2

    Which is more likely - the fbi just happened to lose a laptop with millions of UDIDs that it had no reason to have and anonymous just happened to find that particular laptop? Or that someone in anonymous wanted to make waves and so made a bold (but unverifiable) claim?

    Pardon me, I need to go shave.

    1. Re:Which is more likely by siddesu · · Score: 2

      In a perfect world, the second would be more likely. However, if you stack it againt the hundreds of cases every year where officials or executive lose equipment with mega or gigabytes of personal information, I'd say that IRL the first is at least as likely as the second.

    2. Re:Which is more likely by Gaygirlie · · Score: 4, Insightful

      Laptops are being lost all the god damn time and Anon is a very, very large group of people -- I'd say the chances are actually darn good. Also, I'd say the chances are darn good for FBI to lie whenever something like this happens, just for the sake of looking good in the eyes of the general public and for painting anyone who disagrees in bad light.

      As for unverifiability: apparently some of those UDIDs have already been verified.

    3. Re:Which is more likely by flaming+error · · Score: 2

      "Chances are darn good"?

      I don't know the numbers, but I believe the formula would look something like this:

      (odds fbi collects apple udids) * (odds udids kept on agent's laptop) * (odds of fbi agent losing laptop) * (odds member of anonymous finds it)

      I think that product will be a pretty small number.

  6. Issue? by symes · · Score: 2, Interesting

    This is not something I know a great deal about, but surely the UDID is pretty easy to get hold of. Surely most suppliers will keep a record for warranty/insurance reasons. AFAIK, many apps can access this information. ITunes relies on it. These data could just be from the FBI looking for patterns of insurance fraud, or similar. And I wouldn't be surprised if a load or organizations hold this sort of data for a range of gadgets. I bought a fridge a while back and had to send the serial number off to some third party to have my warranty set up. I am happy to be corrected though, and told this is a huge privacy thing.

  7. This sort of fits... by Revotron · · Score: 5, Informative

    ...with the general attitude I saw from Slashdot regarding the original story. It almost sounds like a complete fake just because what the hell would the FBI possibly do with a deprecated SHA1 hash of a few device-unique identifiers? Verify that their super-secret gub'mint database of everyone's iPhone MAC addresses and MEIDs has no row errors?

    It's worth reiterating from the other story that Apple doesn't even accept apps that reference the UDID any more, and it was never used as a security or authentication feature in the first place. It's like saying "lol, you got pwned, I just got the MD5 hash of your entire hard drive, LULZ LULZ LULZ WE ARE ANON"

    If the FBI really wanted some useful information, they could swipe your ESN/MEID and track you down to a cellular level. Hell, they probably already have. Smile at the camera!

  8. So where does that assumption get you? by Anonymous Coward · · Score: 5, Funny

    The FBI are lying about it not being theirs and ANON are lying it about it being theirs.

    Is this some sort of Schroedinger's laptop?

    1. Re:So where does that assumption get you? by jythie · · Score: 4, Funny

      I do not know how.. I do not know when... I do not even know why.. but I will find and excuse to use the phrase 'Schroedinger's Laptop' someday.

    2. Re:So where does that assumption get you? by Sarten-X · · Score: 2

      A small sample of a radioactive isotope in front of a Geiger counter attached to a GPIO pin, whose value is used by the bootloader to pick which OS to load. If the isotope has decayed (and emitted a particle toward the sensor) recently enough that the pin is high, boot Debian. If the sample has been stable long enough that leakage has grounded the pin, boot Fedora.

      This is AWESOME! Another triumph of mad computer science!

      --
      You do not have a moral or legal right to do absolutely anything you want.
    3. Re:So where does that assumption get you? by funwithBSD · · Score: 2

      It only boots if you don't observe it.

      --
      Never answer an anonymous letter. - Yogi Berra
    4. Re:So where does that assumption get you? by 93+Escort+Wagon · · Score: 4, Funny

      Is this some sort of Schroedinger's laptop?

      I had one of those about 12 years ago - a Dell Inspiron 3800. At any given moment you wouldn't know whether it was going to work or not until you tried to turn it on.

      --
      #DeleteChrome
    5. Re:So where does that assumption get you? by Zero__Kelvin · · Score: 2

      "A laptop that boots and doesn't boot at the same time ?"

      No good. Bill Gates already invented that.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    6. Re:So where does that assumption get you? by geminidomino · · Score: 2

      Unless devices come with a 'fucked' indicator that I've just been missing for all these years?

      Laptops, at least, do.

      Look for "Designed for use with Windows Vista"

  9. I hate to be the one to say this... by tekrat · · Score: 2, Insightful

    But I trust the hacker group more than I trust the FBI.

    It's more likely the FBI is lying to cover up something. I mean, we're talking about the *government* -- not exactly our best and brightest, but definitely good at the "cover your ass" game.

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:I hate to be the one to say this... by PRMan · · Score: 5, Insightful

      Exactly. Anonymous and Antisec have seemingly been completely honest in the past, when it comes to claiming responsibility for hacks. The FBI is known to lie and cover up. Given past experience, Antisec is more likely to be telling the truth.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  10. This could get interesting... by Atomus · · Score: 2

    Now that the FBI basically rejected AniSec's claims and Adrian Chen put on a pink tutu with a shoe on top of his head (Source: Link), AntiSec can now respond to the FBI's denied claims. I just threw some popcorn in the microwave.....

  11. I'm more inclined to believe AntiSec by realsilly · · Score: 2

    ...based on the information they put out.

    And the disinformation tactics of Govt. agencies. I think the FBI is try to call the AntiSec bluff, to get them to release more info. And once more info is released, then the FBI will use this info to try to track back to source, arrest and use the info as evidence against AntiSec individuals.

    But this is my hunch.

    --
    Life takes interesting turns, but the most interest is when you're off the beaten path.
  12. Re:Odds are by EasyTarget · · Score: 2

    "unique name "AntiSec" will make it a lot easier to pattern match and track them down"

    For instance, if (as I just did) you type it into google; you get taken straight to the homepage of their leader, complete with pictures of his monorail.

    Someone really needs to kick the FBI's asses over this, I mean, why are they taking so long to arrest them all when it's so easy.

    --
    "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
  13. File name instructive by Anonymous Coward · · Score: 3, Interesting

    "NCFTA_iOS_devices_intel.csv'

    National Cyber-Forensics and Training Alliance(1) is that FBI-sponsored industry cybersecurity PR, lobbying, and info-sharing consortium that was going to replace CERT et al, make sure the Bureau's position on cybersecurity was advanced, and pass out a lot of white hats to all the "Walker, Cyber Ranger"s out there. Stangl (sic) apparently may have some role there. As others have pointed out, the data could have come directly from Apple.

    So maybe the Fibbies are *technically* truthful here. It's called plausible deniability. That's why you have captive shadow orgs like NCFTA, ostensibly not taxpayer funded. Congress won't oblige your agency's agenda or funding? Just set up a non-profit org. They can do things you can't. Welcome to "continuity of government", though this process is now largely a quaint and unneccessary anachronism in a post PATRIOT, post DMCA, post NDAA, executive order, UN Treaty, Homeland Security world. That kind of deceptive charm may be it's only lingering utility, in fact. Sugar-coating and Cosmetics are big business, after all.

    (1) http://yro.slashdot.org/index2.pl?fhfilter=NCFTA

  14. Sean Sullivan by jones_supa · · Score: 2

    Also the F-Secure researcher Sean Sullivan was suspicious about the information really coming from FBI.

  15. Piffle by onyxruby · · Score: 2

    This all a bunch of nonsense! This was probably just a list from a given vendor. Track this down by doing the following:

    Look for the ID's and find the most recent date one that you can. That gives you the date range that this is relevant for.
    Look at the ID's and match them to locations? Are they all from the US? That might give credence to FBI angle (which I think is bullocks).
    Look at the ID's and start matching users.
    Look for commonality between said users, this far too large of a list of users to simply be a list of OWS protestors (sorry, if OWS was ever that large on just apple users alone OWS would have succeeded instead of being a punch line). Your doing this just to exclude conspiracy theories like a national we spy on people with shiny toys conspiracy theory.

    Once you've concluded that there isn't anything in common between most of these people you can't start the real work:
    Start matching the common thing or applications between those users. You will probably discover something really benign like they they all have AT&T accounts that belong to the western part of the US or they all have the Twitter application or something really boring.

    ///sorry to ruin your conspiracy theories, have but have fun reverse engineering this

  16. Re:Ya no shit by HiThere · · Score: 3

    I wish I could believe that. Unfortunately, the government generally, and law enforcement officials more specificly, have a WORSE track record for telling the truth than does J. Random Hacker.

    If I go strictly by probabilities, I'd believe Antisec. But I happen to feel that it's OK to remain undecided.

    P.S.: Saying "Antisec needs to provide more proof" is not reasonable. If they have tapped something, an incomplete result is to be expected. (I.e., if they intercepted communications in process rather than hacking the computer.) Saying that you won't believe then would be a bit better, but without expressing what additional evidence would convince you, not much better.

    For that matter, I'm not sure what either side could do to convince me that they were telling the truth, but I don't count a simple assertion as worth even considering. Especially not from the govt., which has a horrible track record of lying even when the truth would be to its advantage.

    I'd proof this better, but the combination of slashcode with firefox makes proofreading a painful process.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.