Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Developer Says Stolen UDIDs Came From Them, Not FBI

Posted by samzenpus on from the who's-to-blame dept.

pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."

34 of 180 comments (clear)

  1. Dont trust anonymous by Mr.+Kinky · · Score: 2

    This just shows that you cannot trust anonymous. but then again.. WOOHOO, EA SPORTS!!

    1. Re:Dont trust anonymous by Anonymous Coward · · Score: 5, Interesting

      Or maybe that you just can't trust Blue Toad, who got paid behind the scenes to take the fall for this.

      Or maybe that was a double fake, and that this whole thing was set up as a distraction by Google to undermine iPhone.

      Or maybe it was actually stolen by the EFF, who then spoofed an FBI operation for Anonymous to find so that they could promote their agenda.

      (Or maybe you're completely right)

    2. Re:Dont trust anonymous by hemo_jr · · Score: 4, Insightful

      As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.

    3. Re:Dont trust anonymous by Likes+Microsoft · · Score: 2

      As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.

      Exactly. The FBI doesn't have to have gotten the data directly from Apple or NSA hackers or somesuch. However, you can't discount that the hackers might have been motivated to lie in order to smear the FBI, too.

      --
      -- Who am I? How did I get here? My God, what have I done?!
  2. Hm... by JustAnotherIdiot · · Score: 4, Insightful

    Which side to believe when both sides are known liars?

    --
    What do I know, I'm just an idiot, right?
    1. Re:Hm... by Gaygirlie · · Score: 3, Insightful

      I was just thinking the same: Anonymous have time and again lied about stuff, but so has the FBI and the FBI could just have paid Blue Toad to take the blame or made some other deal with them. Can't know, really, and with that in mind I'll just assume maliciousness from both parties.

    2. Re:Hm... by Anonymous Coward · · Score: 5, Insightful

      Oh this is getting funny.

      Ridiculously unlikely conspiracy theory get blown out of the water? Not a problem... just double-down on the crazy!

      Let's see if I've got this straight. So the FBI and Apple are secretly in collusion to provide LE with a database of increasingly-useless UUID's, and the FBI stored this super-secret database in-the-clear on a laptop, the database was stolen from the FBI, but they somehow know the people that did it can't demonstrate that, so they secretly paid a 3rd party a big sum of cash to take a nasty PR hit, knowing the public (excepting those unusually perceptive slashdotters) would buy he cover story since it's, you know, far more likely to have happened that way in the first place.

      Have I got it?

    3. Re:Hm... by Hatta · · Score: 2

      I don't trust the FBI at all, but WTF were they going to do with a patchy database of deprecated hardware IDs?

      --
      Give me Classic Slashdot or give me death!
    4. Re:Hm... by ColdWetDog · · Score: 5, Funny

      You're forgetting the fact that it was Obama's fault all along.

      --
      Faster! Faster! Faster would be better!
  3. Or the FBI by Lawrence_Bird · · Score: 3, Interesting

    was given the data by an insider or hacked it themself first.

  4. The real question! by HornWumpus · · Score: 4, Interesting

    The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?

    Lets run those apps under traffic analysis. The version that was live a week ago.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    1. Re:The real question! by Anonymous Coward · · Score: 2, Interesting

      You seem stuck on the premise that the data ever existed on an FBI computer. While that is possible, it is certainly no longer the simplest explanation.

    2. Re:The real question! by Desler · · Score: 2

      Because we all know companies routinely go around telling people they have been compromised and data stolen when it's all a lie. Uhhh, what?

    3. Re:The real question! by Koreantoast · · Score: 2

      Or maybe you make a public announcements because you're afraid that security experts are going to figure out that it was your company's database that was compromised and would rather preempt it to try and control the message. You know, kind of like how David Schuetz, a third party, figured it out, and then Blue Toad decided to work with him to make the announcement themselves rather than have multiple security experts make announcements about it.

  5. No tinfoil hats? by KhabaLox · · Score: 2, Funny

    4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?

    --
    Ceci n'est pas un sig.
  6. woohoo by zlives · · Score: 3, Funny

    the fbi check cleared... i did it

    1. Re:woohoo by zlives · · Score: 2

      uh oops, imean the fbi did not pay me.

  7. Isn't that what you'd expect? by hawguy · · Score: 2

    If the FBI was caught doing something illicit or illegal, wouldn't you expect them to come up with an alternate source of the data to cover up their behavior?

    1. Re:Isn't that what you'd expect? by obarthelemy · · Score: 2

      Oliver North called, looking for Blue Toad's address to gift them a barely-used sword to fall on.

      --
      The Cloud - because you don't care if your apps and data are up in the air.
  8. Re:And that company is... by amicusNYCL · · Score: 4, Interesting

    As phrased by an article at ZDNet, it's any company that allows this result:

    So there are two things we know: Apple and the FBI are back on the Christmas card lists of the general public, and hackers apparently lie.

    Apple and the FBI are good, and hackers are bad. Apparently that's the lesson to take away from this.

    According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  9. I RTFA by Ecuador · · Score: 3, Informative

    I RTFA to see why a company would voluntarily make such a claim ( unless they are an FBI front ;) ), and it seems the company were contacted by an outside researcher who suggested they were the "leak" (and perhaps would tell the world if they did not confess?). There are no further details that seemed interesting in case you were tempted to RTFA.

    But of course the whole case seems rather uninteresting to me. A list of UDIDs. Wow, if FBI has them, they might also know who owns the UDIDs and have a pretty good list of annoying consumers with which you can't have a rational discussion on the subject of electronic devices. So what?

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:I RTFA by RaySnake · · Score: 5, Informative

      Take a look at the website of the researcher who did the legwork here. He even gives a detailed description of the advanced tools he used (cut and sort :-P) to elide the source. http://intrepidusgroup.com/insight/2012/09/tracking-udid-src/

    2. Re:I RTFA by RaySnake · · Score: 2

      Apparently I don't know what "elide" means, I meant to say "discover the source".

  10. Blue Toad is a liar? Believe the SIMPLEST answer by SuperKendall · · Score: 4, Informative

    How is Blue Toad a liar?

    They are admitting a serious breech which impacts goodwill at the company.

    Even at the time of the UDID release, I argued that the simplest explanation was simply that the list came from some app developer that had a server collecting some data. After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete, the only reason why such data would be sparse is that it was collected by an app that ran on a variety of devices with a variety of information provided by the users. There was also no reason WHY the FBI would even care about a UDID for a user since Apple had discontinued use months ago and there is really no way to use that data for anything useful.

    Now the Blue Toad admission verifies what was already by far the likely scenario. At this point to believe anything else is right up there at the three-tinfoil hat level.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  11. Re:And that company is... by Sarten-X · · Score: 4, Interesting

    According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.

    As soon as I saw that, my thought was "so that's where the kid thought he was".

    I figure a script kiddie broke into the Blue Toad servers, found some documents talking about working with the government (perhaps the FBI in particular), then found the UDIDs, and jumped to the conclusion that they had broken into an FBI system involved in domestic surveillance. Then they release it as Anonymous in an act of misguided privacy activism, throwing in an agent's name (possibly even mentioned in the found files) for credibility.

    I'm jumping to conclusions myself, though, and assuming that there's some shred of truth to anybody's statements.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  12. Why the list was not from FBI: NOT massive by SuperKendall · · Score: 2, Funny

    And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens.

    If you think that way about the FBI, then you know the list was not from the FBI.

    With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.

    It was always bullshit to think this list was from the FBI. It was painfully obvious the list was published by a group that hates the FBI as much as you and other Slashdot users do, just to discredit them.

    I don't care about the FBI myself one way or the other. But I do care about groups that are supposed to represent a kind of healthy counterpoint to the FBI, losing a lot of credibility by making stuff up just to attack enemies.

    You want a real conspiracy theory? How about the FBI was behind the original Anonymous post unveiling the UDID list, knowing the real holder would come forth and embarrass Anonymous... Anon, seems you have a mole.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  13. Re:Blue Toad is a liar? Believe the SIMPLEST answe by Anonymous Coward · · Score: 3, Insightful

    The original claim that the list came from the FBI is an amazing act of trolling. There are way too many people who not only believe that the instant they hear it, but will never let it drop, regardless of how much other evidence or pieces of the story come out.

  14. Re:Anonymous=Al Qaeda by harperska · · Score: 2

    About as wrong as is humanly possible. Certain sub-organizations that claim to be offshoots of Anonymous such as Lulzsec may have a top down leadership structure, but Anonymous as a whole is much more of an idea than an organization.

  15. Re:And that company is... by Infernal+Device · · Score: 5, Interesting

    ...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).

    It could also be that the developer got hacked w/o being involved with the FBI in any way, prior to the attack.

    Which, on the whole, is a lot simpler explanation than a conspiracy theory.

    --
    "My God...it's full of trolls!"
  16. Definition of religion. by Brannon · · Score: 2

    A very useful definition of religion is "the lack of falsifiability". If there is no evidence which would convince you that the FBI isn't a bad actor in this case then your claims are not falsifiable. Therefore, your belief that that "the evil government is out to get you" is a religion. I'm not sure when it happened, but at some point most of Slashdot was swallowed up by this same "Church of the Tin Foil hat". It used to be funny, then it got scary, now it is just boring.

    Since this is your religion, there is nothing I can do to talk you out of it, but what the hell, I'll give it a shot:

    The government is not picking through your smartphone or tracking your location or reading your text messages. Of course they could, and would, but they aren't. Why? Because you don't matter.

  17. Re:98% is not much of a match by coinreturn · · Score: 2

    2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.

    Perhaps their database has changed since it was hacked?

  18. Re:And that company is... by idontgno · · Score: 4, Funny

    Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."

    However, this neglects the little-known fact that William of Ockham was one of the founding members of the real Illuminati (and not the 18th-Century cover organization everyone knows about). He planted his philosophical disinformation into the intellectual culture specifically to cover the elaborate and long-running schemes he knew his secret society would enact over the coming centuries. By making us think that the simpler solution is the better one, he innoculated us against uncovering complex and insidious schemes, or believing them if they are uncovered. Fnord.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  19. Re:And that company is... by Mike+Buddha · · Score: 2

    Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."

    The internetization of Occam's Razor is "If something could have happened by any wild stretch of the imagination, that's how it happened."

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  20. Re:No need for conspiracy, when you can use Occam by BasilBrush · · Score: 2

    The next question should be, "Why did Blue Toad have 11 miilion UDIDs from Apple and where did they get it from?"

    Because Blue Toad like many other Apple App developers used to have their iOS app send their servers the UUID and some personal information. It became against the rules some time ago, but this list dates from when it was still a common practice.

    The UUIDs and the info did not come from Apple.

    Several people pointed this out in the original story comments, but looney-tunes conspiracy nuts chose not to believe it.