FBI denies leaked Apple device IDs came from agent's laptop

AntiSec hacker group claims to have accessed 12 million unique device identifiers on FBI computer

CBC News

Posted: Sep 4, 2012 11:54 AM ET

Last Updated: Sep 6, 2012 1:44 PM ET

Software developpers that make applications for Apple mobile devices use device IDs to track use of the apps, but a group of hackers has raised questions about why the FBI might be interested in collecting such information when it leaked millions of Apple device IDs online Tuesday. It says it obtained the IDs from an FBI agent's laptop. (Rich Schultz/Associated Press)

The FBI is denying claims that a laptop of one of its agents was hacked by a group operating under the name AntiSec that says it obtained 12 million Apple device IDs from the computer last March.

AntiSec said it got the unique device identifiers, or UDIDs, by exploiting a Java vulnerability and accessing a desktop folder on the laptop of a special agent who worked with the FBI's regional cyber action and evidence response teams in New York.

The IDs are strings of numbers and letters assigned to Apple devices running the mobile operating system iOS, such as iPhones, iPod Touches and iPads.

They are used by software developers to track Apple customers' use of mobile apps — although Apple has recently stopped accepting apps that use UDIDs after customers complained that they violated their privacy.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency said in a statement Tuesday afternoon.

"At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Hackers, FBI press office go head to head on Twitter

The FBI press office also Tweeted about the matter, saying, "We never had info in question. Bottom Line: TOTALLY FALSE."

The hackers responded with their own tweet on the FBI's feed that said "Wait, what? So because you don't know of any data breach it never happened? So the conference call was fake, too? ;-)"

They later also tweeted another comment on the @AnonymousIRC Twitter feed, where news of the leak first appeared:

"You know you're doing something right if @FBIPressOffice throws caps at you on Twitter to deny an #Anonymous statement," the tweet said.

The @AnonymousIRC feed is used by the international hacker collective Anonymous, which gained notoriety when it came to the defence of WikiLeaks with a series of high-profile cyberattacks against companies that boycotted the activist group after it released a series of classified U.S. diplomatic cables.

AntiSec said it uses the @AnonymousIRC Twitter feed, one of several associated with Anonymous, to share ideas and post news of its activities.

Personal data not published

Instructions for accessing one million out of the 12 million UDIDs allegedly obtained by AntiSec were posted on the website Pastebin.com in an at times rambling text peppered with expletives and anti-establishment rants against certain perceived abuses and corrupt actions of security agencies, governments and corporations.

Pastebin is a site used to temporarily store and share various kinds of text and programming code and has been used to release statements about hacking activities in the past.

Some of the IDs were associated with personal information of the device owners, such as names, cellphone numbers and postal addresses, while others were not linked with any personal data.

AntiSec said it removed all personal details before posting the IDs online.

AntiSec, or Anti-Security, is the name given to an operation aimed at hacking into the computer systems of government agencies and financial institutions launched last year by the international hacker collective Anonymous and one of its offshoots,Lulz Security, or LulzSec.

"Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments," Lulz Security said in a June 19, 2011, post on Pastebin announcing the Anti-Security initiative.

Privacy concerns over UDIDs

AntiSec said in a post explaining the UDID leak that part of the motivation behind it was to point out the dangers of assigning specific codes to devices that can be tracked.

"We always thought it was a really bad idea. That hardware-coded IDs for devices concept should be eradicated from any device on the market in the future," the group wrote on Pastebin.com.

The group also said it publicized the IDs in order to draw attention to the fact that the FBI was compiling such information, and to get people to start asking why the law enforcement agency might be collecting the data, and what they could be doing with it.

"We have learnt it seems quite clear nobody pays attention if you just come and say 'Hey, FBI is using your device details and info'," the group wrote.

Stay Connected with CBC News

Big Box Advertisement

Top News Headlines

Will Rob Ford's supporters leave Ford Nation?

Will Rob Ford's supporters leave Ford Nation?: The growing controversy over a purported video alleging to show Toronto Mayor Rob Ford smoking crack cocaine may be testing the faith of even his most die-hard supporters. But experts say Ford's policies may trump whatever personal issues he's facing, and that his supporters may rally behind him. more »

Royal Bank pledges not to outsource jobs for cash savings: Royal Bank has promised it will never outsource a Canadian job to a foreign worker solely to save money. more »
Neil Macdonald: How serious is Obama about curbing the drone surge?: In a key speech this week, the U.S. president set out a host of supposed new safeguards for America's controversial practice of remote-controlled rough justice. But as Neil Macdonald writes, the underlying rationale for drone use has not fundamentally changed. more »
Making The Mandela Tapes: Producer Robin Benger describes how he obtained broadcast access to interviews Nelson Mandela recorded in the 1990s. A CBC Radio Ideas program on the Mandela tapes airs May 28. more »
Toronto Mayor Rob Ford denies using crack cocaine: The mayor of Canada's largest city told a packed news conference that he doesn't use crack cocaine and isn't a crack addict. more »

Must Watch

Latest Technology & Science News Headlines

Venus, Jupiter and Mercury to perform Dance of the Planets

Venus, Jupiter and Mercury to perform Dance of the Planets: During sunset on Saturday, three planets will form a bright cluster in the western sky known as the Dance of the Planets. more »

3D printers give rise to 'desktop manufacturing': Customizable objects from plastic dollhouse furniture to medical prosthetics can now be designed and printed out by almost anyone at the press of a button, and is going to lead to an 'explosion of new stuff,' predicts author Chris Anderson. more »
Google Street View captures Galapagos Islands: Few have explored the remote volcanic islands of the Galapagos archipelago, an otherworldly landscape inhabited by the world's largest tortoises and other fantastical creatures that inspired Charles Darwin's theory of evolution. more »
King Richard III buried in 'untidy' grave: New information has surfaced in the odd tale of the British king buried in a car park. King Richard III's remains, which were discovered August under a parking lot in Leicester, England, were laid to rest in a grave researchers are now saying was "badly prepared" and "untidy." more »
EU pushes through restrictions to protect bees: The European Union has approved restrictions on three pesticides to better protect dwindling bee populations, to enter into force by December. more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.