FBI denies Apple iPad UDID leak – claims it's 'totally false'

By Graeme Burton
05 Sep 2012 View Comments

Claims that 12 million unique device identifiers (UDIDs) of Apple iPads were hacked from the laptop of an FBI agent have been rebutted by the US law enforcement organisation.

The FBI – which has its own Twitter feed – initially Tweeted: "Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE."

Further reading

It then followed up with the following brief statement: "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

However, the hackers' collective Anonymous was quick to pick holes in the FBI statement, Tweeting that just because the FBI said that it "has no ‘evidence' of a data breach on one of their notebooks", it did not mean that it didn't happen.

Another Tweet from @Anonyops read: "FBI says there was no hack. That means either they're lying or they *gave* the information up to someone in #antisec. It's happened before."

It added: "If it's the latter, watch out. They're looking to bolster the cred of someone within #antisec, and will announce arrests in 6-8 months."

The data, according to hacking group AntiSec, was taken from a Dell Vostro laptop belonging to Christopher K. Stangl, who works at the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team.

His laptop, "was breached using the AtomicReferenceArray vulnerability on Java. During the shell session some files were downloaded from his Desktop folder, one of them with the name of 'NCFTA_iOS_devices_intel.csv'," the hackers said in a posting on Pastebin.

NCFTA is believed to be a reference to the US National Cyber-Forensics & Training Alliance, a domestic cyber-crime fighting organisation. 

"[This] turned [out] to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc," it added.

There has been speculation, though, over whether the information was genuinely hacked, whether the laptop had been stolen, or whether it had been planted.

In addition, assuming that the data is genuine, there has been widespread questions asked about how the FBI got hold of the data – did it hack the data itself or was it handed the data on request from Apple? Alternatively, was Apple ordered to hand over the data under the US Patriot Act?

Apple has remained silent on the issue and refused to comment on both the truth, or otherwise, of the hackers' claims, or how the FBI may have got hold of supposedly confidential identification data of Apple users.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %