If AntiSec is lying, where did the UDID codes come from?
The FBI has denied Anonymous offshoot AntiSec stole 12 million UDID (Unique Device Identifier)codes for Apple products from a laptop belonging to one of its agents.
Yesterday, hackers released what they claimed were one million of those numbers, saying they had stolen them from the laptop of supervisor special agent Christopher Stangl from the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team.
The hackers also claimed to have Apple Push Notification tokens, usernames, phone numbers, addresses and device types. It was believed they had gained information by exploiting a flaw in Java.
The AntiSec group claimed the FBI was using the information for surveillance, but the law enforcement agency has denied the attack ever happened. It also said it does not hold such data.
“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data,” a statement sent to TechWeekEurope read.
Apple declined to comment on the matter, simply telling this publication to talk to the FBI.
Many believed the leak was genuine, with some identifying their own UDID numbers in the list. Simply seeing their UDID did not confirm the FBI was compromised, however, but could hint that a different organisation was hit.
The FBI agent involved appears to be real, and is a recruiter for the FBI tasked with bringing in white hat hackers, security firm Imperva found. That same firm believed the leak looked genuine too. “The structure and format of the data indicates that this is a real breach. It would be hard to fake such data,” said Imperva’s director of security strategy, Rob Rachwald.
Yet it appears security companies’ hypothesising was misguided, if the FBI are to be believed.
How well do you know Anonymous? Take our quiz!