After the hacker group AntiSec dumped the user information from 1,000,001 Apple mobile devices which it claimed were taken from an FBI laptop, the bureau flatly denied that the data came from them.
Yesterday, the FBI's press office issued a statement regarding the leak. "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," reads the release. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
On Twitter, the bureau's take on the issue was far more blunt. AntiSec shot back a blithe response, making a reference to an FBI conference call leaked previously obtained and leaked by the hacker group.
@fbipressoffice Wait, what? So because you don't know of any data breach it never happened? So the conference call was fake, too? ;-)
— AnonymousIRC (@AnonymousIRC) September 4, 2012
At issue are UDIDs, which are unique identifiers associated with iOS devices like the iPhone, iPad, and iPod Touch. They're usually used to associate data from apps with a particular device, and to allow Apple to grant developers access to Beta versions of iOS. However, UDIDs are also collected by apps and ad agencies to develop sophisticated user profiles to better target ads. Apple has since moved to curtail the collection of UDIDs by apps. In their Patebin post, Antisec claimed to have picked up over 12 million UDIDs from an FBI laptop during an attack this past March. The FBIs statements are interesting as they appear to distance the bureau from not only the data, but the agent which AntiSec claims had the information. Stating that there is no evidence for the attack is mostly meaningless, as numerous individuals have confirmed that their information was leaked. Secondly, the statement seems to shift the blame over to the individual agent. This would suggest that either the agent in question was indeed acting independent of the bureau or that the agency is willing to throw him under the bus. Interestingly, the Imperva blog suggested that the agent is being targeted by AntiSec because of his work attempting to recruit hackers to work for the FBI. For the moment, it seems like both the FBI and AntiSec are playing it cool, releasing as little information as possible. This leaves open the critical question of where the information came from and why it was collected. However, AntiSec dropped this teasing Tweet suggesting that a common thread could be found amongst the data.
People whose UDID was on the list released by AntiSec might want to compare their installed apps. A common culprit might be found. — AnonymousIRC (@AnonymousIRC) September 4, 2012
Hopefully, the whole story will soon come to light.