FBI Says AntiSec Hackers Lied About List of iPhone ID Numbers
The FBI has shot down today’s claim by the AntiSec hacking group that it breached an agency-owned computer and stole a database said to contain some 12 million unique ID numbers for iPhones and iPads around the world.
The FBI computer from which the data was supposedly taken was never hacked, the Bureau said. What’s more, it said it never gathered the information in the first place.
Here’s the statement straight from an FBI spokesperson, sent only five minutes ago:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
On Twitter, the FBI’s press office was a lot less ambiguous:
In a message posted to Pastebin earlier today, AntiSec (a.k.a. LulzSec, a.k.a. Anonymous) claimed that it had stolen a list of millions of Unique Device ID numbers and related names and other information for some 12 million Apple-made iOS devices, including iPhones, iPads and iPod touches, found in a notebook computer belonging to an FBI employee.
The point of the claim — and we should be clear that from the first it has been only a claim and an unverified one at that — the group said, was to sound the alarm that the top American law enforcement agency is creating a list of owners of such devices for uncertain purpose. Clearly the agency is calling that claim into serious doubt and thus raising further questions about the origins of the document that AntiSec released today.
So where did that document come from really? The ball is now in AntiSec’s court.
One other thought comes to mind: If, as AntiSec says, the document in question came from an FBI-owned computer and was taken using a breach that took advantage of a vulnerability in Java, then AntiSec is readily admitting that the person who carried out the act has committed a federal crime. Given the history of numerous arrests in the U.S., the U.K. and elsewhere, and especially in light of the fact that the group was betrayed by one of its own, you’d think its remaining members would try to be more careful about its public claims.
It also wouldn’t be the first time that AntiSec/LulzSec/Anonymous had made inflated claims about its abilities. Last summer it made a lot of noise about a bunch of documents from NATO, which it portrayed as both important and sensitive, but which after a little scrutiny turned out to be neither.
Update: AntiSec is certainly enjoying the sudden spike in attention it has been getting.
One of the weirder demands in its statement today had to do with a Gawker writer, a ballet tutu and a shoe. Whatever. They got their wish.
Via its Twitter feed, AntiSec — which supposedly Tweets under the account @AnonymousIRC — reacted to the FBI saying there’s likely more to come.
In another statement, AntiSec hinted that there will be more disclosures, and referred back to a message posted on YouTube from earlier this year about a 3-terabyte cache of data. It also sought to cast doubt on the FBI’s denial: “The fact that the FBI has no ‘evidence’ of a data breach on one of their notebooks, does not allow the conclusion that it never happened.” Essentially AntiSec is claiming that it knows more about the situation than the FBI does.
Also there’s this, where AntiSec seems to imply that there may be a common app involved in all this.