FBI Denies That Hacked Apple Info Came From FBI

from the then-where-did-it-come-from dept

Tue, Sep 4th 2012 3:12pm — Mike Masnick

Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI's laptop. As we noted at the time, the file was called "NCFTA_iOS_devices_intel.csv," which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:

The FBI's denial comes after an earlier, weaker denial, in which they just said they had "no evidence" to support the story. Now they're saying it's "TOTALLY FALSE" (all caps for EMPHASIS). And, of course, Antisec folks are reminding the FBI (and the public) that they're still sitting on 3TB of additional data from this hack -- which suggests that they're planning to release more to prove that the hack really was of an FBI machine. Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymous, antisec, apple udids, cybersecurity, fbi, hack, privacy
Companies: apple

61 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Forest_GS (profile), 4 Sep 2012 @ 3:16pm

*sigh*

This is just going to instigate the hackers to release more or all of the data >.>
[ link to this | view in chronology ]
Mike C. (profile), 4 Sep 2012 @ 3:17pm

Ploy?
You know, this could go either way. On the one hand, we've got Antisec potentially sitting on a ton of additional information which could cause no small amount of embarassment to the FBI. On the other hand, this reply from the press office could just be a ploy to intentionally get them to release more in the hopes that Antisec slips up and shows their hand too early.

Excuse me... I gotta go pop some popcorn...
[ link to this | view in chronology ]
- Little Paranoid Gamer, 4 Sep 2012 @ 5:04pm
  
  Re: Ploy?
  This is all just the FBI covering up for Apple and Google. Don't believe the hype.
  [ link to this | view in chronology ]
charliebrown (profile), 4 Sep 2012 @ 3:32pm

3TB of data from a laptop? What am I missing here?
[ link to this | view in chronology ]
- :Lobo Santo (profile), 4 Sep 2012 @ 3:33pm
  
  Re: Pick me!
  Oooh, I know! You're missing one very hi-capacity laptop hard-drive!
  [ link to this | view in chronology ]
- Mike Masnick (profile), 4 Sep 2012 @ 3:42pm
  
  Re:
  3TB of data from a laptop? What am I missing here?
  
  Might be more than one laptop. Also, not impossible. I have over 1TB connected to this laptop between its internal hard drive and the tiny portable one strapped to it...
  [ link to this | view in chronology ]
  - Anonymous Coward, 4 Sep 2012 @ 3:58pm
    
    Re: Re:
    Probably not on the laptop itself. I'm thinking 1 TB hard drives in a multi-bay external enclosure. Someone willing to shell out a few hundred dollars could easily cart around 4 TB of data that way; access it pretty fast too, assuming the laptop has a USB 3.0 port.
    [ link to this | view in chronology ]
    - Watchit (profile), 4 Sep 2012 @ 6:51pm
      
      Re: Re: Re:
      since when has the government been willing to shell out large sums of cash for new computers?
      [ link to this | view in chronology ]
    - Josh in CharlotteNC (profile), 4 Sep 2012 @ 9:47pm
      
      Re: Re: Re:
      Didn't the DEA just drop a case cause they couldn't handle a few terabytes, or less capacity than I have in a box of old drives sitting in my closet?
      [ link to this | view in chronology ]
      - MaJoR, 4 Sep 2012 @ 10:09pm
        
        Re: Re: Re: Re:
        Because all their storage space is filled with citizens' private information, obviously.
        [ link to this | view in chronology ]
  - JustSomeGuy, 4 Sep 2012 @ 8:53pm
    
    Yeah, me too. What, with my 800G primary drive and the two 2TB drives I stole from the DoD last week, this laptop is brimming with capacity :-)
    [ link to this | view in chronology ]
  - Tunnen (profile), 5 Sep 2012 @ 10:22am
    
    Re: Re:
    I can understand having an external hard drive connected to a laptop, but if this was a hack over the Internet what kind of bandwidth did the connection to this laptop have? It'd take almost 6 days to download 3 Terabytes at 50 Mbps. That's 15 years over a 56k modem. Even if you managed to get a sustained 1 Gbps of bandwidth, you are still looking at about 6 hours.
    
    You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we're talking about...
    [ link to this | view in chronology ]
    - SD (profile), 5 Sep 2012 @ 12:02pm
      
      Re: Re: Re:
      If they hacked the FBI they probably were smart enough to send the data to a server somewhere that they anonymously paid for, rather than trying to push 3TB over 7 proxies. It would have still taken a while but not more than a few days over a fiber uplink the FBI should be using.
      
      Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it's own. If they they are trying to stop the problem at that point, they've already lost. I don't see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.
      [ link to this | view in chronology ]
    - New Mexico Mark, 5 Sep 2012 @ 5:06pm
      
      Re: Re: Re:
      Anyone with a smidgen of hacker skills would likely encrypt the outbound data. Most forms of encryption compress as well. csv data files like this compress like crazy, and it is quite feasible that it might have been as little as 30-90 GB of transferred data. Not trivial, but certainly not a big deal on a fast network. If a device is already somewhat of a data warehouse, large network transfers might be normal.
      
      That said, I'm not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.
      [ link to this | view in chronology ]
- John Fenderson (profile), 4 Sep 2012 @ 4:27pm
  
  Re:
  Not a thing. Such high-capacity drives for laptops are readily available, some from Amazon.
  [ link to this | view in chronology ]
- kh (profile), 4 Sep 2012 @ 4:39pm
  
  Re:
  And a very fast broadband connection and the owner didn't notice a 3TB upload and no-one else noticed?
  [ link to this | view in chronology ]
  - Raymond Johansen (profile), 4 Sep 2012 @ 4:52pm
    
    Re: Re: 3TB from a laptop or not
    If you look at the whole situation it seems that a particular agent was targeted, and that for the "first" time Anon has used HumInt to get what they wanted. It seems to me be the only explanation to whats going on right now.
    [ link to this | view in chronology ]
- That Anonymous Coward (profile), 4 Sep 2012 @ 4:40pm
  
  Re:
  the 3TB was from another hack...
  and exceeds the amount the DEA can hold on its servers for long term storage by 1TB.
  [ link to this | view in chronology ]
- Anonymous Coward, 4 Sep 2012 @ 11:00pm
  
  Re:
  "3TB of data from a laptop? What am I missing here?"
  
  What you are missing is the implausibility of the file being 3TB. The file is .csv, that means "comma separated values". In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:
  
  12M * 250 = 3G
  
  Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.
  [ link to this | view in chronology ]
  - bratwurzt (profile), 5 Sep 2012 @ 2:17am
    
    Re: Re:
    3 TB of data is not the .cvs file :> It's still unreleased data.
    [ link to this | view in chronology ]
    - Anonymous Coward, 5 Sep 2012 @ 5:45pm
      
      Re: Re: Re:
      Reread the earlier story on this. Particularly look at: "on his laptop, they found a csv file". Antisec got 12M records in one CSV file. They have released a redacted version of 1M records, to prove they have got the data. Only idiots are now pretending that they do not have all the data, thereby proving that the FBI's IT security skills are pathetic.
      
      The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.
      [ link to this | view in chronology ]
      - bratwurzt (profile), 6 Sep 2012 @ 12:19am
        
        Re: Re: Re: Re:
        Look, I am able to use math:
        12000000 * 250 B = 3000000000 B
        
        3000000000 B/1024 = 2929687,5 MB
        2929687,5 MB/1024 = 2861,023 GB
        
        2861,023 GB != 3 GB
        
        It's not 3 TB but it definitely is at least 2.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2012 @ 6:19am
        
        Re: Re: Re: Re: Re:
        Um, you missed kilo.
        
        3000000000 B/1024 = 2929687,5 MB
        2929687,5 MB/1024 = 2861,023 GB
        
        2861,023 GB != 3 GB
        
        Should be
        3000000000 B/1024 = 2929687,5 KB
        2929687,5 KB/1024 = 2861,023 MB
        
        2861,023 MB != 3 GB
        
        G M K B
        3 000 000 000
        [ link to this | view in chronology ]
        
        bratwurzt (profile), 9 Sep 2012 @ 7:09am
        
        Re: Re: Re: Re: Re: Re:
        Crap. You're right. My mistake man, sorry for pushing. (shame smiley)
        [ link to this | view in chronology ]
  - AnonAdvocate, 12 Apr 2013 @ 6:16am
    
    Re: Re:
    Unless of course, they have additional data BESIDES apple ids.
    [ link to this | view in chronology ]
- Michael Driver, 5 Sep 2012 @ 7:27am
  
  Re: 3TB
  Just what was on my mind. Unless there's some storage tech that the public doesn't know about (doubtful).
  [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2012 @ 3:34pm

But then the FBI would deny it. The only thing worse for the FBI than to admit it is performing widespread survailance without warrents, would be that it lost said data to a group like antisec.

But if the FBI say it, then it must be true... they'd never lie...
[ link to this | view in chronology ]
- John Fenderson (profile), 4 Sep 2012 @ 4:28pm
  
  Re:
  When I was a sprout, someone told me that you should never believe a story about government activities until there's been an official denial.
  [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2012 @ 3:41pm

Of course this never happened, just like the NSAs Stellar Wind isn't happening....
[ link to this | view in chronology ]
The Logician (profile), 4 Sep 2012 @ 3:56pm

When an organization such as the FBI becomes more concerned with its image and its own power rather than the well-being of the citizens it is intended to serve, the logical course of action is to oppose it and expose its corruption, as Antisec has done. It is at this point that the FBI must be reformed or removed, as it has forgotten the purpose it was created for. To do so, it must be made to collapse from the weight of its own bureaucracy. This leak and its exposure by Antisec are conducive to that process and should be encouraged.
[ link to this | view in chronology ]
Profiler, 4 Sep 2012 @ 4:04pm

FBI profile
My profile of this tweet is: the FBI is guilty.
[ link to this | view in chronology ]
Jay (profile), 4 Sep 2012 @ 4:13pm

Nixon would be proud...
So now this reminds me of the breakins at Watergate and the Chilean embassy. Should we call this FBIgate now? Are they going to punish these kids for making them look foolish like Daniel Ellsberg made Nixon look foolish when he published the Pentagon Papers?
[ link to this | view in chronology ]
Raymond Johansen (profile), 4 Sep 2012 @ 4:17pm

New words/idioms
It seems hell has frozen over!

Woodward, Bernstein and a tutu in one Tweet! Impossible!

FBI #TweetRelease

Anon vs FBI #TweetFight
[ link to this | view in chronology ]
letherial (profile), 4 Sep 2012 @ 4:30pm

When presented with two different story's i ask myself who is more believable, who has more credibility and who has more interest in lying.

I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI...so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.
[ link to this | view in chronology ]
- That Anonymous Coward (profile), 4 Sep 2012 @ 4:44pm
  
  Re:
  Instead of PR maybe they should just stop lying to our faces?
  [ link to this | view in chronology ]
  - monkyyy, 4 Sep 2012 @ 7:43pm
    
    Re: Re:
    impossible, what government can do such an task?
    [ link to this | view in chronology ]
    - Keii (profile), 4 Sep 2012 @ 8:02pm
      
      Re: Re: Re:
      You can't change the nature of something that was founded and built on that nature.
      [ link to this | view in chronology ]
  - Anonymous Coward, 5 Sep 2012 @ 7:06am
    
    Re: Re:
    It's for your own good, citizen.
    [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2012 @ 4:44pm

Unless it's catching a fake terrorist, the FBI won't admit to their own idiocy.
[ link to this | view in chronology ]
Digitari, 4 Sep 2012 @ 5:23pm

Re:
umm doesn't every CRIMINAL swear they are Innocent???
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2012 @ 7:14pm

popcorn
grab your popcorn at http://imgur.com/a/LPRbU (courtesy of reddit)
[ link to this | view in chronology ]
Jayce, 4 Sep 2012 @ 8:22pm

If the FBI swore the sun would rise tomorrow,
I'd be heavily inclined to buy lanterns.
[ link to this | view in chronology ]
BentFranklin (profile), 4 Sep 2012 @ 9:16pm

It takes days to get 3TB over consumer bandwidth. FBI naturally has T3. Does this mean Anon has T3 too?
[ link to this | view in chronology ]
- Paul L (profile), 5 Sep 2012 @ 4:38am
  
  Re:
  T3 (DS3) is only 45Mbit. Not terribly fast in the grand scheme of things.
  [ link to this | view in chronology ]
- Anonymous Coward, 5 Sep 2012 @ 7:11am
  
  Re:
  3 gb is ten minutes on T3. It's only a little over half an hour on my home cable line. What the fuck are you talking about?
  [ link to this | view in chronology ]
  - BentFranklin (profile), 7 Sep 2012 @ 2:19pm
    
    Re: Re:
    Terabytes, not gigabtyes.
    [ link to this | view in chronology ]
DataShade (profile), 4 Sep 2012 @ 11:24pm

Well, hypothetical ... what if the FBI really did "never had" the information, because it was always remotely accessed from an NCFTA server?

FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because "o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz" seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).

AntiSec grabs the post-it, logs into NCFTA website, downloads file.

FBI issues factually accurate but still deceptive denial.
[ link to this | view in chronology ]
Anonymous Coward, 5 Sep 2012 @ 12:25am

reasonably obvious that the FBI would deny the leak came from them. had they admitted it did come from them, they would have been automatically admitting that they had the data in the first place, thereby opening themselves up to questions of why they had the info to begin with. i suppose their answer would be that everyone on the list is a terrorist, at least until we decide they are not but that could take a while
[ link to this | view in chronology ]
PCCare247 (profile), 5 Sep 2012 @ 2:12am

Is it true ?
Another News for our consideration. ;)
[ link to this | view in chronology ]
relghuar, 5 Sep 2012 @ 2:55am

Well...
As to the size problem (3TB) - depends on what Antisec guys meant. If it's 3TB of plain text (like the CSV file with UDIDs, or some logs or whatever) and it has been stored compressed, the ratio could be anywhere from 1:5 to 1:15 (we regularly get over 1:10 for apache log files), so at 1:10 it would be 300GB of data. Still not very plausible to come from single notebook, but not THAT awful... Anyway, that's just a mental exercise, certainly not any precise analysis :-)
For the FBI claiming they never had that data - well, I definitely CAN imagine a scenario when they wouldn't even know they had it, or at least know exactly what they had.
I've heard speculations the data came from hacked iPhone App vendor - might be, but perhaps the vendor didn't have to be hacked? Perhaps the vendor could have - generously - share the data with NCFTA (well that's what they're for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
I really can't decide what's worse - if their lying through their teeth, or them being so incompetent they don't even KNOW what's being shared with them.
On the other hand, it could explain why they say CISPA is necessary - of course they need new laws, when they don't know about anyone sharing any relevant data with them :-/
[ link to this | view in chronology ]
Ninja (profile), 5 Sep 2012 @ 3:44am

Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.

That. Should be amusing. The sad part is that we'll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.
[ link to this | view in chronology ]
- Anonymous Coward, 5 Sep 2012 @ 4:03am
  
  Re:
  It's not like they were short on fake reasons to do police state things before. The important thing is to let everyone know about the widespread spying.
  [ link to this | view in chronology ]
- Anonymous Coward, 5 Sep 2012 @ 5:36am
  
  Re:
  Yes, so the point is people's UDIDs are not secure. That's a problem. It's a much larger problem if that information can be easily cross-referenced with other personal information/behavior histories/etc.
  
  But that's not the point Antisec is trying to make. They're itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn't. Interesting situation, indeed.
  [ link to this | view in chronology ]
Wally (profile), 5 Sep 2012 @ 5:58am

I don't have much concern over this. Even if my UDID was stollen, I can easily change the password and thank God Mrs. Wally and I only use gift cards for payments on our iPods.
[ link to this | view in chronology ]
- Wally (profile), 5 Sep 2012 @ 6:22am
  
  Re:
  Adding to this, it should be noted that the UDID'S that were stolen, do change and due to Apple's "oppressive" approach of only allowing one computer-based iTunes account to be authorized on one computer at a time for up to 5 of your devices, the UDID system is non-effective to data theft on the scale shown here. The data stolen was 6 months old.
  
  For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer's hard disk.
  
  In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.
  [ link to this | view in chronology ]
Michael, 5 Sep 2012 @ 7:15am

How do you know that this whole event isn't really Antisec's doing but rather the FBI's in order to reveal (in an offhanded way) that they're hoarding all this personal data and then observe people's response? Thinking about it, the FBI would have to be incredibly stupid to just leave that data just sitting on a laptop w/ internet access enabled, not to mention conveniently innoculous to all that uploading.

Or, it could be that Antisec is flat-out lying or that it's all data they've gathered via other means and are now pinning the blame on the FBI.

Either way, there's really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.
[ link to this | view in chronology ]
Anonymous Coward, 5 Sep 2012 @ 8:13am

Thanks for the confirmation (denial).
[ link to this | view in chronology ]
Michael Driver, 5 Sep 2012 @ 1:23pm

Apple
I was under the impression, at least from what I've always heard from Apple and Apple fanboys, that Apple was infallible, and perfect. What happened Apple, and fanboys?
[ link to this | view in chronology ]
- Wally (profile), 5 Sep 2012 @ 4:54pm
  
  Re: Apple
  Apple is not perfect....but they are a ton better than the FBI. The only useful data stolen was credit card information and it's till a pain in the ass to make use of the UDID's in the first place.
  [ link to this | view in chronology ]
Anonymous, 5 Sep 2012 @ 6:50pm

Here's Your Evidence
Here's the MAC addresses of every computer in their field office --> http://bit.ly/RMfXlJ
[ link to this | view in chronology ]
Willton, 10 Sep 2012 @ 10:11am

Calm Down, People
As it turns out, Apple has confirmed that Antisec did not obtain the alleged UDIDs from the FBI:

http://gizmodo.com/5940692/apple-responds-to-alleged-udid-hack-dont-look-at-us?tag=udid

I n addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:

http://gizmodo.com/5941919/where-anonymous-really-got-its-apple-ids-from-hint-not-the-fbi?ut m_source=deadspin.com&utm_medium=recirculation&utm_campaign=recirculation

Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.
[ link to this | view in chronology ]