FBI Denies That Hacked Apple Info Came From FBI

from the then-where-did-it-come-from dept

Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI's laptop. As we noted at the time, the file was called "NCFTA_iOS_devices_intel.csv," which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:
The FBI's denial comes after an earlier, weaker denial, in which they just said they had "no evidence" to support the story. Now they're saying it's "TOTALLY FALSE" (all caps for EMPHASIS). And, of course, Antisec folks are reminding the FBI (and the public) that they're still sitting on 3TB of additional data from this hack -- which suggests that they're planning to release more to prove that the hack really was of an FBI machine. Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymous, antisec, apple udids, cybersecurity, fbi, hack, privacy
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Forest_GS (profile), 4 Sep 2012 @ 3:16pm

    *sigh*

    This is just going to instigate the hackers to release more or all of the data >.>

    link to this | view in chronology ]

  • icon
    Mike C. (profile), 4 Sep 2012 @ 3:17pm

    Ploy?

    You know, this could go either way. On the one hand, we've got Antisec potentially sitting on a ton of additional information which could cause no small amount of embarassment to the FBI. On the other hand, this reply from the press office could just be a ploy to intentionally get them to release more in the hopes that Antisec slips up and shows their hand too early.

    Excuse me... I gotta go pop some popcorn...

    link to this | view in chronology ]

  • icon
    charliebrown (profile), 4 Sep 2012 @ 3:32pm

    3TB of data from a laptop? What am I missing here?

    link to this | view in chronology ]

    • icon
      :Lobo Santo (profile), 4 Sep 2012 @ 3:33pm

      Re: Pick me!

      Oooh, I know! You're missing one very hi-capacity laptop hard-drive!

      link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 4 Sep 2012 @ 3:42pm

      Re:

      3TB of data from a laptop? What am I missing here?


      Might be more than one laptop. Also, not impossible. I have over 1TB connected to this laptop between its internal hard drive and the tiny portable one strapped to it...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Sep 2012 @ 3:58pm

        Re: Re:

        Probably not on the laptop itself. I'm thinking 1 TB hard drives in a multi-bay external enclosure. Someone willing to shell out a few hundred dollars could easily cart around 4 TB of data that way; access it pretty fast too, assuming the laptop has a USB 3.0 port.

        link to this | view in chronology ]

        • icon
          Watchit (profile), 4 Sep 2012 @ 6:51pm

          Re: Re: Re:

          since when has the government been willing to shell out large sums of cash for new computers?

          link to this | view in chronology ]

        • icon
          Josh in CharlotteNC (profile), 4 Sep 2012 @ 9:47pm

          Re: Re: Re:

          Didn't the DEA just drop a case cause they couldn't handle a few terabytes, or less capacity than I have in a box of old drives sitting in my closet?

          link to this | view in chronology ]

          • identicon
            MaJoR, 4 Sep 2012 @ 10:09pm

            Re: Re: Re: Re:

            Because all their storage space is filled with citizens' private information, obviously.

            link to this | view in chronology ]

      • identicon
        JustSomeGuy, 4 Sep 2012 @ 8:53pm

        Yeah, me too. What, with my 800G primary drive and the two 2TB drives I stole from the DoD last week, this laptop is brimming with capacity :-)

        link to this | view in chronology ]

      • icon
        Tunnen (profile), 5 Sep 2012 @ 10:22am

        Re: Re:

        I can understand having an external hard drive connected to a laptop, but if this was a hack over the Internet what kind of bandwidth did the connection to this laptop have? It'd take almost 6 days to download 3 Terabytes at 50 Mbps. That's 15 years over a 56k modem. Even if you managed to get a sustained 1 Gbps of bandwidth, you are still looking at about 6 hours.

        You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we're talking about...

        link to this | view in chronology ]

        • icon
          SD (profile), 5 Sep 2012 @ 12:02pm

          Re: Re: Re:

          If they hacked the FBI they probably were smart enough to send the data to a server somewhere that they anonymously paid for, rather than trying to push 3TB over 7 proxies. It would have still taken a while but not more than a few days over a fiber uplink the FBI should be using.

          Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it's own. If they they are trying to stop the problem at that point, they've already lost. I don't see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.

          link to this | view in chronology ]

        • identicon
          New Mexico Mark, 5 Sep 2012 @ 5:06pm

          Re: Re: Re:

          Anyone with a smidgen of hacker skills would likely encrypt the outbound data. Most forms of encryption compress as well. csv data files like this compress like crazy, and it is quite feasible that it might have been as little as 30-90 GB of transferred data. Not trivial, but certainly not a big deal on a fast network. If a device is already somewhat of a data warehouse, large network transfers might be normal.

          That said, I'm not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.

          link to this | view in chronology ]

    • icon
      John Fenderson (profile), 4 Sep 2012 @ 4:27pm

      Re:

      Not a thing. Such high-capacity drives for laptops are readily available, some from Amazon.

      link to this | view in chronology ]

    • icon
      kh (profile), 4 Sep 2012 @ 4:39pm

      Re:

      And a very fast broadband connection and the owner didn't notice a 3TB upload and no-one else noticed?

      link to this | view in chronology ]

      • icon
        Raymond Johansen (profile), 4 Sep 2012 @ 4:52pm

        Re: Re: 3TB from a laptop or not

        If you look at the whole situation it seems that a particular agent was targeted, and that for the "first" time Anon has used HumInt to get what they wanted. It seems to me be the only explanation to whats going on right now.

        link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 4 Sep 2012 @ 4:40pm

      Re:

      the 3TB was from another hack...
      and exceeds the amount the DEA can hold on its servers for long term storage by 1TB.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Sep 2012 @ 11:00pm

      Re:

      "3TB of data from a laptop? What am I missing here?"

      What you are missing is the implausibility of the file being 3TB. The file is .csv, that means "comma separated values". In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:

      12M * 250 = 3G

      Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.

      link to this | view in chronology ]

      • icon
        bratwurzt (profile), 5 Sep 2012 @ 2:17am

        Re: Re:

        3 TB of data is not the .cvs file :> It's still unreleased data.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Sep 2012 @ 5:45pm

          Re: Re: Re:

          Reread the earlier story on this. Particularly look at: "on his laptop, they found a csv file". Antisec got 12M records in one CSV file. They have released a redacted version of 1M records, to prove they have got the data. Only idiots are now pretending that they do not have all the data, thereby proving that the FBI's IT security skills are pathetic.

          The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.

          link to this | view in chronology ]

          • icon
            bratwurzt (profile), 6 Sep 2012 @ 12:19am

            Re: Re: Re: Re:

            Look, I am able to use math:
            12000000 * 250 B = 3000000000 B

            3000000000 B/1024 = 2929687,5 MB
            2929687,5 MB/1024 = 2861,023 GB

            2861,023 GB != 3 GB

            It's not 3 TB but it definitely is at least 2.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 6 Sep 2012 @ 6:19am

              Re: Re: Re: Re: Re:

              Um, you missed kilo.


              3000000000 B/1024 = 2929687,5 MB
              2929687,5 MB/1024 = 2861,023 GB

              2861,023 GB != 3 GB


              Should be
              3000000000 B/1024 = 2929687,5 KB
              2929687,5 KB/1024 = 2861,023 MB

              2861,023 MB != 3 GB

              G M K B
              3 000 000 000

              link to this | view in chronology ]

      • identicon
        AnonAdvocate, 12 Apr 2013 @ 6:16am

        Re: Re:

        Unless of course, they have additional data BESIDES apple ids.

        link to this | view in chronology ]

    • identicon
      Michael Driver, 5 Sep 2012 @ 7:27am

      Re: 3TB

      Just what was on my mind. Unless there's some storage tech that the public doesn't know about (doubtful).

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2012 @ 3:34pm

    But then the FBI would deny it. The only thing worse for the FBI than to admit it is performing widespread survailance without warrents, would be that it lost said data to a group like antisec.

    But if the FBI say it, then it must be true... they'd never lie...

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 4 Sep 2012 @ 4:28pm

      Re:

      When I was a sprout, someone told me that you should never believe a story about government activities until there's been an official denial.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2012 @ 3:41pm

    Of course this never happened, just like the NSAs Stellar Wind isn't happening....

    link to this | view in chronology ]

  • icon
    The Logician (profile), 4 Sep 2012 @ 3:56pm

    When an organization such as the FBI becomes more concerned with its image and its own power rather than the well-being of the citizens it is intended to serve, the logical course of action is to oppose it and expose its corruption, as Antisec has done. It is at this point that the FBI must be reformed or removed, as it has forgotten the purpose it was created for. To do so, it must be made to collapse from the weight of its own bureaucracy. This leak and its exposure by Antisec are conducive to that process and should be encouraged.

    link to this | view in chronology ]

  • identicon
    Profiler, 4 Sep 2012 @ 4:04pm

    FBI profile

    My profile of this tweet is: the FBI is guilty.

    link to this | view in chronology ]

  • icon
    Jay (profile), 4 Sep 2012 @ 4:13pm

    Nixon would be proud...

    So now this reminds me of the breakins at Watergate and the Chilean embassy. Should we call this FBIgate now? Are they going to punish these kids for making them look foolish like Daniel Ellsberg made Nixon look foolish when he published the Pentagon Papers?

    link to this | view in chronology ]

  • icon
    Raymond Johansen (profile), 4 Sep 2012 @ 4:17pm

    New words/idioms

    It seems hell has frozen over!

    Woodward, Bernstein and a tutu in one Tweet! Impossible!

    FBI #TweetRelease

    Anon vs FBI #TweetFight

    link to this | view in chronology ]

  • icon
    letherial (profile), 4 Sep 2012 @ 4:30pm

    When presented with two different story's i ask myself who is more believable, who has more credibility and who has more interest in lying.

    I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI...so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2012 @ 4:44pm

    Unless it's catching a fake terrorist, the FBI won't admit to their own idiocy.

    link to this | view in chronology ]

  • identicon
    Digitari, 4 Sep 2012 @ 5:23pm

    Re:

    umm doesn't every CRIMINAL swear they are Innocent???

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2012 @ 7:14pm

    popcorn

    grab your popcorn at http://imgur.com/a/LPRbU (courtesy of reddit)

    link to this | view in chronology ]

  • identicon
    Jayce, 4 Sep 2012 @ 8:22pm

    If the FBI swore the sun would rise tomorrow,

    I'd be heavily inclined to buy lanterns.

    link to this | view in chronology ]

  • icon
    BentFranklin (profile), 4 Sep 2012 @ 9:16pm

    It takes days to get 3TB over consumer bandwidth. FBI naturally has T3. Does this mean Anon has T3 too?

    link to this | view in chronology ]

  • icon
    DataShade (profile), 4 Sep 2012 @ 11:24pm

    Well, hypothetical ... what if the FBI really did "never had" the information, because it was always remotely accessed from an NCFTA server?



    FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because "o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz" seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).

    AntiSec grabs the post-it, logs into NCFTA website, downloads file.


    FBI issues factually accurate but still deceptive denial.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2012 @ 12:25am

    reasonably obvious that the FBI would deny the leak came from them. had they admitted it did come from them, they would have been automatically admitting that they had the data in the first place, thereby opening themselves up to questions of why they had the info to begin with. i suppose their answer would be that everyone on the list is a terrorist, at least until we decide they are not but that could take a while

    link to this | view in chronology ]

  • icon
    PCCare247 (profile), 5 Sep 2012 @ 2:12am

    Is it true ?

    Another News for our consideration. ;)

    link to this | view in chronology ]

  • identicon
    relghuar, 5 Sep 2012 @ 2:55am

    Well...

    As to the size problem (3TB) - depends on what Antisec guys meant. If it's 3TB of plain text (like the CSV file with UDIDs, or some logs or whatever) and it has been stored compressed, the ratio could be anywhere from 1:5 to 1:15 (we regularly get over 1:10 for apache log files), so at 1:10 it would be 300GB of data. Still not very plausible to come from single notebook, but not THAT awful... Anyway, that's just a mental exercise, certainly not any precise analysis :-)
    For the FBI claiming they never had that data - well, I definitely CAN imagine a scenario when they wouldn't even know they had it, or at least know exactly what they had.
    I've heard speculations the data came from hacked iPhone App vendor - might be, but perhaps the vendor didn't have to be hacked? Perhaps the vendor could have - generously - share the data with NCFTA (well that's what they're for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
    I really can't decide what's worse - if their lying through their teeth, or them being so incompetent they don't even KNOW what's being shared with them.
    On the other hand, it could explain why they say CISPA is necessary - of course they need new laws, when they don't know about anyone sharing any relevant data with them :-/

    link to this | view in chronology ]

  • icon
    Ninja (profile), 5 Sep 2012 @ 3:44am

    Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.

    That. Should be amusing. The sad part is that we'll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Sep 2012 @ 4:03am

      Re:

      It's not like they were short on fake reasons to do police state things before. The important thing is to let everyone know about the widespread spying.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Sep 2012 @ 5:36am

      Re:

      Yes, so the point is people's UDIDs are not secure. That's a problem. It's a much larger problem if that information can be easily cross-referenced with other personal information/behavior histories/etc.

      But that's not the point Antisec is trying to make. They're itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn't. Interesting situation, indeed.

      link to this | view in chronology ]

  • icon
    Wally (profile), 5 Sep 2012 @ 5:58am

    I don't have much concern over this. Even if my UDID was stollen, I can easily change the password and thank God Mrs. Wally and I only use gift cards for payments on our iPods.

    link to this | view in chronology ]

    • icon
      Wally (profile), 5 Sep 2012 @ 6:22am

      Re:

      Adding to this, it should be noted that the UDID'S that were stolen, do change and due to Apple's "oppressive" approach of only allowing one computer-based iTunes account to be authorized on one computer at a time for up to 5 of your devices, the UDID system is non-effective to data theft on the scale shown here. The data stolen was 6 months old.

      For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer's hard disk.

      In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.

      link to this | view in chronology ]

  • identicon
    Michael, 5 Sep 2012 @ 7:15am

    How do you know that this whole event isn't really Antisec's doing but rather the FBI's in order to reveal (in an offhanded way) that they're hoarding all this personal data and then observe people's response? Thinking about it, the FBI would have to be incredibly stupid to just leave that data just sitting on a laptop w/ internet access enabled, not to mention conveniently innoculous to all that uploading.

    Or, it could be that Antisec is flat-out lying or that it's all data they've gathered via other means and are now pinning the blame on the FBI.

    Either way, there's really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2012 @ 8:13am

    Thanks for the confirmation (denial).

    link to this | view in chronology ]

  • identicon
    Michael Driver, 5 Sep 2012 @ 1:23pm

    Apple

    I was under the impression, at least from what I've always heard from Apple and Apple fanboys, that Apple was infallible, and perfect. What happened Apple, and fanboys?

    link to this | view in chronology ]

    • icon
      Wally (profile), 5 Sep 2012 @ 4:54pm

      Re: Apple

      Apple is not perfect....but they are a ton better than the FBI. The only useful data stolen was credit card information and it's till a pain in the ass to make use of the UDID's in the first place.

      link to this | view in chronology ]

  • identicon
    Anonymous, 5 Sep 2012 @ 6:50pm

    Here's Your Evidence

    Here's the MAC addresses of every computer in their field office --> http://bit.ly/RMfXlJ

    link to this | view in chronology ]

  • identicon
    Willton, 10 Sep 2012 @ 10:11am

    Calm Down, People

    As it turns out, Apple has confirmed that Antisec did not obtain the alleged UDIDs from the FBI:

    http://gizmodo.com/5940692/apple-responds-to-alleged-udid-hack-dont-look-at-us?tag=udid

    I n addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:

    http://gizmodo.com/5941919/where-anonymous-really-got-its-apple-ids-from-hint-not-the-fbi?ut m_source=deadspin.com&utm_medium=recirculation&utm_campaign=recirculation

    Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.