FBI Denies That Hacked Apple Info Came From FBI
from the then-where-did-it-come-from dept
Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI's laptop. As we noted at the time, the file was called "NCFTA_iOS_devices_intel.csv," which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymous, antisec, apple udids, cybersecurity, fbi, hack, privacy
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
This is just going to instigate the hackers to release more or all of the data >.>
[ link to this | view in chronology ]
Ploy?
Excuse me... I gotta go pop some popcorn...
[ link to this | view in chronology ]
Re: Ploy?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Pick me!
[ link to this | view in chronology ]
Re:
Might be more than one laptop. Also, not impossible. I have over 1TB connected to this laptop between its internal hard drive and the tiny portable one strapped to it...
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Re:
You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we're talking about...
[ link to this | view in chronology ]
Re: Re: Re:
Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it's own. If they they are trying to stop the problem at that point, they've already lost. I don't see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.
[ link to this | view in chronology ]
Re: Re: Re:
That said, I'm not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: 3TB from a laptop or not
[ link to this | view in chronology ]
Re:
and exceeds the amount the DEA can hold on its servers for long term storage by 1TB.
[ link to this | view in chronology ]
Re:
What you are missing is the implausibility of the file being 3TB. The file is .csv, that means "comma separated values". In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:
12M * 250 = 3G
Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.
[ link to this | view in chronology ]
Re: Re: Re: Re:
12000000 * 250 B = 3000000000 B
3000000000 B/1024 = 2929687,5 MB
2929687,5 MB/1024 = 2861,023 GB
2861,023 GB != 3 GB
It's not 3 TB but it definitely is at least 2.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Should be
3000000000 B/1024 = 2929687,5 KB
2929687,5 KB/1024 = 2861,023 MB
2861,023 MB != 3 GB
G M K B
3 000 000 000
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: 3TB
[ link to this | view in chronology ]
But if the FBI say it, then it must be true... they'd never lie...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FBI profile
[ link to this | view in chronology ]
Nixon would be proud...
[ link to this | view in chronology ]
New words/idioms
Woodward, Bernstein and a tutu in one Tweet! Impossible!
FBI #TweetRelease
Anon vs FBI #TweetFight
[ link to this | view in chronology ]
I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI...so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
popcorn
[ link to this | view in chronology ]
If the FBI swore the sun would rise tomorrow,
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because "o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz" seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).
AntiSec grabs the post-it, logs into NCFTA website, downloads file.
FBI issues factually accurate but still deceptive denial.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Is it true ?
[ link to this | view in chronology ]
Well...
For the FBI claiming they never had that data - well, I definitely CAN imagine a scenario when they wouldn't even know they had it, or at least know exactly what they had.
I've heard speculations the data came from hacked iPhone App vendor - might be, but perhaps the vendor didn't have to be hacked? Perhaps the vendor could have - generously - share the data with NCFTA (well that's what they're for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
I really can't decide what's worse - if their lying through their teeth, or them being so incompetent they don't even KNOW what's being shared with them.
On the other hand, it could explain why they say CISPA is necessary - of course they need new laws, when they don't know about anyone sharing any relevant data with them :-/
[ link to this | view in chronology ]
That. Should be amusing. The sad part is that we'll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
But that's not the point Antisec is trying to make. They're itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn't. Interesting situation, indeed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer's hard disk.
In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.
[ link to this | view in chronology ]
Or, it could be that Antisec is flat-out lying or that it's all data they've gathered via other means and are now pinning the blame on the FBI.
Either way, there's really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Apple
[ link to this | view in chronology ]
Re: Apple
[ link to this | view in chronology ]
Here's Your Evidence
[ link to this | view in chronology ]
Calm Down, People
http://gizmodo.com/5940692/apple-responds-to-alleged-udid-hack-dont-look-at-us?tag=udid
I n addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:
http://gizmodo.com/5941919/where-anonymous-really-got-its-apple-ids-from-hint-not-the-fbi?ut m_source=deadspin.com&utm_medium=recirculation&utm_campaign=recirculation
Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.
[ link to this | view in chronology ]