Publishing Company Admits That Anonymous' UDID Data Leak Was Actually Taken From Their Database
from the the-plot-thickens dept
Last week, there was a big story in which AntiSec, a part of Anonymous, claimed to have downloaded personal info on about 12 million Apple device users from an FBI agent's computer. They released about a million UDIDs to "prove" it, claiming they had a lot more information as well. The FBI quickly denied that the evidence came from them, and Apple later insisted that it had not shared such info with the FBI either. Now, a Florida company, Blue Toad, has told NBC that an analysis of the leaked data and its own data set has made it almost certain that the data actually originated from Blue Toad's servers (whether or not it eventually got onto an FBI machine is a separate issue):"That's 100 percent confidence level, it's our data," [Blue Toad CEO Paul] DeHart said. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”Apparently, Blue Toad's technology is used by tons of app publishers to help them build their own digital editions and apps -- which is why it would have access to all of this information.
The researcher who figured out that the data came from Blue Toad, David Schuetz, has pointed out that he can't say for certain if the FBI later got the same data, or where Anonymous got the data, but he does suggest that people should be skeptical of claims like that:
“It does raise questions,” he said. “I think people need to question what they see online, whether it comes from Anonymous or from a news organization or from a politician or from a corporation. You need to not take things at face value right away and jump straight to what you think it says. Somebody says, ‘Oh, this came from the FBI, everybody believes it. Well, let’s think about (it).”Good advice.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymous, antisec, data, fbi, leaks
Companies: blue toad
Reader Comments
Subscribe: RSS
View by: Time | Thread
Curious
[ link to this | view in thread ]
Re: Curious
Regardless, with the news that there's to be an EO for CISPA-style info-gathering, the effect may as well be the same. Either way, the public loses.
[ link to this | view in thread ]
What do App developers need UDID's for?
Also, why would we believe that the FBI isn't lying? They certainly have before!
[ link to this | view in thread ]
Re: Curious
[ link to this | view in thread ]
Re: What do App developers need UDID's for?
When? And what evidence do you have that would indicate that the FBI is lying now?
[ link to this | view in thread ]
Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
The evidence in this case is that they opened their mouths.
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Curious
[ link to this | view in thread ]
Re: Re: Re: What do App developers need UDID's for?
That's not evidence of lying, that's evidence of being mistaken or wrong. The U.S. Attorney argued that the FBI had the right, and the US Attorney lost the case at the Supreme Court. To say that the FBI was lying is to say that the FBI knew at the outset that their conduct was unconstitutional, and you lack an evidentiary basis for saying so.
and MegaUpload charges et al, etc.
Please explain how this is evidence of lying.
[ link to this | view in thread ]
Re: Re: Re: Curious
[ link to this | view in thread ]
2: If it is theirs, they still have the ability to share that information with the government, nothing is stopping that from happening / have happened.
[ link to this | view in thread ]
Re: Re: Re: What do App developers need UDID's for?
The FBI is a governmental agency tasked with the duty of upholding the law and serving the public. Anonymous is a bunch of hackers who engage in criminal behavior. Who do you think has more to lose from getting caught lying?
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Curious
[ link to this | view in thread ]
Re: Re: Curious
Not getting busted for other things they have done in violation of the law.
There is a handy list of ways to apply pressure.
[ link to this | view in thread ]
Re: Re: Re: Curious
And from whom did that file name originate? Why, it was Anonymous. So we are supposed to believe that Anonymous undertook no renaming of such information to suit their purposes?
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
In contacting the authorities, the company could have easily given FBI the ability to grab some data to investigate, then anonymous hacks the FBI's laptop.
Only liar in this situation is the FBI who claimed no knowledge of the situation at all.
Or they just don't know what the hell they're doing...
Anonymous has pulled off some pretty significant hacks before...what reason would they have to lie? Whereas the FBI has been caught routinely lying over the decades. They have a reputation to protect...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
It has been documented, in court, that the New Zealand police (the specific unit in question is the Kiwi version of SWAT) was told to use heavy force (armed police) and to be quick, because they were told BY THE FBI that Kim Dotcom had some sort of device that when triggered, would delete data from Megaupload servers.
The FBI told them this, despite the fact that the DAY BEFORE the raid and arrests of Kim Dotcom and other Megaupload employees, that the FBI had taken control of said servers, thus there was no way for Dotcom to have deleted the evidence (unless maybe the FBI were incompetent and possibly left the servers on and hooked up to the internet...)
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
BTW, I've seen your posting history. You seem to be a (possibly patent) lawyer that likes kowtowing to authority and getting angry at people. You just seemed a tad bit too protective of the FBI here that I just had to look.
[ link to this | view in thread ]
Re: Re: Re: Curious
Not getting busted for other things they have done in violation of the law.
There is a handy list of ways to apply pressure.
Yes, to convince them to expose information, not lie. I'm sure that the FBI engages in some strong-arm tactics in order to gain information from a source who does not initially wish to cooperate. But I have yet to see the FBI convince such a party to lie to the public as part of a cover-up.
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
Antisec hasn't been using post-its as a legal request for information.
Antisec hasn't been planting GPS trackers on cars belonging to brown people for the crime of being brown.
Antisec hasn't violated the laws of a sovereign nation pursuing a flawed case in US courts.
Antisec did not train agents using flawed racist propaganda.
Antisec might not be teenagers.
Remember when the Government needs them to be nerds not to be feared they downplay what they can do, but when they want to pass a law to spy on more people suddenly they can use a phone to destroy power plants with the power of their minds.
That's just off the top of my head... there is more.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
The FBI told them this, despite the fact that the DAY BEFORE the raid and arrests of Kim Dotcom and other Megaupload employees, that the FBI had taken control of said servers, thus there was no way for Dotcom to have deleted the evidence (unless maybe the FBI were incompetent and possibly left the servers on and hooked up to the internet...)
Source please. Also, you do realize that there is a difference between taking control over a server and taking physical possession of said server, right?
[ link to this | view in thread ]
Re:
As I understand it, Antisec claimed that the data included "zipcodes, cellphone numbers, addresses, etc.", while in the NBC story, Apple spokeswoman Trudy Mullter said (or implied) that the Blue Toad data did not include personal information such as account or billing information. So now Antisec can prove its case by revealing the personal information. If Antisec is reluctant to cause so much trouble for so many people, let's have a test. There must be people out there who have found their own devices on the list; maybe some of them are prepared to say, "Antisec, here's my UDID, here's a message encrypted with my phone number, I challenge you to publish the cleartext." (There are probably better protocols, this is just off the top off my head.)
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
That 'protect and serve' is nothing more than marketing speak.
[ link to this | view in thread ]
Scared me for a second
Two by two
Hands of blue
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
the fbi being a governmental agency does not automatically preclude nor exonerate them from charges of being less than truthful.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
Furthermore, the FBI is not some faceless organization; it's composed of people just like any organization. In the case of the FBI, those people include lawyers and law enforcement agents whose credibility in court is essential to staying employed. If any FBI agent were to get caught lying to the public to cover-up any misdeeds perpetrated in their official capacity, their careers would be over.
As for my background, it's irrelevant. Patent lawyers get pissed off about government just as much as you do. I just take exception to the general feeling at Techdirt that you can't trust good people to do good things once they've been employed by the government. People who join the FBI don't generally do it because it gives them a chance to lord over people unjustly; they do it because they want to serve their country and their fellow Americans.
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
It seems like you have trust in the government. I don't. Not that I trust Anonymous hackers, but after reading some stories about what the government is up to, I find it impossible to trust any government agency.
For example, we have the FBI busting its own fake terrorist plots, NSL gag orders being contested anonymously, warrantless surveillance on a mass scale that Senators in-the-know are saying would offend the public, killing US citizens without any form of due process, taking the electronic property of people like David House without a warrant (and keeping it for almost two months!), indefinite detention without trial, setting up a fake vaccination campaign in Pakistan in hopes of getting a lead on bin Laden...I'm sure I could go on if I had to. I mean, shit, the government can be so paranoid that they even shredded the banana peel of the al-Haramain lawyers.
And that's just within the last decade, if you were up for it then I could go on about Nixon and Watergate, Reagan and Iran-Contra, Reagan giving Saddam chemical weapons to use against Iran, the FBI spying on MLK Jr and other pacifists, the Tuskegee syphilis experiment (one of the sickest things I ever heard about)
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
No, but it certainly makes those charges less likely of being correct.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
No, but it certainly makes those charges less likely of being correct.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
No, but it certainly makes those charges less likely of being correct.
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
And the FBI would never stoop to criminal behavior. They would never manufacture evidence. They would never lie in court. They would never wiretap without warrant.
Given the FBI's storied history of lying through their proverbial teeth and not giving and apparent rat's ass about how it affects their public image, I would have to say that Anonymous would.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
You know who else repeated things over and over again until people believed him, don't you?
[ link to this | view in thread ]
Re: Re: Re: Re: Curious
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
This isn't quite the FBI, but the gist is still the same. Whose career was ended when they lied about Pat Tillman? Whose career was ended when they lied about Jessica Lynch?
For that matter, can you even name the FBI agent who denied that the UDID's came from them? Kinda hard to end someone's career for lying when they're an anonymous FBI agent...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
That isn't even analogous to the situation here. The false stories regarding Tillman and Lynch revolve around purported leaks from the Pentagon. They did not involve official statements from the Pentagon.
For that matter, can you even name the FBI agent who denied that the UDID's came from them? Kinda hard to end someone's career for lying when they're an anonymous FBI agent...
I can't, but the FBI does, and if the FBI is proven to have lied about this, I can assure you that whoever made that assertion will be out on his ass, if not in jail.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
Would you be so kind as to provide some examples of the FBI's "storied history of lying through their proverbial teeth and not giving and apparent rat's ass about how it affects their public image"? As is custom around here, accusations are not viewed favorably without supporting evidence. Just ask Mike Masnick.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Curious
That just proves how effective it is!
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
No, but it certainly makes those charges less likely of being legally provable.
FTFY....
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
I don't see anyone from the press outing their lying sources. If you want someone who can out those persons, talk to the Washington Post.
By the way, nice use of scare quotes. If you don't have facts to prove your position, use innuendo. That's always convincing.
[ link to this | view in thread ]
CISPA etc
Hypothetically speaking... :-)
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
http://www.forbes.com/sites/benkerschberg/2011/05/05/federal-court-rebukes-fbi-for-lyin g-to-the-court-about-surveillance-records/
http://www.youtube.com/watch?v=YaA6Myrvz4Y
http://w ww.ticklethewire.com/2011/12/27/ex-u-s-atty-accuses-fbi-and-prosecutors-of-illegally-obtaining-docum ents-and-lying-about-it/
Of course, I suppose it would be somewhat redundant to mention COINTELPRO, warrantless GPS tracking, and the phony terrorist bombing plots created out of whole cloth.
[ link to this | view in thread ]
too many plot holes
[ link to this | view in thread ]
There working the internet like they are working main stream media, give them enough time and they'll get good at it, then the greatest tech tool to this date, will be their most powerfull weapon, internet propaganda
[ link to this | view in thread ]
FBI fucks up - outrage
- Followed by some more outrage.
Some other place fucks up - outrage followed by we're sorry Tony Hayward style.
- Followed by I resign with a big fucking check.
- Followed by okay okay just don't let it happen again, again O_o
[ link to this | view in thread ]
Re: too many plot holes
[ link to this | view in thread ]
Re:
You're an idiot.
[ link to this | view in thread ]
I'm still skeptical
Their statement claimed a "significant match" with the stolen UIDs, and then the quote above says "100 percent certainty".
Frankly, I'm not convinced. It could be that they merely have the same UIDs that the hackers stole. They also aren't very forthcoming as to how or when the data was stolen (if they even know).
However, the hackers who claimed the FBI was involved should provide more proof of their claims at this point. Otherwise the impact of their release does nothing but damage their credibility given this company's claims.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: What do App developers need UDID's for?
It's certainly important to be aware of the misdeeds of your government, but to assume everything the government does is a lie is quite unreasonable. There are a lot of good people who are either elected officials or government employees looking out for the common citizen and are not part of the "big cover-up".
Or, if you truly believe that everything is really a lie, what's the point in living?
[ link to this | view in thread ]
Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: Curious
It also wouldn't be the first time that a government agency lied to the public. We simply can't trust the FBI to tell to the truth anyway.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
http://www.3news.co.nz/VIDEO-What-really-happened-in-the-Dotcom-raid/tabid/817/articl eID/264651/Default.aspx
The FBI disabled access to the servers prior to the raid.
You don't really seriously believe that the FBI waited with that until after the raid do you? That would be a hallmark of incompetence.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
Also you might look at what the FBI's mandate actually is instead of quoting the media puffery which is actually wrong
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Enforcement branches such as the FBI do follow what the head of the agency directs it to do. Given the past attempts at entrapment over fake terrorist plots setup, equipped, planned, supported, and assisted to the carry through, leaves one with the idea that the FBI can't be trusted either. You think maybe they didn't lie to these patsy's to get them to take the bait?
Or maybe you have the idea the FBI just went up to the prospective target and said, "Hi, I'm the FBI and I'm here to help you". Somehow I don't think that was the way it was played.
The explicit assumption left is the FBI lied.
[ link to this | view in thread ]
Re: Re:
There is too much proselytising, vitriol, and angst in your writing to think otherwise
[ link to this | view in thread ]
Re: I'm still skeptical
I would not be surprised at all if BlueToad Publishing was a front for data mining and phishing scams. They got caught and are stuttering through their admittance which usually means they are A)They were caught off gaurd, B) Are hiding something much more sinister (explains their nervousness about the investigation), or C) Both and and B.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: What do App developers need UDID's for?
How would a "doomsday" delete button work if the FBI already had control of the servers?
The FBI told the NZ Police they had to use rapid force to prevent the use of a delete function, even though they knew it wouldn't work even if he did have one, which he didn't because they made it up. Kinda hard to see how the FBI did anything but lie about this one.
[ link to this | view in thread ]
Another black cloud day for the morons with the Fawkes masks.
[ link to this | view in thread ]
Re: Re:
You're an idiot.
You've posted 19 posts on this subject, all of them defending the fbi, being insulting, and asking for prove of some of our claims, while providing none to backup yours, except........'but, but,but, its the government, .....governments dont lie'
The us government is a disgrace, they do not follow the constitution, there is no more checks and balances in your government, and the executive order was the day you americans accepted your dictatorship.
You dont question, but always obey, you are an enabler, there are true patriots in your country, and you sir, ARE NOT FUCKING ONE OF THEM
[ link to this | view in thread ]
Re: Re: Re:
Hmmm, sounds to me like Wilton is fucking all of them - in the literal sense of course. Perhaps I misunderstood, and you meant the way Wilton isn't fucking one of them is only in the figurative...
Me? I say fuck the gov't. Fuck them HARD. After all, they've already fucked everyone else, and will continue to do so. I cringe to envision what they'll accept as climax... Perhaps rape is more appropriate a term. Rape of the most brutal, violent sort. That's what the gov't has been doling out for years. We can expect (and will recieve) nothing better.
[ link to this | view in thread ]
Re: Re: Re: Re: What do App developers need UDID's for?
[ link to this | view in thread ]
Re: Scared me for a second
[ link to this | view in thread ]
Re: Re: Re: Re:
Would that be a legitimate rape?
[ link to this | view in thread ]
Moot
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
If the GOVERNMENT© is doing it, then YES, yes it is
Its the government, dont you know
[ link to this | view in thread ]