FBI Denies It Held iPhone UDIDs Stolen By AntiSec

judgecorp writes "The FBI has denied the UDID codes released yesterday came from an agent's laptop, as claimed by the AntiSec hacker group. The FBI says it does not hold such data, and the attack never happened. However, the agent named by AntiSec is real, and some of the published UDID codes have been found to be genuine. So where did they come from?"

Collection != leak

[AwaxSlashdot]

There are 3 issues here:
* who collected them ? (most probably an app)
* who "lost" them ? (AntiSec claim they found it on a FBI agent laptop they compromised)
* how the data went from #1 to #2 ?

And the 3rd one is the most interesting.

Issue?

[symes]

This is not something I know a great deal about, but surely the UDID is pretty easy to get hold of. Surely most suppliers will keep a record for warranty/insurance reasons. AFAIK, many apps can access this information. ITunes relies on it. These data could just be from the FBI looking for patterns of insurance fraud, or similar. And I wouldn't be surprised if a load or organizations hold this sort of data for a range of gadgets. I bought a fridge a while back and had to send the serial number off to some third party to have my warranty set up. I am happy to be corrected though, and told this is a huge privacy thing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:So where did they come from?

[crazyjj]

In the absence of any further evidence, I must assume that everybody's lying.

Except that Anon has real evidence in this case, and specifics. The FBI is just issuing a blanket denial. And, for that matter, if this agent is real and doesn't do this, why aren't they hiding him and not making him available for interviews? Seems like he would be the most credible source to deny it.

File name instructive

[Anonymous Coward]

"NCFTA_iOS_devices_intel.csv'

National Cyber-Forensics and Training Alliance(1) is that FBI-sponsored industry cybersecurity PR, lobbying, and info-sharing consortium that was going to replace CERT et al, make sure the Bureau's position on cybersecurity was advanced, and pass out a lot of white hats to all the "Walker, Cyber Ranger"s out there. Stangl (sic) apparently may have some role there. As others have pointed out, the data could have come directly from Apple.

So maybe the Fibbies are *technically* truthful here. It's called plausible deniability. That's why you have captive shadow orgs like NCFTA, ostensibly not taxpayer funded. Congress won't oblige your agency's agenda or funding? Just set up a non-profit org. They can do things you can't. Welcome to "continuity of government", though this process is now largely a quaint and unneccessary anachronism in a post PATRIOT, post DMCA, post NDAA, executive order, UN Treaty, Homeland Security world. That kind of deceptive charm may be it's only lingering utility, in fact. Sugar-coating and Cosmetics are big business, after all.

(1) http://yro.slashdot.org/index2.pl?fhfilter=NCFTA

Re:So where did they come from?

[fadethepolice]

This is likely to be true of every action of every whistleblower from now until the end of time. The very act of getting protected data from an organization by definition results in this situation. The only resort is to look at context and evaluate the information on the knowledge you have of the participants. http://en.wikipedia.org/wiki/Carnivore_(software) [wikipedia.org] http://en.wikipedia.org/wiki/NarusInsight [wikipedia.org] The FBI has a proven track record of secretly monitoring Americans for close to 100 years. Anonymous has a decent reputation as occasionally competent hackers. Given these facts I would tend to give more weight to the evidence presented by anonymous than the denials by the FBI.

Re:So where did they come from?

[blueg3]

...finding the names of agents is pretty easy...

Yeah, especially when the agent stated his name in a well-known FBI PR video targeting hackers.