FBI denies collecting Apple device IDs
Following yesterday’s claim made by AnitSec hackers that they have gotten ahold of a document containing a list of over 12 million Apple iOS devices – including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, ZIP codes, cellphone numbers, addresses, and more – after breaking into a computer used by an FBI agent, the agency has issued a resounding denial via Twitter:
It followed up with a statement saying that at this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
The hackers published a redacted list of one million UDIDs, Apple Push Notification Service DevTokens, device names and device types in order to prove that the list exists, and according to some security experts such as e-crime specialist with CSIS Security Group Peter Kruse, who went through the trouble of verifying if their devices are on the list, it contains accurate information.
With that question seemingly answered, more important ones arise. Have the hackers really found it on an FBI computer? There is no concrete evidence that proves they did.
An agent named Christopher K. Stangl does work for the Regional Cyber Action Team and the New York FBI office’s Evidence Response Team, but that information could have been easily discovered by the hackers in some other way that doesn’t include hacking his computer.
And the name of the downloaded document – NCFTA_iOS_devices_intel.csv – could point to the National Cyber Forensics and Training Alliance, a non-profit corporation backed by the FBI (among others), but that also doesn’t prove anything.
As many Internet users have already pointed out, it was to be expected that the FBI would deny having anything to do with this list, and it will be hard to prove otherwise.
Still, the hackers have accomplished their goal by making users wonder about it all – and getting Gawker’s Adrian Chen in a ballet tutu.