Hackers claim 12 million Apple IDs from FBI (Update 2)

September 4, 2012 by Rob Lever
Customers try the iPad at the Apple store on Fifth Avenue in New York in 2011. A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking.

A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking, but the FBI said it never had the data.

The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers on Monday purported to be part of a larger group of 12 million obtained from an FBI laptop.

The FBI initially had no comment on the reports, but later in the day issued a statement which cast doubt on the purported data breach, saying it never had the data in question.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device identifiers) was exposed," the US Federal Bureau of Investigation said in a statement.

"At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

A tweet from the FBI press office said: "We never had info in question. Bottom Line: TOTALLY FALSE."

Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, said on Twitter that the leak "is real" and that he confirmed three of his own devices in the leaked data.

"Also notice that they claim to have fullname, addresses, phone numbers etc... Big ouch!" he tweeted.

Apple did not immediately respond to a request for comment.

The fact that some user data was breached prompted a flurry of comments, some suggesting that the government or Apple was implicated in a vast invasion of user privacy.

Aldo Cortesi, a security consultant living in New Zealand, called the incident "a privacy catastrophe."

"The vulnerabilities ranged from de-anonymization, to takeover of the user's gaming social network account, to the ability to completely take over the user's Facebook and Twitter accounts," he said on a blog posting.

One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs).

Johannes Ullrich of the SANS Internet Storm Center said it was difficult to verify the report.

"There is nothing else in the file that would implicate the FBI. So this data may very well come from another source. But it is not clear who would have a file like this," he told AFP.

Ullrich said it is unclear why the FBI, if the report were true, would have the data.

"The size of the file... would imply a widespread, not a targeted tracking operation, or the file was just kept in case any of the users in the file needs to be tracked," he said.

"The significance of this breach very much hinges on the source, which as far as I know, hasn't been authenticated yet. The data is, however, real based on some of the reports that people do find their own UDID in the file."

In the posting, AntiSec said the original file "contained around 12,000,000 devices" and that "we decided a million would be enough to release."

The group said it "trimmed out other personal data such as full names, cell numbers, addresses, zipcodes, etc."

It said it posted the information to draw attention to Apple's practices, which allow users to be tracked.

"We never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple," it said.

It added "we have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details...' FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME S—-."

The document posted on the website pastebin indicated that the data was obtained in March from the computer of an FBI Cyber Action supervisor through a "vulnerability" in the computer.

Eric Hemmendinger, a security expert with Tata Communications, said that if an FBI computer from a cybersecurity investigator was hacked, it would be "a pretty embarrassing scenario."

Hemmendinger said the FBI's possession of the data would be surprising, but that it should not be a surprise that Apple and its rivals would have detailed information on its users.

"This is yet another indicator that when you start to participate in social networking and applications that Apple and (Google's) Android have propagated, you are the asset that's being leveraged and monetized," he said.

"It's yet another reminder that when you join the social network world, your footprints are not private."

Explore further: Hackers claim attack on FBI partner in Conn.

Related Stories

Developers are on standby for Apple's UDID successor

June 11, 2012

(Phys.org) -- The word is out that Apple will replace the Unique Device Identifier (UDID) that is meant for mobile application developers trying to track who uses their software. Apple, according to reports, has devised a ...

FBI investigating AT&T iPad security breach

June 10, 2010

(AP) -- The FBI said Thursday that it is investigating a data breach at AT&T that exposed the e-mail addresses of more than 114,000 owners of the Apple iPad, including government officials.

Anonymous hits Ohio FBI partner website

February 24, 2012

(AP) -- Hackers allied to the loose-knit Anonymous movement on Friday claimed responsibility for vandalizing an Ohio FBI partner website, replacing its homepage with the video for rap hit "Gangsta's Paradise."

Online scammers using 'FBI message' to demand money

August 9, 2012

The FBI warned computer users on Thursday to ignore a fake message, purportedly from its officers, that freezes people's screens and demands that they pay a fine for visiting inappropriate websites.

Hackers post W.Va. police officers' personal info

February 8, 2012

(AP) -- Hackers affiliated with the Anonymous hacking group obtained more than 150 police officers' personal information from an old website for the West Virginia Chiefs of Police Association and posted it online.

Recommended for you

Researchers find tweeting in cities lower than expected

February 20, 2018

Studying data from Twitter, University of Illinois researchers found that less people tweet per capita from larger cities than in smaller ones, indicating an unexpected trend that has implications in understanding urban pace ...

Augmented reality takes 3-D printing to next level

February 20, 2018

Cornell researchers are taking 3-D printing and 3-D modeling to a new level by using augmented reality (AR) to allow designers to design in physical space while a robotic arm rapidly prints the work.


Adjust slider to filter visible comments by rank

Display comments: newest first

4 / 5 (4) Sep 04, 2012
Hackers are hackers, whether they work for the FBI or with some group like Anonymous, or on their own.

I'm not surprised. The Cloud is going to make things even more exciting.
3.4 / 5 (5) Sep 04, 2012
It is easy to guess that Apple will now sue the FBI.
2.3 / 5 (3) Sep 04, 2012
Apple sued the FBI last week. They're moving onto NASA to sue them for using gyrostabilizers without their permission.
1 / 5 (1) Sep 04, 2012
Of course, there is NO WAY that this data was stolen from Apple... Dude, it's not like they collect/keep all of this data 'cause we all know that they are too cool to do anything like that... right??

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.