We know you have heard this before, but it bears repeating: there is no such thing as a secure system. The online activist collective Anonymous and the group Antisec have shown that again if their latest release of information (dox) is to be believed. Members of the two have been at one of their favorite targets; the FBI again. They have targeted a particular FBI Agent once again Special Agent Christopher Stangl by breaking into his laptop (allegedly his FBI issued laptop) and managed to grab a significant amount of data. What makes this breach even more interesting is that the groups claim to have grabbed 12 million Apple UDIDs (Unique Device Identifiers) along with a significant amount of personal information attached to each (including full names, push service tokens and more...).
Now the hack of a Special Agent of the FBI’s (and a Supervisor in the FBI’s Regional Cyber Action Team) company issued laptop is bad enough all on its own, but the bigger story here is the data that was there. Why would the FBI have 12 Million Apple UDIDs at all? How did they get them? And what purpose are they being put to? These questions raise some serious concerns about Apple and their partners. While it is true that the FBI could have gathered these directly from their long-time friendship with AT&T, it is also very likely that they came from Apple directly. If this is the case it could potentially explain a lot about why Apple appears to get a green light on so much in the US. One theory is that the information was gathered from one or more App developers that are cooperating with the FBI. We doubt that last one as it is actually much easier for the FBI to get this data from a carrier or from Apple than from a developer and the payoff would be much larger. Of course all of this is speculation at this point as there is no way to tell where the FBI collected the data or even if the data is real.
We took a look at it and while the data appears to be in the same format as the UDIDs we did not find any that we could recognize and none of the Apple devices that we have in the lab were on the list of the one million that were released. It remains and embarrassment to the FBI and their Cyber Action Team as well as a potential embarrassment for Apple and the Carriers that provide their phones.
There have been talks that the UDIDs in Apple (and other phone maker’s) devices can be used to collect significant data about their users. It was a hot topic with Congress for a short period of time, but as usual the subject was dropped for no reason (probably because law enforcement like being able to track things). The US DoJ has fought against privacy protections on mobile devices as well as refusing to release details on their partnerships with carriers. Anyone want to play connect the dots? So why did AntiSec and Anonymous go after the FBI and Special Agent Christopher Stangl? It is entirely possible that it was just to prove a point that the FBI is still operating in a very insecure manner, but it is also possible that they were aware that the FBI was doing something rather shady in their recent pursuit of members of both groups (with the help of Sabu). To paraphrase a comment in the pastebin post; The FBI, NSA and DoJ call them criminals, chase them down and arrest them, but they attempt to get them to work for them to push their own agendas. Sounds a tad hypocritical doesn’t it?
It will be very interesting to see if the information is real and also if there is any way to find out where it came from. We can imagine the outrage that will happen if this turns out to be from Apple, AT&T or another carrier of the iPhone/iPad. We will be reaching out to the FBI, Apple and a few carriers for more information although we doubt that any will respond.
Discuss this in our Forum
