FBI denies claims of Apple ID hack

The FBI on Tuesday said there is "no evidence" to support claims by a hackers group that they accessed information about millions of Apple users on a bureau computer.

The hackers have posted online what they claim are the IDs of more than 1 million iPhones and iPads. And they say that's just part of the more than 12 million IDs -- and other information such as users' names, cell phone numbers and billing addresses -- they got from the laptop of an FBI agent.

The release, if authentic, sparked a flurry of headlines Tuesday and raised questions about both FBI security and why the bureau would have collected that information about people in the first place.

Antisec, a politically minded branch of the hacker collective Anonymous, posted the ID numbers on Monday. If cross-referenced with info available to Apple developers, they could theoretically help someone find more specific details about the device's owner.

The post claimed that hackers exploited a vulnerability in the programming language Java on the computer of Special Agent Christopher K. Stangl, who specializes in cybersecurity.

The FBI responded Tuesday afternoon.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device IDs) was exposed," according to an FBI spokesperson. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

As of Tuesday afternoon, there had been no independent verification that the IDs came from an FBI computer. Apple did not respond to a request for comment.

"We don't have any way of confirming the source of the data, or what else might have been taken, but it does appear that the files do contain at least some genuine Apple UDIDs," said Graham Cluley, a senior tech consultant at Sophos Security. "Certainly things would be worse if the personal info was also released. But at the moment it feels as if the hackers might be more interested in embarrassing the FBI and causing mischief than putting innocent users at risk."

Because of the secretive nature of what they do, as well as the lack of any official organizational structure, no official spokesperson for Antisec or Anonymous came forward to take credit for the hack.

But Monday's post on document-sharing site Pastebin refers readers to a Twitter feed considered a reliable source of Anonymous information. On it, the user, or users, took credit for the post.

"Pleased to see, media actually asking the right question: Why the hell does an FBI agent have a database with 12M Apple UDID on his laptop?" read one tweet Tuesday.

The group claimed the document had been viewed 370,000 times in less than 24 hours.

In the document, the hackers criticize a government they claim uses hackers internally while actively prosecuting private citizens who do the same things for their own purposes. The group also includes messages of support for alleged hackers being prosecuted, such as Wikileaks founder Julian Assange as well as for Pussy Riot, the punk rock protesters jailed in Russia for a stunt criticizing President Vladimir Putin.

In their typical gonzo style, the Anonymous hackers' post combined a political credo with offbeat antics. Among them: an offer to grant interviews about their hack if Adrian Chen, a Gawker reporter who has written about Anonymous, is portrayed on the main page of Gawker for a full day wearing a ballet tutu and a shoe on his head. ("Put Shoe on Head" is an Internet meme that originated on 4chan, a home base of sorts for many who claim allegiance to Anonymous).

For his part, Chen actually seemed to be pondering the offer, if highly skeptical.

"How can I be sure Anonymous will hold up their part of the deal? Shadowy outlaw hacker groups are not known for their integrity," he wrote Tuesday. "I'm currently trying to gain certain assurances. Stay tuned for tutu-age."

Print this article Back to Top

Comments