- Antisec group claimed to have over 12 million IDs taken from an FBI laptop
- Group released a million IDs online yesterday - but FBI now says it does not posses the database
- Apple says it did not release information to the FBI
FBI officials said the bureau never asked for and never possessed the database that the group, which calls itself AntiSec, is posting on a website.
The group has released a link to a database of more than 1 million unique identification numbers for Apple devices, which could include iPhones and iPads.
Have claim to have obtained more than 12 million
ID codes Apple uses to identify its gadgets, along with user names and
password. The FBI was today facing major questions over why it held the
data.
However, today the FBI denied that it ever had that information.
'The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device IDs) was exposed,' an FBI spokesperson told CNN.
'At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.'
Officials there said they could not verify the validity of the data that AntiSec released.
Federal officials also warned that computer users should be careful when clicking on such links because they sometimes may contain malware that can infect computers.
Joe Stewart, a security researcher with Atlanta-based Dell SecureWorks, said, however, that he tested the link and did not find any connection to malware.
Apple also said it had not given the information to the FBI.
'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization, Apple spokesperson Natalie Kerris told AllThingsD.
Apple assigns unique device identification numbers (UDIDs) - a string of numbers and letters - to all of its devices.
The numbers let iTunes and application developers know which device is running which apps.
As an example, the numbers allow game developers to keep track of users' high scores.
Besides the identification numbers, the information posted by AntiSec has the name that a person chooses to name their device and a description of whether the device is an iPhone, iPad or iPod Touch.
If linked with other information such as a name or address, the numbers could be used as a way to get at other more sensitive data.
But knowing the number doesn't enable the FBI to track or eavesdrop on people.
In its posting, AntiSec said it got the file by hacking into the laptop of an agent who was on one of the bureau's cyber action teams. And it said part of the file's name on the laptop was "NCFTA," referring to the National Cyber-Forensics & Training Alliance. The NCFTA is a nonprofit group made up of experts from the public and private sectors to share information on cyber threats.
In the Internet post, it said the FBI was "using your device info for a tracking people project."
A group known as Anonymous and its offshoot Lulz Security have been linked to a number of high profile computer attacks and crimes, including many that were meant to embarrass governments, federal agencies and corporate giants.
They have been connected to attacks that took data from FBI partner organization InfraGard and they've jammed websites of the CIA and the Public Broadcasting Service.
Earlier this year, FBI agents arrested several hackers tied to the group, and in the process revealed that LulzSec's reputed leader, known as Sabu, was an FBI informant.
Law enforcement officials said that linking the Apple data theft to an FBI agent may have been done, in part, as retribution for the arrests.
The move comes as Apple is believed to be putting the finishing touches to a launch event for a new version of its iPhone
'There you have 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens,' it said.
'The original file contained around 12,000,000 devices. we decided a million would be enough to release.
'We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc.
'Not all devices have the same amount of personal data linked, some devices contained lot of info, others no more than zipcodes or almost anything.
'We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset.'
The group also defended its decision to release the data.
'well we have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info.
'So without even being sure if the current choice will guarantee that people
will pay attention to this.'
No comments:
Post a Comment