Apple ID hack scandal: New questions about FBI involvement

Get short URL

Published time: September 10, 2012 18:07
Edited time: September 10, 2012 22:07

A small digital-publishing firm says that the millions of Apple user IDs hackers published online last week were lifted from the company’s computers, calling into question an earlier claim that the trove was taken from an FBI agent’s laptop.

When hacktivists aligned with the Anonymous collective offshoot AntiSec published a portion of 12 million Apple UDID codes last week, they said their source was a spreadsheet of data stolen from the laptop of an FBI agent six months earlier. The CEO of Florida’s BlueToad, Inc. says that his company has compared the published set of stats with their own figures, though, and found a 98 percent correlation between the two datasets.

"That's 100 percent confidence level, it's our data," BlueToad CEO Paul DeHart tells NBC News in an interview published early Monday. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

BlueToad was co-founded by DeHart back in 2007 to provide a service for creating digital and online editions of print publications. As of 2010, BlueTooth works with over 3,000 titles each month, and although Dehart declined to divulge his client list to NBC, his company has been openly identified as being responsible for the digital distribution of State, the US State Department’s official magazine.

In an official statement posted on the BlueTooth blog, the company writes that only “A little more than a week ago” they were victimized in a cyber attack, which conflicts with AntiSec’s allegation that an FBI agent had been hacked half a year earlier. To NBC, though, Dehart says that the latest news doesn’t necessarily mean that hackers lied about hijacking the info from an FBI agent’s laptop, but that he has his serious doubts about the likelihood of that specific scenario.

“It does raise questions,” DeHart tells NBC. “I think people need to question what they see online, whether it comes from Anonymous or from a news organization or from a politician or from a corporation.You need to not take things at face value right away and jump straight to what you think it says.Somebody says, ‘Oh, this came from the FBI, everybody believes it. Well, let’s think about (it).”

When AntiSec announced their find on September 3, a person affiliated with the group explained that they had breached the laptop of Supervisor Special Agent Christopher K. Stangl from the FBI Regional Cyber Action Team this past March, on which they found a file that “turned to be a list of 12,367,232 Apple iOS devices, including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cell phone numbers, addresses, etc.”

“FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT,” the author of the initial post claimed. AntiSec added, however, that even at the time they could not claim for certain that the Federal Bureau of Investigation was storing UDIDs to spy on Americans.

“Well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it,” AntiSec wrote.

On cue, both the FBI and Apple denounced any involvement immediately.