One thing is for certain in the case of the purloined Apple IDs: Either AntiSec, an anti-government hacktivist group, or the FBI is lying. And it won't take long to figure out which one.
First, AntiSec claimed it hacked the laptop of an FBI special agent and stole a file containing 12 million Apple unique device identifiers (UDIDs) and the associated personal information.
To back up the claim, AntiSec-allegedly a 14-month-old joint operation of Anonymous and LulzSec-posted a document to Pastebin on Monday that contains links to about a million Apple UDIDs. AntiSec also said it has 11 million more IDs.
From the AntiSec post:
"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."
Upon reading this I-and many others, no doubt-thought, "What the heck is the FBI doing with all that stuff?" It is hard to imagine the agency obtaining the information legally. Whether or not the data was legally obtained, if the claim proves to be true it could start the Mother of All Feces Storms for the Bureau. While Americans will (inexplicably) tolerate DHS's broken "Do Not Fly" list, storing personal information on 12 million people is a whole different story.
"At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
This leaves us with a number of possible scenarios:
- The FBI is trying to hide its involvement via the most pathetic cover-up since Watergate.
- AntiSec doesn't have the document it claims to have.
- AntiSec does have the document but it came from somewhere else, and the group is trying to pin it on the Feds for PR purposes.
- AntiSec is trying to pull off an amazingly-stupid smear campaign using nothing more than a Twitter account and a hope chest.
- AntiSec wants to get people pissed off about Apple's data collection practices and this was the only way the group could get anyone to care.
- The FBI is pulling off some weird double-reverse backdoor effort to discredit AntiSec.
- I could go on and on, but you get the idea.
Sign up for Computerworld eNewsletters.