recommended reading

What was the FBI doing with 12 million Apple IDs anyway?

Manuel Balce Ceneta/AP

Manuel Balce Ceneta/AP // FBI headquarters

This morning AntiSec released a list of 1 million out of 12 million Apple UDID's that it said it got from the FBI, which has raised many questions, most prominently perhaps: Just what was the FBI doing with that data in the first place? First off, neither the FBI nor Apple has confirmed that the data released so far is real. Update: Just after we published this post, the FBI issued a statement to Gizmodo denying that the data came from them. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."  Before that statement, an FBI spokesperson toldComputer World and Gizmodo that it was "declining to comment," which has led Gizmodo's Jamie Condliffe and Sam Biddle to suggest "it's very much possible that an FBI computer is the original source of this alleged data dump." Even though we have no proof of that, others have at least confirmed that the UDIDs out there correspond to actual phones, with ArsTechnica's  posting responses from Security journalist Rob Lemos and "eCrime specialist" Peter Kruse saying that they have devices on the list. With so little information -- AntiSec has refused to give interviews, for now -- we still can't be sure that these came from the FBI. But if the hackers are to be believed (an admittedly big if), it brings us back to that initial question: What did the FBI want with those Apple IDs? Some theories.

  • "FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT." That's the explanation that AntiSec uses in its post, which Anonymous reiterated in a tweet.
  • The Apple IDs alone don't give access to anything too useful. But, AntiSec claims that many of the codes were linked with other information like addresses, zip codes, name, and e-mail. How and for what exactly AntiSec does not say. The file name (NCFTA_iOS_devices_intel.csv) has led others to believe the info came from the FBI's National Cyber-Forensics & Training Alliance, which has a slew of cyber crime related projects, including Malware, Internet fraud, pharmaceutical fraud, and financial cyber threats, according to its website. So perhaps it was part of some project there? AntiSec also says it got the info from Cyber Action Team member Christopher Stangl's computer. Stangl, as a member of CAT, was part of a "highly trained team" of agents who "gather vital intelligence on emerging threats and trends that helps us identify the cyber crimes that are most dangerous to our national security and to our economy," as the FBI site explains.
  • The FBI got this information by proxy. It's possible that the FBI just had this data as a part of another project, as Marcus Carey, a researcher at Rapid7 explained to Bits Blog's Nicole Perlroth. "The F.B.I. could have obtained the file while doing forensics on another data breach," he said. The FBI once got a hold of an Instapaper server from an unrelated raid, last year. Instapaper CEO Marco Arment has denied that the two incidents are related -- Instapaper has nowhere near 12 million members, for one. But, this could have been from something like that. That makes sense, especially since these ID's don't reveal anything too dangerous, as Carey continues. "This poses very little risk. None of this information could be used to hack someone or launch an attack," he adds. 

Read more at The Atlantic Wire.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.