What was the FBI doing with 12 million Apple IDs anyway?

Manuel Balce Ceneta/AP

Manuel Balce Ceneta/AP FBI headquarters

On Tuesday, AntiSec released a list of 1 million out of 12 million Apple UDID's that it said it got from the FBI.

This morning AntiSec released a list of 1 million out of 12 million Apple UDID's that it said it got from the FBI, which has raised many questions, most prominently perhaps: Just what was the FBI doing with that data in the first place? First off, neither the FBI nor Apple has confirmed that the data released so far is real. Update: Just after we published this post, the FBI issued a statement to Gizmodo denying that the data came from them. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."  Before that statement, an FBI spokesperson toldComputer World and Gizmodo that it was "declining to comment," which has led Gizmodo's Jamie Condliffe and Sam Biddle to suggest "it's very much possible that an FBI computer is the original source of this alleged data dump." Even though we have no proof of that, others have at least confirmed that the UDIDs out there correspond to actual phones, with ArsTechnica's  posting responses from Security journalist Rob Lemos and "eCrime specialist" Peter Kruse saying that they have devices on the list. With so little information -- AntiSec has refused to give interviews, for now -- we still can't be sure that these came from the FBI. But if the hackers are to be believed (an admittedly big if), it brings us back to that initial question: What did the FBI want with those Apple IDs? Some theories.

  • "FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT." That's the explanation that AntiSec uses in its post, which Anonymous reiterated in a tweet.
  • The Apple IDs alone don't give access to anything too useful. But, AntiSec claims that many of the codes were linked with other information like addresses, zip codes, name, and e-mail. How and for what exactly AntiSec does not say. The file name (NCFTA_iOS_devices_intel.csv) has led others to believe the info came from the FBI's National Cyber-Forensics & Training Alliance, which has a slew of cyber crime related projects, including Malware, Internet fraud, pharmaceutical fraud, and financial cyber threats, according to its website. So perhaps it was part of some project there? AntiSec also says it got the info from Cyber Action Team member Christopher Stangl's computer. Stangl, as a member of CAT, was part of a "highly trained team" of agents who "gather vital intelligence on emerging threats and trends that helps us identify the cyber crimes that are most dangerous to our national security and to our economy," as the FBI site explains.
  • The FBI got this information by proxy. It's possible that the FBI just had this data as a part of another project, as Marcus Carey, a researcher at Rapid7 explained to Bits Blog's Nicole Perlroth. "The F.B.I. could have obtained the file while doing forensics on another data breach," he said. The FBI once got a hold of an Instapaper server from an unrelated raid, last year. Instapaper CEO Marco Arment has denied that the two incidents are related -- Instapaper has nowhere near 12 million members, for one. But, this could have been from something like that. That makes sense, especially since these ID's don't reveal anything too dangerous, as Carey continues. "This poses very little risk. None of this information could be used to hack someone or launch an attack," he adds. 

Read more at The Atlantic Wire.