FBI Denies That Hacked Apple Info Came From FBI
from the then-where-did-it-come-from dept
Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI’s laptop. As we noted at the time, the file was called “NCFTA_iOS_devices_intel.csv,” which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:
Filed Under: anonymous, antisec, apple udids, cybersecurity, fbi, hack, privacy
Companies: apple
Comments on “FBI Denies That Hacked Apple Info Came From FBI”
*sigh*
This is just going to instigate the hackers to release more or all of the data >.>
Ploy?
You know, this could go either way. On the one hand, we’ve got Antisec potentially sitting on a ton of additional information which could cause no small amount of embarassment to the FBI. On the other hand, this reply from the press office could just be a ploy to intentionally get them to release more in the hopes that Antisec slips up and shows their hand too early.
Excuse me… I gotta go pop some popcorn…
Re: Ploy?
This is all just the FBI covering up for Apple and Google. Don’t believe the hype.
3TB of data from a laptop? What am I missing here?
Re: Pick me!
Oooh, I know! You’re missing one very hi-capacity laptop hard-drive!
Re: Re:
3TB of data from a laptop? What am I missing here?
Might be more than one laptop. Also, not impossible. I have over 1TB connected to this laptop between its internal hard drive and the tiny portable one strapped to it…
Re: Re: Re:
Probably not on the laptop itself. I’m thinking 1 TB hard drives in a multi-bay external enclosure. Someone willing to shell out a few hundred dollars could easily cart around 4 TB of data that way; access it pretty fast too, assuming the laptop has a USB 3.0 port.
Re: Re: Re: Re:
since when has the government been willing to shell out large sums of cash for new computers?
Re: Re: Re: Re:
Didn’t the DEA just drop a case cause they couldn’t handle a few terabytes, or less capacity than I have in a box of old drives sitting in my closet?
Re: Re: Re:2 Re:
Because all their storage space is filled with citizens’ private information, obviously.
Re: Re:
Yeah, me too. What, with my 800G primary drive and the two 2TB drives I stole from the DoD last week, this laptop is brimming with capacity 🙂
Re: Re: Re:
I can understand having an external hard drive connected to a laptop, but if this was a hack over the Internet what kind of bandwidth did the connection to this laptop have? It’d take almost 6 days to download 3 Terabytes at 50 Mbps. That’s 15 years over a 56k modem. Even if you managed to get a sustained 1 Gbps of bandwidth, you are still looking at about 6 hours.
You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we’re talking about…
Re: Re: Re: Re:
If they hacked the FBI they probably were smart enough to send the data to a server somewhere that they anonymously paid for, rather than trying to push 3TB over 7 proxies. It would have still taken a while but not more than a few days over a fiber uplink the FBI should be using.
Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it’s own. If they they are trying to stop the problem at that point, they’ve already lost. I don’t see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.
Re: Re: Re: Re:
Anyone with a smidgen of hacker skills would likely encrypt the outbound data. Most forms of encryption compress as well. csv data files like this compress like crazy, and it is quite feasible that it might have been as little as 30-90 GB of transferred data. Not trivial, but certainly not a big deal on a fast network. If a device is already somewhat of a data warehouse, large network transfers might be normal.
That said, I’m not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.
Re: Re:
Not a thing. Such high-capacity drives for laptops are readily available, some from Amazon.
Re: Re:
And a very fast broadband connection and the owner didn’t notice a 3TB upload and no-one else noticed?
Re: Re: 3TB from a laptop or not
If you look at the whole situation it seems that a particular agent was targeted, and that for the “first” time Anon has used HumInt to get what they wanted. It seems to me be the only explanation to whats going on right now.
Re: Re:
the 3TB was from another hack…
and exceeds the amount the DEA can hold on its servers for long term storage by 1TB.
Re: Re:
“3TB of data from a laptop? What am I missing here?”
What you are missing is the implausibility of the file being 3TB. The file is .csv, that means “comma separated values”. In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:
12M * 250 = 3G
Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.
Re: Re: Re:
3 TB of data is not the .cvs file :> It’s still unreleased data.
Re: Re: Re: Re:
Reread the earlier story on this. Particularly look at: “on his laptop, they found a csv file”. Antisec got 12M records in one CSV file. They have released a redacted version of 1M records, to prove they have got the data. Only idiots are now pretending that they do not have all the data, thereby proving that the FBI’s IT security skills are pathetic.
The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.
Re: Re: Re:2 Re:
Look, I am able to use math:
12000000 * 250 B = 3000000000 B
3000000000 B/1024 = 2929687,5 MB
2929687,5 MB/1024 = 2861,023 GB
2861,023 GB != 3 GB
It’s not 3 TB but it definitely is at least 2.
Re: Re: Re:3 Re:
Um, you missed kilo.
Should be
3000000000 B/1024 = 2929687,5 KB
2929687,5 KB/1024 = 2861,023 MB
2861,023 MB != 3 GB
G M K B
3 000 000 000
Re: Re: Re:4 Re:
Crap. You’re right. My mistake man, sorry for pushing. (shame smiley)
Re: 3TB
Just what was on my mind. Unless there’s some storage tech that the public doesn’t know about (doubtful).
But then the FBI would deny it. The only thing worse for the FBI than to admit it is performing widespread survailance without warrents, would be that it lost said data to a group like antisec.
But if the FBI say it, then it must be true… they’d never lie…
Re: Re:
When I was a sprout, someone told me that you should never believe a story about government activities until there’s been an official denial.
Of course this never happened, just like the NSAs Stellar Wind isn’t happening….
When an organization such as the FBI becomes more concerned with its image and its own power rather than the well-being of the citizens it is intended to serve, the logical course of action is to oppose it and expose its corruption, as Antisec has done. It is at this point that the FBI must be reformed or removed, as it has forgotten the purpose it was created for. To do so, it must be made to collapse from the weight of its own bureaucracy. This leak and its exposure by Antisec are conducive to that process and should be encouraged.
FBI profile
My profile of this tweet is: the FBI is guilty.
Nixon would be proud...
So now this reminds me of the breakins at Watergate and the Chilean embassy. Should we call this FBIgate now? Are they going to punish these kids for making them look foolish like Daniel Ellsberg made Nixon look foolish when he published the Pentagon Papers?
New words/idioms
It seems hell has frozen over!
Woodward, Bernstein and a tutu in one Tweet! Impossible!
FBI #TweetRelease
Anon vs FBI #TweetFight
When presented with two different story’s i ask myself who is more believable, who has more credibility and who has more interest in lying.
I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI…so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.
Re: Re:
Instead of PR maybe they should just stop lying to our faces?
Re: Re: Re:
impossible, what government can do such an task?
Re: Re: Re: Re:
You can’t change the nature of something that was founded and built on that nature.
Re: Re: Re:
It’s for your own good, citizen.
Unless it’s catching a fake terrorist, the FBI won’t admit to their own idiocy.
Re:
umm doesn’t every CRIMINAL swear they are Innocent???
popcorn
grab your popcorn at http://imgur.com/a/LPRbU (courtesy of reddit)
If the FBI swore the sun would rise tomorrow,
I’d be heavily inclined to buy lanterns.
It takes days to get 3TB over consumer bandwidth. FBI naturally has T3. Does this mean Anon has T3 too?
Re: Re:
T3 (DS3) is only 45Mbit. Not terribly fast in the grand scheme of things.
Re: Re:
3 gb is ten minutes on T3. It’s only a little over half an hour on my home cable line. What the fuck are you talking about?
Re: Re: Re:
Terabytes, not gigabtyes.
Well, hypothetical … what if the FBI really did “never had” the information, because it was always remotely accessed from an NCFTA server?
FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because “o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz” seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).
AntiSec grabs the post-it, logs into NCFTA website, downloads file.
FBI issues factually accurate but still deceptive denial.
reasonably obvious that the FBI would deny the leak came from them. had they admitted it did come from them, they would have been automatically admitting that they had the data in the first place, thereby opening themselves up to questions of why they had the info to begin with. i suppose their answer would be that everyone on the list is a terrorist, at least until we decide they are not but that could take a while
Is it true ?
Another News for our consideration. 😉
Well...
As to the size problem (3TB) – depends on what Antisec guys meant. If it’s 3TB of plain text (like the CSV file with UDIDs, or some logs or whatever) and it has been stored compressed, the ratio could be anywhere from 1:5 to 1:15 (we regularly get over 1:10 for apache log files), so at 1:10 it would be 300GB of data. Still not very plausible to come from single notebook, but not THAT awful… Anyway, that’s just a mental exercise, certainly not any precise analysis 🙂
For the FBI claiming they never had that data – well, I definitely CAN imagine a scenario when they wouldn’t even know they had it, or at least know exactly what they had.
I’ve heard speculations the data came from hacked iPhone App vendor – might be, but perhaps the vendor didn’t have to be hacked? Perhaps the vendor could have – generously – share the data with NCFTA (well that’s what they’re for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
I really can’t decide what’s worse – if their lying through their teeth, or them being so incompetent they don’t even KNOW what’s being shared with them.
On the other hand, it could explain why they say CISPA is necessary – of course they need new laws, when they don’t know about anyone sharing any relevant data with them :-/
Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.
That. Should be amusing. The sad part is that we’ll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.
Re: Re:
It’s not like they were short on fake reasons to do police state things before. The important thing is to let everyone know about the widespread spying.
Re: Re:
Yes, so the point is people’s UDIDs are not secure. That’s a problem. It’s a much larger problem if that information can be easily cross-referenced with other personal information/behavior histories/etc.
But that’s not the point Antisec is trying to make. They’re itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn’t. Interesting situation, indeed.
I don’t have much concern over this. Even if my UDID was stollen, I can easily change the password and thank God Mrs. Wally and I only use gift cards for payments on our iPods.
Re: Re:
Adding to this, it should be noted that the UDID’S that were stolen, do change and due to Apple’s “oppressive” approach of only allowing one computer-based iTunes account to be authorized on one computer at a time for up to 5 of your devices, the UDID system is non-effective to data theft on the scale shown here. The data stolen was 6 months old.
For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer’s hard disk.
In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.
How do you know that this whole event isn’t really Antisec’s doing but rather the FBI’s in order to reveal (in an offhanded way) that they’re hoarding all this personal data and then observe people’s response? Thinking about it, the FBI would have to be incredibly stupid to just leave that data just sitting on a laptop w/ internet access enabled, not to mention conveniently innoculous to all that uploading.
Or, it could be that Antisec is flat-out lying or that it’s all data they’ve gathered via other means and are now pinning the blame on the FBI.
Either way, there’s really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.
Thanks for the confirmation (denial).
Apple
I was under the impression, at least from what I’ve always heard from Apple and Apple fanboys, that Apple was infallible, and perfect. What happened Apple, and fanboys?
Re: Apple
Apple is not perfect….but they are a ton better than the FBI. The only useful data stolen was credit card information and it’s till a pain in the ass to make use of the UDID’s in the first place.
Here's Your Evidence
Here’s the MAC addresses of every computer in their field office –> http://bit.ly/RMfXlJ
Calm Down, People
As it turns out, Apple has confirmed that Antisec did not obtain the alleged UDIDs from the FBI:
http://gizmodo.com/5940692/apple-responds-to-alleged-udid-hack-dont-look-at-us?tag=udid
In addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:
http://gizmodo.com/5941919/where-anonymous-really-got-its-apple-ids-from-hint-not-the-fbi?utm_source=deadspin.com&utm_medium=recirculation&utm_campaign=recirculation
Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.
Re:
Unless of course, they have additional data BESIDES apple ids.