FBI Denies That Hacked Apple Info Came From FBI

from the then-where-did-it-come-from dept

Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI’s laptop. As we noted at the time, the file was called “NCFTA_iOS_devices_intel.csv,” which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:

The FBI’s denial comes after an earlier, weaker denial, in which they just said they had “no evidence” to support the story. Now they’re saying it’s “TOTALLY FALSE” (all caps for EMPHASIS). And, of course, Antisec folks are reminding the FBI (and the public) that they’re still sitting on 3TB of additional data from this hack — which suggests that they’re planning to release more to prove that the hack really was of an FBI machine. Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.

Filed Under: , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Denies That Hacked Apple Info Came From FBI”

Subscribe: RSS Leave a comment
Mike C. (profile) says:


You know, this could go either way. On the one hand, we’ve got Antisec potentially sitting on a ton of additional information which could cause no small amount of embarassment to the FBI. On the other hand, this reply from the press office could just be a ploy to intentionally get them to release more in the hopes that Antisec slips up and shows their hand too early.

Excuse me… I gotta go pop some popcorn…

Tunnen (profile) says:

Re: Re: Re:

I can understand having an external hard drive connected to a laptop, but if this was a hack over the Internet what kind of bandwidth did the connection to this laptop have? It’d take almost 6 days to download 3 Terabytes at 50 Mbps. That’s 15 years over a 56k modem. Even if you managed to get a sustained 1 Gbps of bandwidth, you are still looking at about 6 hours.

You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we’re talking about…

SD says:

Re: Re: Re: Re:

If they hacked the FBI they probably were smart enough to send the data to a server somewhere that they anonymously paid for, rather than trying to push 3TB over 7 proxies. It would have still taken a while but not more than a few days over a fiber uplink the FBI should be using.

Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it’s own. If they they are trying to stop the problem at that point, they’ve already lost. I don’t see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.

New Mexico Mark says:

Re: Re: Re: Re:

Anyone with a smidgen of hacker skills would likely encrypt the outbound data. Most forms of encryption compress as well. csv data files like this compress like crazy, and it is quite feasible that it might have been as little as 30-90 GB of transferred data. Not trivial, but certainly not a big deal on a fast network. If a device is already somewhat of a data warehouse, large network transfers might be normal.

That said, I’m not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.

Anonymous Coward says:

Re: Re:

“3TB of data from a laptop? What am I missing here?”

What you are missing is the implausibility of the file being 3TB. The file is .csv, that means “comma separated values”. In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:

12M * 250 = 3G

Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.

Anonymous Coward says:

Re: Re: Re: Re:

Reread the earlier story on this. Particularly look at: “on his laptop, they found a csv file”. Antisec got 12M records in one CSV file. They have released a redacted version of 1M records, to prove they have got the data. Only idiots are now pretending that they do not have all the data, thereby proving that the FBI’s IT security skills are pathetic.

The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.

The Logician says:

When an organization such as the FBI becomes more concerned with its image and its own power rather than the well-being of the citizens it is intended to serve, the logical course of action is to oppose it and expose its corruption, as Antisec has done. It is at this point that the FBI must be reformed or removed, as it has forgotten the purpose it was created for. To do so, it must be made to collapse from the weight of its own bureaucracy. This leak and its exposure by Antisec are conducive to that process and should be encouraged.

letherial (profile) says:

When presented with two different story’s i ask myself who is more believable, who has more credibility and who has more interest in lying.

I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI…so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.

DataShade (profile) says:

Well, hypothetical … what if the FBI really did “never had” the information, because it was always remotely accessed from an NCFTA server?

FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because “o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz” seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).

AntiSec grabs the post-it, logs into NCFTA website, downloads file.

FBI issues factually accurate but still deceptive denial.

Anonymous Coward says:

reasonably obvious that the FBI would deny the leak came from them. had they admitted it did come from them, they would have been automatically admitting that they had the data in the first place, thereby opening themselves up to questions of why they had the info to begin with. i suppose their answer would be that everyone on the list is a terrorist, at least until we decide they are not but that could take a while

relghuar says:


As to the size problem (3TB) – depends on what Antisec guys meant. If it’s 3TB of plain text (like the CSV file with UDIDs, or some logs or whatever) and it has been stored compressed, the ratio could be anywhere from 1:5 to 1:15 (we regularly get over 1:10 for apache log files), so at 1:10 it would be 300GB of data. Still not very plausible to come from single notebook, but not THAT awful… Anyway, that’s just a mental exercise, certainly not any precise analysis ๐Ÿ™‚
For the FBI claiming they never had that data – well, I definitely CAN imagine a scenario when they wouldn’t even know they had it, or at least know exactly what they had.
I’ve heard speculations the data came from hacked iPhone App vendor – might be, but perhaps the vendor didn’t have to be hacked? Perhaps the vendor could have – generously – share the data with NCFTA (well that’s what they’re for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
I really can’t decide what’s worse – if their lying through their teeth, or them being so incompetent they don’t even KNOW what’s being shared with them.
On the other hand, it could explain why they say CISPA is necessary – of course they need new laws, when they don’t know about anyone sharing any relevant data with them :-/

Ninja (profile) says:

Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.

That. Should be amusing. The sad part is that we’ll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.

Anonymous Coward says:

Re: Re:

Yes, so the point is people’s UDIDs are not secure. That’s a problem. It’s a much larger problem if that information can be easily cross-referenced with other personal information/behavior histories/etc.

But that’s not the point Antisec is trying to make. They’re itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn’t. Interesting situation, indeed.

Wally (profile) says:

Re: Re:

Adding to this, it should be noted that the UDID’S that were stolen, do change and due to Apple’s “oppressive” approach of only allowing one computer-based iTunes account to be authorized on one computer at a time for up to 5 of your devices, the UDID system is non-effective to data theft on the scale shown here. The data stolen was 6 months old.

For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer’s hard disk.

In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.

Michael says:

How do you know that this whole event isn’t really Antisec’s doing but rather the FBI’s in order to reveal (in an offhanded way) that they’re hoarding all this personal data and then observe people’s response? Thinking about it, the FBI would have to be incredibly stupid to just leave that data just sitting on a laptop w/ internet access enabled, not to mention conveniently innoculous to all that uploading.

Or, it could be that Antisec is flat-out lying or that it’s all data they’ve gathered via other means and are now pinning the blame on the FBI.

Either way, there’s really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.

Willton says:

Calm Down, People

As it turns out, Apple has confirmed that Antisec did not obtain the alleged UDIDs from the FBI:


In addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:


Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...