RSS
FBI Denies That Hacked Apple Info Came From FBI
from the then-where-did-it-come-from dept
Earlier today, we wrote about Antisec releasing some Apple UDIDs to show that it had apparently collected info on 12 million Apple users, which it claims to have found when it hacked into an FBI's laptop. As we noted at the time, the file was called "NCFTA_iOS_devices_intel.csv," which implied that it came from the National Cyber-Forensics & Training Alliance, a vehicle set up to allow companies to share info with the government. However, the FBI is now flat out denying that any of its laptops had been hacked or that it had the info. Antisec is, to say the least, unimpressed:
The FBI's denial comes after an earlier, weaker denial, in which they just said they had "no evidence" to support the story. Now they're saying it's "TOTALLY FALSE" (all caps for EMPHASIS). And, of course, Antisec folks are reminding the FBI (and the public) that they're still sitting on 3TB of additional data from this hack -- which suggests that they're planning to release more to prove that the hack really was of an FBI machine. Either way, now that the fight is happening on Twitter, it seems time to grab some virtual popcorn, sit back and watch the fireworks.
Reader Comments (rss)
(Flattened / Threaded)
This is just going to instigate the hackers to release more or all of the data >.>
[ reply to this | link to this | view in chronology ]
Ploy?
Excuse me... I gotta go pop some popcorn...
[ reply to this | link to this | view in chronology ]
Re: Ploy?
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re: Pick me!
[ reply to this | link to this | view in chronology ]
Re:
Might be more than one laptop. Also, not impossible. I have over 1TB connected to this laptop between its internal hard drive and the tiny portable one strapped to it...
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re: Re:
You would think someone would have noticed the huge spike of network activity for such a long time, but I guess this is the FBI we're talking about...
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
Large upload monitoring can be thwarted by splitting the data into smaller packets. Any small leak could be damaging on it's own. If they they are trying to stop the problem at that point, they've already lost. I don't see any reason a dossier on Apple devices and their owners would need to be that accessible in the first place.
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
That said, I'm not convinced about the FBI thing yet. The temptation to grab the data from one site but embarrass another party could be strong. (The breached organization might even still be accessible.) One would assume that some other unique info from the laptop would be forthcoming pretty quickly if this were true. More of the same data does not at all strengthen the case that this was from FBI.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re: 3TB from a laptop or not
[ reply to this | link to this | view in chronology ]
Re:
and exceeds the amount the DEA can hold on its servers for long term storage by 1TB.
[ reply to this | link to this | view in chronology ]
Re:
What you are missing is the implausibility of the file being 3TB. The file is .csv, that means "comma separated values". In other words it is a plain text file with text fields separated by commas. Each record consists of a line of text. Looking at the names of the fields, in the story earlier today, each field is only going to be a few bytes. So each record will be around a few hundred bytes. There were 12M customers, pick 250 bytes as a reasonable guess for the average record size, then multiply out:
12M * 250 = 3G
Do the maths for yourself. Somebody got their Gigabytes and their Terabytes mixed up. The file is 3GB, not 3TB.
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
The calculation showing the file to be 3GB, not 3TB, stands. You are never going to get to the truth of this matter if you are unable to distinguish lies and mistakes from the truth.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
12000000 * 250 B = 3000000000 B
3000000000 B/1024 = 2929687,5 MB
2929687,5 MB/1024 = 2861,023 GB
2861,023 GB != 3 GB
It's not 3 TB but it definitely is at least 2.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re:
Should be
3000000000 B/1024 = 2929687,5 KB
2929687,5 KB/1024 = 2861,023 MB
2861,023 MB != 3 GB
G M K B
3 000 000 000
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: 3TB
[ reply to this | link to this | view in chronology ]
But if the FBI say it, then it must be true... they'd never lie...
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
FBI profile
[ reply to this | link to this | view in chronology ]
Nixon would be proud...
[ reply to this | link to this | view in chronology ]
New words/idioms
Woodward, Bernstein and a tutu in one Tweet! Impossible!
FBI #TweetRelease
Anon vs FBI #TweetFight
[ reply to this | link to this | view in chronology ]
I asked myself that question, and sadly the anonymous hacker group i know nothing about is more trustworthy then FBI...so maybe the FBI has some PR to do, it will only take a 5 or 6 generations to change it.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
popcorn
[ reply to this | link to this | view in chronology ]
If the FBI swore the sun would rise tomorrow,
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
FBI Agent leaves laptop open with a username and password in plain view or written on a post-it (because "o hai Im FBI! c my gun pew pew! I haz nashunul seekrits lulz" seems to fit the profile of a joker who shows up to a hacker conference to shill for the FBI in an EFF tshirt).
AntiSec grabs the post-it, logs into NCFTA website, downloads file.
FBI issues factually accurate but still deceptive denial.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Is it true ?
[ reply to this | link to this | view in chronology ]
Well...
For the FBI claiming they never had that data - well, I definitely CAN imagine a scenario when they wouldn't even know they had it, or at least know exactly what they had.
I've heard speculations the data came from hacked iPhone App vendor - might be, but perhaps the vendor didn't have to be hacked? Perhaps the vendor could have - generously - share the data with NCFTA (well that's what they're for, right), and the NCFTA could then share the data with FBI, which (surprisingly, given their famous technical knowledge and overall high level of skills) could then loose the data by getting hacked (real shock, never happened before).
I really can't decide what's worse - if their lying through their teeth, or them being so incompetent they don't even KNOW what's being shared with them.
On the other hand, it could explain why they say CISPA is necessary - of course they need new laws, when they don't know about anyone sharing any relevant data with them :-/
[ reply to this | link to this | view in chronology ]
That. Should be amusing. The sad part is that we'll be seeing more cybersecurity FUD being spread after this totally missing the point Antisec ppl are trying to make. Oh and FBI will try to fuck up a few lives in the process just for vengeance.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re:
But that's not the point Antisec is trying to make. They're itching for a fight with the govt to prove the govt is willing to fight. Right now, at least publicly, it isn't. Interesting situation, indeed.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
For iTunes on the PC, you have to authorize the use of an iOS device by logging into your iTunes account with your Apple ID. When authorized on one computer, you cannot transfer any purchased items from iTunes from your iDevice to other computers without first deauthorizing your main computer and authorizing said device to your next one. It automatically knows and sends a report to Apple if you reformat the computer's hard disk.
In short, the UDID information is useless unless you can locally and physicslly get onto the authorized computer for a set of devices.
[ reply to this | link to this | view in chronology ]
Or, it could be that Antisec is flat-out lying or that it's all data they've gathered via other means and are now pinning the blame on the FBI.
Either way, there's really no way of knowing for sure at this time. Unfortunately, if any of this turns out to be true, the real victims are the 12.3 million whose private info has been compromised.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Apple
[ reply to this | link to this | view in chronology ]
Re: Apple
[ reply to this | link to this | view in chronology ]
Here's Your Evidence
[ reply to this | link to this | view in chronology ]
Calm Down, People
http://gizmodo.com/5940692/apple-responds-to-alleged-udid-hack-dont-look-at-us?tag=udid
I n addition, a third party has alleged that the UDIDs came from their servers, not from the FBI:
http://gizmodo.com/5941919/where-anonymous-really-got-its-apple-ids-from-hint-not-the-fbi?ut m_source=deadspin.com&utm_medium=recirculation&utm_campaign=recirculation
Its amazing that the folks on Techdirt are willing to give more credibility to a rogue association of hackers over that of the FBI. Stop being stupid.
[ reply to this | link to this | view in chronology ]
Add Your Comment