back to article FBI says Apple ID heist claim is TOTALLY FALSE

Hot on the heels of AntiSec’s claim that the purloined Apple device IDs it dumped to Pastebin came from the FBI, the G-men have flatly denied the story. In a statement e-mailed to the press, the FBI says simply: The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple …

COMMENTS

This topic is closed for new posts.
Silver badge

As with all American presidents...

"[Self Proclaimed] Leader of the Free World"

As for the article; neither side are renowned for being trustworthy. I'll wait for a more thorough third party analysis of the data before jumping to any conclusions.

4
1
Pint

Re: As with all American presidents...

I think the US has lost it's cold world power that arguable made it the leader of the "free world".

The problem is bad US leadership might be better than the current situation of no leadership.

Beer, because thats the only honest way to make things unclear.

1
5

Re: As with all American presidents...

what d'ya free?

1
0

Re: As with all American presidents...

"I'll wait for a more thorough third party analysis of the data"

I too am waiting for the fox news explanation.....

3
0

Re: As with all American presidents...

what d'ya free?

Any country we think needs to be 'freed'.

0
0
Silver badge
Black Helicopters

All your iPhones are belong to us

2
0
Meh

. . . I like trains.

4
0
Silver badge
Black Helicopters

I'd put more weight behind the FBI's story if they didn't lose an average of 3-4 laptops each month and about the same number of firearms. I'm not saying they are incompetent but if it looks like a duck and quacks like a duck...

7
3
Anonymous Coward

What about weighing the same as a duck? So they are made of wood, so they burn, so they are a witch.

7
1
Silver badge
Black Helicopters

Nah... I don't think it's theirs. I think it was probably ripped either by a fake, planted app, or from the database of an app company who harvested the data. Antisec had no other real use for it, so tied a false flag to it.

Consider:

The hackers were very adamant as to specifically where the data came from: The very public face of the FBI's anti-hacking spokesman. That was a little suspicious to start with. It's a blatant attempt to disgrace a 'public' enemy.

Why would the FBI have that data on that person's laptop? Specifically.

If it was for practical use for some sub-rosa purpose, it would/should not be on the laptop of someone who does lots of public presentations and carries it around.

If the FBI were doing some mass-analysis of Apple owners, they'd have more than just a small slice of incomplete user data, one would hope. It's 'not good enough' for a federal agency.

If you breached a PC with the data on an FBI machine, they'd be other tools with it, showing how the data was used. Who the hell would just take the database and not uncover the rest? That's just stupid. You'd pull down the whole house of cards and expose what was being done... unless of course it WASN'T from the FBI and there isn't a house of cards. Or unless you were somehow totally stupid.

5
2

They might not necessarily have the complete data set due to data protection laws, it could be that otehr investigates are being given access to cleansed data for analysis which allows much bigger teams to look at the data without security issues or data protection problems. Once a device of interest is identified it would then be matched up at a later stage for proper investigation.

2
1
Silver badge
Stop

"They might not necessarily have the complete data set due to data protection laws"

That makes no sense. They either have legal access to the (full) list, or they already rode roughshod over it and the partial list is illegal, so why not have the equally illegal full one?

"it could be that otehr investigates are being given access to cleansed data for analysis which allows much bigger teams to look at the data without security issues or data protection problems. Once a device of interest is identified it would then be matched up at a later stage for proper investigation."

If it were a pared-down special interest database, it would contain further information rather than raw data, or there would have been a second database containing that information. As-is, the list is DATA, and of no actual isolated use. Which brings us back to why - if this was on an FBI machine - did the hackers not pull any of the surrounding data that would have been incriminating.

0
2
Silver badge
Happy

Re: Psyx

I see two possible options.

Firstly, it's a real list and it was on a laptop being used by Spankme or whatever his name is, but it was a personal laptop and not an FBI one. Note that the FBI statement says explicitly that no FBI laptop was hacked, not that no laptop was hacked. What Spankme was doing with the list is anyone's guess - it might be that he has an app on the iTunes store and it collects UDIDs, or it may be a list recovered from as evidence and he was trying to work out what the hackers were doing with it.

Second option is that the list is from somewhere else and Anti-Sec are trying to discredit Spankme and the FBI by implying that the FBI has some dark scheme for spying on the fanbois. Why the FBI would want to keep tabs on the technically-challenged is again anyone's guess, but probably because they are a danger to themselves if they are silly enough to fall for the Apple sales-pitch.

2
1
Silver badge
Pint

Re: Psyx

Would you be allowed to carry evidence on a personal laptop in the FBI, though?

You can definitely sign me up for option 2. I appreciate everyone loves a conspiracy, but I just don't see the reason for it, and the tin-foil hat brigade haven't been able to summon a single logical argument, other than "Ah, well, they *would* deny it, wouldn't they?", which is frankly something more akin to what I'd expect from a religious fundamentalist.

Again with Occam's Razor: If it comes down to whose word do you trust, is the the law enforcement organisation, or professional criminals who like getting their name in the media?

2
0
Anonymous Coward

Re: have the complete data set due to data protection laws

If you've cleaned the database as you've described for so a broader base of investigators can use it., the data you'd clean is precisely the data they've released. I've not been involved in that data handling personally, but have done support work for such a group.

0
0
Bronze badge
Happy

The penalty for being a witch is they shove a living snake up their ass.

0
0
Silver badge
Stop

Re: have the complete data set due to data protection laws

"If you've cleaned the database as you've described for so a broader base of investigators can use it., the data you'd clean is precisely the data they've released. I've not been involved in that data handling personally, but have done support work for such a group."

So why not release the dataset and tool used to manipulate said data?

Unless the hackers are a bunch of fucking liars...

0
0

Re: have the complete data set due to data protection laws

"So why not release the dataset and tool used to manipulate said data?"

That's the whole idea of it, the two data sets would be stored independently. We work with massive data sets for fraud investigation and by not keeping the person identifiable information with the actual data you can get round some of the data protection rules which would otherwise make things more difficult and complicated.

Typically although not as stupidly as the FBI are being made out to be, the data we work with would just be sitting on the network in a folder, the identifiable information would be stored on a number of encrypted devices such as memory sticks which are then stored in audited safes throughout the various company sites with limited staff access. An analyst would go to the seniors says here's the evidence, here's the device id or record id and then a senior would check against the secure data.

One of the reason we also do this is to reduce the risk of data being compromised or even an investigation being compromised by someone spotting a friend is being investigted etc

0
0
Anonymous Coward

Re: Psyx

US law enforcement organs have been thoroughly discredited, so yeah - anything they might say is automatically suspect and anything they keep repeating loudly is most likely false. This might change if they introduce some accountability and transparency into their processes.

2
2
Silver badge
FAIL

Re: Re: Psyx

"...This might change if I loosen up my tinfoil hat and let some blood reach my brain." There, fixed it for you.

1
3
Silver badge
WTF?

Re: Psyx

"US law enforcement organs have been thoroughly discredited, so yeah - anything they might say is automatically suspect"

Yes, but it's a binary choice. What is *more* suspect:

The internally audited law enforcement agency

The criminals who like media attention.

It's not the first. As suspect as they might be, the second choice is always moreso.

0
0

This post has been deleted by its author

Anonymous Coward

wonder why...

If the FBI in no way had this list, I find it a weird co-incidence that within a week of this hack supposedly taking place, apple quickly implemented their plan to reject all new applications that in any way use the UDID.

3
3
Anonymous Coward

Re: wonder why...

"If the FBI in no way had this list, I find it a weird co-incidence that within a week of this hack supposedly taking place, apple quickly implemented their plan to reject all new applications that in any way use the UDID."

I don't what that is but logical is what it certainly isn't.

1
0
Facepalm

> within a week of this hack supposedly taking place

Presumably the possibility that the list came from elsewhere than the FBI hasn't occurred to you then?

1) Obtain rather boring list of data from ISP or Apple or someone

2) Claim its from the FBI

3) Succeed in bigging up story beyond wildest dreams

6
2
Anonymous Coward

Re: > within a week of this hack supposedly taking place

ah yes, becuase a random company losing a handful of UDIDs will make apple jump through hoops in a timeframe of just a few days. Theres only a few organisations make big business move quickly, one of those would be government pressure.

0
2
Silver badge

Re: > within a week of this hack supposedly taking place

"ah yes, becuase a random company losing a handful of UDIDs will make apple jump through hoops in a timeframe of just a few days."

*Millions* of UDIDs.

And yes: It would.

1
0
Anonymous Coward

He said... / She said...

AntiSec said they nicked a million iPhone/iPad records from the FBI.

The FBI said the tale is bullshit.

Apple knows the truth. Changes are on the way.

0
1
Silver badge
Stop

Re: He said... / She said...

Apply Occam's Razor, instead of leaping to the 'juiciest' conclusion.

1
0
Happy

Re: He said... / She said...

Oh but the 'juiciest' conclusion is so much more fun!

0
0

Re: He said... / She said...

Apple will just patent the method used to steal it, that will stop those crafty hackers.

0
0
Silver badge

Should be easy to check..

After all, the Hachtivists claimed the source to be from a specific agent's laptop...

Between public records and other Stuff A+B would probably amount to 4, but still...

0
0
Silver badge

Re: Should be easy to check..

It is, the FBI did, and they provided the answer.

But that won't stop a Birther from claiming The Big 0 was born in Kenya, and it won't stop this silliness either.

1
0
Megaphone

"There is no evidence of"...

Never means "It didn't happen"

And nearly always means "The evidence of it happening has been removed"

2
3
Silver badge
Black Helicopters

This post has been removed by the FBI.

5
1
Silver badge
Facepalm

Re: "There is no evidence of"...

"There is no evidence of"...

Never means "It didn't happen"

And nearly always means "The evidence of it happening has been removed"

Just like god!!! You can't prove he didn't exist either, so it's the most logical conclusion that he did.

0
0
Anonymous Coward

So there's a page where people enter their UDID to check if their UDID was leaked? Will it soon emerge that there's a database of Apple UDIDs with associated IP addresses?

8
0
Anonymous Coward

lol

That's what I was thinking...luckily you only need to provide the first 5 characters of the UDID to do the search (although I bet some numpties type in the whole thing)

0
0
Pint

I actually believe the FBI. The denial came out very fast, and the idea of that file existing on an agents laptop is a bit OTT.

0
0
Silver badge
FAIL

Why would ANYONE believe ANYTHING either the FBI or a GOVERNMENT SAYS?

In the US there is a felony (serious) law that makes lying to Federal officials an offence.

What they REALLY need is felony legislation that makes it illegal for Federal employees to lie to the public. That would shut them up.

2
1
Anonymous Coward

Typical Antisec

Worthless dribble and baseless claims to get media attention.

1
0
Anonymous Coward

Some thingto think about.

How did he get the info on his laptop. The FBI uses encryption on their computers. The soft they uses encrypts all data that the PC writes to removable media.So unless the person took thier personal lap top to the feds to install the certificates, how did he get it on his laptop ?

0
0
Anonymous Coward

Re: Some thingto think about.

They claim that they used recent java vulnerability to acquire a shell session on the said laptop.

0
0
Trollface

It wasn't an FBI laptop, it clearly said HP on it.

BYOD? No lie.

But really now: I think its a quite good scam to make people check if they're on the list and thereby obtaining said list . . .

1
0
Anonymous Coward

Carefully-worded non-denial actually.

At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

Absence of evidence is not evidence of absence. There could simply be no evidence because they haven't looked yet, and they wouldn't technically be lying, but they still could have done it.

(Remember all those years the government said there was 'no evidence' that eating BSE-laden beef could cause vCJD - while simultaneously refusing to fund any experiments to look for such evidence?)

1
0
Anonymous Coward

"there is no evidence"

It wouldn't be the first time American agencies have lied and some have publicly admitted their lies. I seem to recall a government minister having to apologise for misleading the house because he'd been lied to by America.

Very specific denials that seem to mean one thing but actually mean something else are however favoured.

Anyone who takes what an agency says at face value is a fool.

0
0
Anonymous Coward

Pissing up a rope

Antisec caught B.S.'ing again.

1
0
This topic is closed for new posts.

Forums