
FBI Says Laptop Wasn't Hacked; Never Possessed File of Apple Device IDs - ssclafani
http://www.wired.com/threatlevel/2012/09/fbi-says-laptop-wasnt-hacked-never-possessed-file-of-apple-device-ids
======
m0nastic
I'm inclined to believe the FBI on this occasion, although the reasoning is
getting confusing ("But you've also bested my Spaniard...Surely I cannot chose
the wine in front of me")

If the Antisec account is accurate (that they popped this agent's computer),
then they most likely possess further evidence that they could release to
corroborate their claim (The .csv file may have been the only interesting
file, but presumably they copied off lots of uninteresting ones as well).

So if the FBI is lying, they have to assume that Antisec's next move would be
to release more corroborating evidence (because who wouldn't be upset over
being called a liar), which would then make the FBI look incredibly foolish
(as well as now on record as having given false statements).

This leads me to believe that the FBI is telling the truth, and that Antisec
obtained the list from somewhere else, and is just having a laugh at the FBI's
expense.

Sadly, I don't think either of these groups have built up an immunity to
Iocane powder.

~~~
stevenrace
Well the last time (June 2010) #AntiSec released UUIDs of Apple devices - Weev
went to jail. [1,2]

The '#FuckFBIFriday' releases have shown the incompetence of the FBI in this
realm. So I wouldn't be so quick to side with the FBI...

[1] <http://en.wikipedia.org/wiki/Weev>

[2] <http://freeweev.info/>

------
nemof
I wouldn't be inclined to trust anything the FBI has to say on this, not
because I have my tinfoil hat on, but within the context of the allegation
they are an unreliable witness, so to speak.

The question is, are these UDIDs real? If so, then where did AntiSec get them
from if not a compromised FBI laptop? If they'd hacked Apple or a carrier,
surely they'd be quite as happy to crow about that as anything else.

I can understand the idea of pinning the leak on the FBI, I'm just unsure as
to how plausible that is. They and their contractors have shown themselves
leaky enough to not need any fabrication of evidence in the pursuit of lulz.

~~~
diafygi
We checked our app's push notification token database against the leaked list,
and there are intersections (who we then notified). So I'm inclined to believe
that the list is genuine.

However, the story as to how they got released and from where is anyone's
guess at this point.

~~~
lurkinggrue
I made a word cloud of the leaked device names:

<http://i.imgur.com/k6Cfb.jpg>

I had to remove the words: iphone, ipad, ipod and DE as they overwhelmed the
display.

~~~
LeafStorm
Reply from Jebus (who has been hellbanned):

    
    
        Would you mind sharing the library used to generate that cloud? It looks awesome

~~~
mylittlepony
How does that hellban thing work? I wasn't notified, and that's a pity because
I think I have made some valuable comments, and now I realize no one was able
to read them? And probably will never try to contribute again since it's a
waste of time and is not appreciated.

~~~
nunb
What was your earlier account? I can check if the comments or submissions are
viewable.

~~~
mylittlepony
Jebus

------
rubidium
Not to say the FBI didn't get hacked, but the filename
"NCFTA_iOS_devices_intel.csv" is very strange to me.

It's almost exactly what I would pick if I were making up a filename to
incriminate the FBI/NCFTA. However, it seem's much too long for a usual
filename. Especially the "intel" part: if you work for the FBI, everything
about your job is intel. Why would you put it in the filename?

~~~
dwd
Should also have had spaces not underscores. Regular Windows users don't
follow *nix naming conventions.

~~~
aasarava
Sure they do, if they've been using computers since the DOS days.

~~~
niels_olson
You clearly don't hang out with a lot of old Windows users. its all
8LETTERS.txt or "Lots of Letters & stuff.doc" but never, ever conforms to a
consistent convention. I'm pretty sure an exuberant Anon declared this was
"intel".

------
forgotAgain
Source FBI statement: [http://www.fbi.gov/news/pressrel/press-
releases/statement-on...](http://www.fbi.gov/news/pressrel/press-
releases/statement-on-alleged-compromise-of-fbi-laptop)

There's just too much wiggle room in that statement for it to inspire any
confidence.

~~~
ralfd
"The FBI is aware of published reports alleging that an FBI laptop was
compromised and private data regarding Apple UDIDs was exposed. At this time,
there is no evidence indicating that an FBI laptop was compromised or that the
FBI either sought or obtained this data."

~~~
jpdoctor
> At this time, there is no evidence indicating that an FBI laptop was
> compromised

Yes, there is. It's on pastebin.

They need to say why the evidence is false.

~~~
sigzero
No, there isn't. The pastebin info "says" it was a compromised laptop. You or
I have no idea if that is true or not.

~~~
jasonwatkinspdx
Evidence is just stuff. It's not some magic object sprinkled with truth and
certainty pixie dust.

The connection between a given explanation and any evidence is a probabilistic
inference (Bayes Rule actually). You always have to weigh the likelihood of
the evidence occurring due to other reasons, be it accident or fraud.

Considering that a number of folks with large UDID lists have stated they've
found intersections, it seems the data itself is the real deal.

The only thing that's left is to debate the likelyhood of how they got it.

At the moment the burden is on the FBI. It'll take time to find the truth.
Even if the FBI release was written in good faith, they're a large
organization, and it takes time to figure out what's going on.

~~~
meric
Yes, also if someone leaks 1 million people's private data onto the internet
I'd think it would be FBI's responsibility to investigate how that happened.

------
eli
I'm certainly more inclined to believe them over the kids who posted the file.
AntiSec could be deliberately misleading people (for the lulz, I suppose), or
perhaps just simply didn't understand what they were looking at and what it
meant.

Though, of course, it wouldn't be the first time in recent memory that the FBI
flatly denied a damaging fact.

~~~
ahi
I'm not. I find it far more likely that the FBI doesn't know they've been
hacked yet. It takes time for institutions that large to figure stuff out.

~~~
Karunamon
And yet they flatly deny it instead of say they're investigating or they're
not sure.

That takes some hubris. And that's a trait that has gotten more than one
organization owned by Anonymous/*sec in the past.

~~~
y0ghur7_xxx
_And yet they flatly deny it instead of say they're investigating or they're
not sure._

They don't deny it. They say that "At this time there is no evidence
indicating that an FBI laptop was compromised". That's different. The evidence
is just not here _at this time_.

~~~
macchina
On twitter the FBI stated:

"We never had info in question. Bottom Line: TOTALLY FALSE"

~~~
BCM43
It's possible the person with access to the twitter account is not in the
loop, or did not consult with higher ups before posting that.

------
brokenparser
_"there is no evidence indicating that an FBI laptop was compromised"_

If their security really is as bad as AntiSec claims, this would make perfect
sense.

~~~
evgen
While you can read that claim as being "we are too clueless/dumb to even
realize we were hacked" an equally valid explanation is that they know that
they either do not have the dataset being distributed, have sufficient
canaries in said datasets that they know which ones come from them (for
finding leaks, etc), and/or know that no one person has access to a broad non-
targetted list with this info.

~~~
lotharbot
or they may know that there's no agent with the name/job description
specified, or they may know the true origin of the information in question.
There are a lot of ways the FBI could be sure the information didn't come from
them.

~~~
mbell
> There are a lot of ways the FBI could be sure the information didn't come
> from them.

And far more ways that they couldn't be sure.

------
Sanddancer
I find it most interesting that Apple hasn't mentioned a word as to this leak
at all. The FBI has denied, NCFTA has refused to comment, but why hasn't
anyone asked Apple as to their comments? This much data floating around had to
have come from someone with lots of info, and if it isn't apple, then who?

~~~
shashashasha
Apple has historically kept quiet while news media roils around, I wouldn't
expect a direct response from Apple unless this gets even louder.

~~~
jasonwatkinspdx
And more charitably, if there's a federal investigation going on in response
to this, they may be restricted in what information they can volunteer.

------
guelo
Their Twitter statement, "TOTALLY FALSE", contradicts their much more vague
official statement "At this time, there is no evidence indicating ..."

------
belorn
All we have is a claim, and a disclaim - both being equal likely to be false.

What is left to do is find out the original source. was it apple (can 12
million devices really be all devices from date X?), a carrier (is 12 million
apple customers reasonable), or is it from an app?

------
blakdawg
Read the statement carefully:

“The FBI is aware of published reports alleging that an FBI laptop was
compromised and private data regarding Apple UDIDs was exposed. At this time
there is no evidence indicating that an FBI laptop was compromised or that the
FBI either sought or obtained this data.”

it doesn't actually deny that the laptop was compromised, or that the FBI
asked for and received the data - it just say "at this time there is no
evidence" of that.

The twitter statement "Statement soon on reports that one of our laptops with
personal info was hacked. We never had info in question. Bottom Line: TOTALLY
FALSE" is a lot clearer.

I wonder why they had to move from "TOTALLY FALSE" to "at this time we have no
evidence."

There's also a lot of wiggle room there for them to say that the laptop was
not an FBI laptop (perhaps it belonged to the NCFTA), or that the NCFTA
requested/received the information from Apple, not the FBI.

The FBI may not be lying, but they're awfully good at telling the truth very
carefully.

------
mamma-mia
The kind folks at thenextweb have a set up a CGI script running against
queries against the csv file and are encouraging people to submit their device
ID's to "see if they're one the list".

Isn't this the same as when in the aftermath of massive password leaks, people
set up websites where you can "check and see if your password was leaked"?
What am I missing here?

Isn't the whole point is not to share the device ID or password with anyone?
Why should someone send their device ID to thenextweb? What will they do with
it?

Q: "Here's my password/device ID. Can you tell me if it's leaked?" A: "It is
now."

------
gnu8
It's well known that the FBI's IT infrastructure is an unparalleled disaster
and its agents are tragically unskilled when it comes to technology, even the
ones tasked with technology related investigations.

Therefore, there's no reason to believe the FBI even knows if they had that
data, if they had stored that data on a particular laptop, or if their laptop
had been compromised.

------
OpenFeint
I've been fetching results from the openfeint api for a bunch of the UDID's.
I'm not sure, but it may be significant that so many of the UDIDs get a result
from the API. Shouldn't openfeint only know about the UDID if the user has
played some game in their network? And wouldn't we expect that to be a
distinct minority of the total population of all ipad/iphone owners?

------
rbanffy
In their shoes that's exactly what I would say. I would give as little
information for as long as I could.

What else are we expecting them to say? That the data belongs to people being
investigated for X or Y? The phone of the special agent? The bar where he was
drinking when the laptop got compromised? "Oops, we messed up"?

------
ommunist
"Bureau of Paranormal Activity Research?! Are you kidding? There is no such a
thing!", said Director.

------
enraged_camel
Nobody really thought the FBI would admit to being hacked, right?

While there is no evidence that they _did_ get hacked, they are incompetent
enough that I find it very plausible.

~~~
smoyer
At this point I'm not inclined to believe the FBI any more than AntiSec ...
Maybe less. (typed on an iPad that's not on the list)

~~~
olefoo
> (typed on an iPad that's not on the list)

list is only 1/12th of the original file,

But don't worry, more than 200 million iOS devices are out there. 12 million
is only 6% of the key-space so, you're probably not in the original dump
that's in the hands of "anonymous".

