World News: Apple device IDs stolen – rumors of FBI involvement denied

– World news selected by Gazette editors for Phuket’s international community

PHUKET: Identification numbers for more than one million Apple products that were posted online by hackers last week had been stolen from a Florida-based digital publishing firm, not from the laptop of an FBI agent in New York, the company’s chief executive officer said on Monday.

On September 4, a post on the text-sharing website Pastebin claimed ‘Anonymous’ affiliate AntiSec had hacked the laptop of FBI agent Christopher Stangl during the second week of March 2012 by using a vulnerability in the computer’s Java software. The group said it downloaded a CSV file which turned out to be a list of 12,367,232 unique device identifiers (UDIDs) for Apple products.

To demonstrate it has the information, which included some personal information such as user names, device names, type of devices and Apple Push Notification Service tokens, AntiSec released more than 1 million of the Apple numbers. But the FBI quickly denied it was the source of the data, saying it never sought or obtained such information.

On Monday, Paul DeHart, the CEO and President of Florida-based digital publishing firm BlueToad, confirmed a cyber-attack earlier this month at his company had led to the theft of Apple UDIDs from its systems. “Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems,” he said in a statement.

DeHart said the company has since fixed the vulnerability and is working to prevent security breaches in the future. “We sincerely apologize to our partners, clients, publishers, employees and users of our apps,” he said. “We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy.”

But in a statement yesterday, AntiSec denied BlueToad was the source of the data, insisting it had never heard of the company. “We got fire from the GoDaddy scandal the same day news magically also got front page everywhere discrediting the FBI hack with some company making themselves responsible (?!) LOL!” the statement, written in broken English, said.

It added: “But there’s a little bit problem. First we don’t know what the f[explicit] is BlueToad and wtf is doing on this. But, more juicy thing, you have a problem, Houston: Some journalists knew about this hack quite long time before you, blue toast (or whatever), declared to be hacked. XD Lulz. Epic fail is epic.”

Technology security experts last week described the breach as serious but said the information will not allow hackers to break into peoples’ iPhones.

As lockergnome.com, a commentator on Internet trends, asks: “At the end of the day, one question still remains: Why does the FBI have 12 million UDIDs on its laptops, anyway? What or who is it tracking?”

To counter such web-based speculation, the FBI issued the following statement yesterday afternoon saying it was never in possession of the data claimed stolen by AntiSec.

“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

— Phuket Gazette Editors

World News