Purloined Apple IDs: Either the FBI or AntiSec is Lying

One thing is for certain in the case of the purloined Apple IDs: Either AntiSec, an anti-government hacktivist group, or the FBI is lying. And it won’t take long to figure out which one.

UPDATE: IT Security Hack 1, AntiSec 0: Stolen Apple UDIDs Didn’t Come from FBI

First, AntiSec claimed it hacked the laptop of an FBI special agent and stole a file containing 12 million Apple unique device identifiers (UDIDs) and the associated personal information.

To back up the claim, AntiSec—allegedly a 14-month-old joint operation of Anonymous and LulzSec—posted a document to Pastebin on Monday that contains links to about a million Apple UDIDs. AntiSec also said it has 11 million more IDs.

From the AntiSec post:

“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”

Upon reading this I—and many others, no doubt—thought, “What the heck is the FBI doing with all that stuff?” It is hard to imagine the agency obtaining the information legally. Whether or not the data was legally obtained, if the claim proves to be true it could start the Mother of All Feces Storms for the Bureau. While Americans will (inexplicably) tolerate DHS’s broken “Do Not Fly” list, storing personal information on 12 million people is a whole different story.

The FBI yesterday issued a statement and denied having the list:

“At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

This leaves us with a number of possible scenarios:

1. The FBI is trying to hide its involvement via the most pathetic cover-up since Watergate.
2. AntiSec doesn’t have the document it claims to have.                                            
3. AntiSec does have the document but it came from somewhere else, and the group is trying to pin it on the Feds for PR purposes.
4. AntiSec is trying to pull off an amazingly-stupid smear campaign using nothing more than a Twitter account and a hope chest.
5. AntiSec wants to get people pissed off about Apple’s data collection practices and this was the only way the group could get anyone to care.
6. The FBI is pulling off some weird double-reverse backdoor effort to discredit AntiSec.
7. I could go on and on, but you get the idea.

Von Hoffman’s Law says, “’People are stupid’ must be the first reason considered as an explanation for any event.” But even so, I find the two explanations of FBI involvement very hard to believe. (Please feel free to offer other possible theories in the comments section below.) This is not because of any deep-seated trust in the FBI. I live in Boston where the Bureau spent decades protecting murderous thug James M. “Whitey” Bulger from other law enforcement agencies.

It’s AntiSec’s original claims that rub me the wrong way. First, it says it got the info from a device used by an FBI agent named Christopher K. Stangl. Mr. Stangl is a real person and is in fact an FBI agent. He was featured in a 2009 recruitment video titled “Wanted by the FBI: Cyber Security Experts.”

In other words, it would truly be poetic irony if Special Agent Stangl’s computer was broken into. The irony level is so high it makes me suspicious. I’m not saying it didn’t happen, but it seems too perfect. It will need to be substantiated by someone other than the group trying to get some attention from the press for me to believe it.

AntiSec’s methods of obtaining the info also seem fishy. It says it got the data last March by exploiting a Java security problem–not the recently-discovered Java security problem, but an earlier one. This strikes me as another suspicious coincidence. Java security issues have been all over the news lately. Then, voila!, it’s also the cause of this alleged leak. Again, I’m not saying it didn’t happen, but I’m suspicious.

I do not think we will have to wait long to find out the truth. If AntiSec does have the data it now has to release the information in some form or the public won’t believe it. Not terribly long after the group does that, someone in the IT Sec community will figure out where the data likely came from. Then those folks will likely track the data’s possible provenance. 

So AntiSec: Time to put up or shut up.