Apple Device IDs Leaked by Anonymous Traced to App Developer Blue Toad

Photo: Wired

Those Apple device IDs that an Anonymous offshoot claimed to have hacked from an FBI agent’s computer in March appear to have actually originated just weeks ago from the hack of a little-known app development company in Florida.

Thanks to some stellar sleuthing by a computer security consultant, the source of the Apple device IDs leaked to the internet by AntiSec last week has been traced to an application developer called Blue Toad.

David Schuetz, a security consultant with Intrepidus Group, described his method for tracking the IDs to Blue Toad in a blog post on Monday.

Schuetz said he searched for device IDs that made multiple appearances in the database and connected those IDs to the device names that the owners had created for their devices. Among those names, the words Blue Toad and BT appeared four times. More in-depth analysis helped Scheutz trace several of the devices to what appeared to be employees of Blue Toad.

Blue Toad, a developer of applications for magazine publishers and others, acknowledged to NBC that there is a “98 percent correlation between” the dataset of nearly 1 million Apple UDID’s released by AntiSec and a database of UDIDs that Blue Toad maintains. The company’s CEO said that their database had been hacked “in the past two weeks,” which differs from the timeline during which AntiSec claims it obtained the data last March.

Blue Toad did not rule out the possibility, however, that AntiSec was telling the truth when it said it stole the data from the laptop of an FBI agent.

Blue Toad CEO Paul DeHart told NBC that it was possible that “the data stolen from his company’s servers was shared with others, and eventually made its way onto an FBI computer.”

An Apple UDID is a 40-character alphanumeric string that is unique to each Apple device.

The hacker group AntiSec released a file containing nearly 1 million of the device IDs last week, saying they had obtained the IDs from an FBI computer they had hacked.

The hackers said they actually stole 12 million IDs, including personal information, from the hacked FBI computer, but released only 1 million in an encrypted file published on torrent sites.

In a lengthy post online, the hackers wrote that they had stolen the data last March, after they hacked into a laptop belonging to an FBI agent named Christopher K. Stangl from the Bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.

The hackers said the IDs were stored in a file on Stangl’s desktop that was named “NCFTA_iOS_devices_intel.csv.”

The FBI, however, denied that the laptop of an FBI special agent had been hacked, and also insisted that the Bureau never possessed a file containing the data the hackers released.

“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed,” the Bureau said in a statement. “At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”