FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs

Credit: Jon Snyder/Wired

The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.

The FBI also said it did not possess a file containing the data the hackers said they stole.

In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

In case that wasn’t emphatic enough, the FBI also tweeted:

Over the weekend, the hacker group AntiSec released an encrypted file that containing 1 million Apple device IDs and device names that the group said was obtained from an FBI computer they hacked.

The hackers said the original file contained 12 million IDs, including personal information, but they released only 1 million (leaving out the personal data) in an encrypted file published on torrent sites.

In a lengthy post online, the hackers wrote that last March, they hacked a laptop belonging to an FBI agent named Christopher K. Stangl from the bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.

The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”

The file, according to the hackers, contained a list of more than 12 million Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of devices, types of devices, Apple Push Notification Service tokens, ZIP codes, cellphone numbers, and addresses.

The hackers suggested in a tweet from the @AnonymousIRC account that the FBI was using the information to track users.


But the FBI disputes this. The FBI did not say whether the NCFTA, which was allegedly referred to in the file name the hackers obtained, possessed the data.

NCFTA refers to the National Cyber Forensics and Training Alliance. The NCFTA is a non-profit that was founded in 1997 by FBI agent Dan Larkin as a conduit between private industry and law enforcement agencies to help them exchange data and cooperate on cases.

The organization’s members include financial institutions, telecommunications firms, ISPs, and other private industries.

The NCFTA did not respond to a call seeking comment.

Apple UDIDs are a 40-character alphanumeric string that is unique to each Apple device.

The hackers say they released the Apple UDIDs so that people would know that the FBI may be tracking their devices and also because, they wrote in their online post, “we think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently … but well, in this case it’s too late for those concerned owners on the list.”

Apple has been criticized for hard-coding the IDs in devices, since they can be misused by application developers and others to identify a user, when combined with other information, and track them. Last April, Apple began rejecting applications that track UDIDs.

The Next Web has created a tool for users to check if their Apple UDID is among those that the hackers released.

Update 9.6.12: Apple, which had initially declined to comment on the story, released a statement after the FBI released its statement. According to Apple, “The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID.”