pio3 /

September 4, 2012; Source: Washington Post

The hacker group AntiSec (a coalition consisting of people claiming affiliation with hacking groups Anonymous and LulzSec) has posted online one million Apple unique device identifiers (UDIDs) and claims that the release came from a larger list of 12 million UDIDs it says it stole from the laptop of FBI Supervisor Special Agent Christopher K. Stangl. AntiSec is accusing the FBI of storing the UDIDs, which are unique to specific apple devices and may be attached to information such as personal phone numbers, names and addresses, to track users. The hackers say that the data was found in a file titled NCFTA_iOS_devices_intel.csv and the Washington Post reports that NCFTA could potentially stand for National Cyber-Forensics Training Alliance, which it notes was “created to proactively address cyber crime.”

Several analysts have confirmed that the leaked data does include some authentic Apple UDIDs, and cyber-security consultant Aldo Cortesi, who has been warning about just such a problem for more than a year, called the leak “a privacy catastrophe.” Did the list of UDIDs really come from an FBI computer? AntiSec has not produced evidence documenting this claim.

The FBI’s response to this situation has lacked real conviction. First, an FBI spokeswoman said that the agency had no comment. A few hours later, the FBI’s press office tweeted that “We never had info in question. Bottom Line: TOTALLY FALSE.” But an official statement from the FBI didn’t go quite so far, stating, “there is no evidence that an FBI laptop was compromised or that the FBI either sought or obtained this data.” As CNET notes, there is a big difference between the outright denial in the tweet and an official statement that takes no such stance.

Privacy rights advocates are justified in demanding a clearer official statement on this issue from the FBI, perhaps something along the lines of, “Hell no, we are not keeping track of the individually identifiable Apple devices of approximately 12 million people.” On the other hand, if AntiSec is telling the truth, privacy advocates would be justified in demanding congressional hearings. This is worth keeping an eye on. –Mike Keefe-Feldman