The FBI has denied claims by hacking group AntiSec that it snaffled millions of device IDs from an agent’s laptop.
Yesterday, AntiSec released over a million numbers that it said were Apple Unique Device Identifiers (UDIDs), saying it had 11 million more.
The group claimed it had harvested the data, using a Java vulnerability, from a laptop belonging to FBI agent Christopher Stangl. It says it also gathered other information, such as user names, mobile phone numbers and addresses.
The FBI, though, denies both that it’s been the subject of an attack, and that it ever had such information in the first place.
“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed,” it says. “At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
Certainly, the FBI agent named by AntiSec is real – indeed, he works to recruit white hat hack hackers for the organization. And, according to security firm Imperva, “The structure and format of the data indicates that this is a real breach. It would be hard to fake such data.”
Cynics will also note that there’s a big difference between saying there’s ‘no evidence’ of a breach, and saying definitively that none took place. An earlier tweet put out by the FBI stated: “Bottom Line: TOTALLY FALSE,” but was quickly followed by the less-definite version quoted above.
There’s been no further statement from the hackers so far. But a poster on the @AnonyOps Twitter account suggests: “FBI says there was no hack. That means either they’re lying or they *gave* the information up to someone in #antisec. It’s happened before.”
Whatever the truth, there’s been one rather delightful outcome of the day’s events. AntiSec said yesterday that it would only talk to the press if Gawker editor Adrian Chen could be featured on the front page wearing a tutu and with a shoe on his head.
And he’s very graciously obliged…