Apple, FBI play down alleged Anonymous hack - Christian Science Monitor (blog)

Anonymous says it obtained a bunch of iPhone and iPad user IDs. Not so, counter the FBI and Apple. 

By Matthew Shaer / September 5, 2012

Apps are shown on the screen of an Apple iPhone.

Reuters

Enlarge

Over the weekend, the "hacktivist" group Anonymous released a cache of more than a million of what it said were Apple Unique Device Identifiers, or UDIDs, which were apparently stored on a computer owned by an FBI agent. At least a few security professionals think the breach might be for real. But today the FBI sought to distance itself from the Anonymous allegations â€" if not refute them altogether. 

Skip to next paragraph

Recent posts

' + google_ads[0].line2 + '
' + google_ads[0].line3 + '

'; } else if (google_ads.length > 1) { ad_unit += ''; } } document.getElementById("ad_unit").innerHTML += ad_unit; google_adnum += google_ads.length; return; } var google_adnum = 0; google_ad_client = "pub-6743622525202572"; google_ad_output = 'js'; google_max_num_ads = '1'; google_feedback = "on"; google_ad_type = "text"; google_adtest = "on"; google_image_size = '230x105'; google_skip = '0'; // -->

Subscribe Today to the Monitor

Click Here for your FREE 30 DAYS of
The Christian Science Monitor
Weekly Digital Edition

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency said in a statement. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

As Anonymous partisans have gleefully noted, there's a little wiggle room here: "no evidence" is different from "it never happened." 

Meanwhile, Apple has issued its own statement on the hack.

"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," Natalie Kerris, an Apple spokeswoman, told The New York Times. "Additionally, with iOS 6, we introduced a new set of [application programming interfaces] meant to replace the use of the UDIDs and will soon be banning the use of UDIDs." 

In summary: Apple says it didn't give the UDIDs to the FBI and the FBI says it (probably) never had the UDIDs.

So should we be worried?

Well, sort of. Anonymous, it's worth noting, has only released a series of UDIDs, not the names and addresses associated with those UDIDs. Still, says Rob Rachwald, director of security strategy at Imperva, that doesn't mean Apple users aren't at risk. 

"If the hackers have what they claim, they may be able to cross-reference the breached data to monitor a user's online activity â€" possibly even a user's location," Rachwald told Information Week. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today. But with the full information that hackers claim to have, someone can perform this type of surveillance. This implies that the FBI can track Apple users."