Apple and the U.S. Federal Bureau of Investigation have denied claims by hackers who said they stole information on 12 million Apple user accounts from an FBI computer.
Many of the hackers' claims were posted this week in a long online missive from the group calling itself Anonymous. The FBI said that there was "no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
Apple said it didn't provide any user information to the FBI or other organizations.
"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," said Natalie Kerris, an Apple spokeswoman.
The hackers may have posted some legitimate users' device names and the unique identifier codes assigned to their iPhones, iPads and iPod Touches, according to Sean Sullivan, a security adviser at F-Secure Corp. who examined a data file that the hackers released. It isn't known whether the hackers have the other information they claim to have redacted from the data file, including user names, mobile phone numbers and addresses.
"What they have released is not a very serious breach at all," Sullivan said, who said he doubts the veracity of the unsubstantiated claims.
The incident is the latest skirmish between hackers operating under the banner of Anonymous - who have often cultivated the media to promote their attacks, and have sometimes fallen short in their claims - and law-enforcement agencies and large corporations that the hackers argue are violating digital freedoms.
The hackers say they accessed the Apple data in March by breaking into a laptop of FBI agent Christopher Stangl, who has been active online in recruiting agents with cyber-security savvy. They claim to have used a vulnerability in Java, the popular Internet technology managed by Oracle Corp. whose flaws were exploited in attacks that infected more than 600,000 Mac computers in April and more than 100,000 Windows machines last week.
By themselves, the device codes released in the latest incident aren't sensitive. Called unique device identifier numbers, or UDIDs, they are just strings of numbers and letters that have limited value when viewed in isolation.
Still, taken with other information, they may be used to authenticate users trying to access a service. Amid privacy complaints, Apple earlier this year banned applications that use the code for tracking.
Apple said that its latest version of software for the iPhone and mobile devices introduces new features that replace the use of UDIDs, which eventually will be phased out.
Jordan Robertson and Adam Satariano are Bloomberg writers. E-mail: jrobertson40@bloomberg.net, asatariano1@bloomberg.net
No comments:
Post a Comment