FBI denies leaked Apple device IDs came from agent's laptop

The FBI is denyingclaims thata laptop of one of its agents was hacked by a group operating under the name AntiSec thatsays it obtained12 million Apple device IDs from the computer last March.

AntiSec said itgot the unique device identifiers, or UDIDs, by exploiting a Java vulnerabilityand accessing a desktop folder on the laptop of a special agentwho workedwith theFBI's regional cyber action and evidence response teams in New York.

The IDs arestrings of numbers and lettersassigned to Apple devices running the mobile operating system iOS, such as iPhones, iPod Touchesand iPads.

They are used by software developers to trackApple customers' use of mobile apps although Apple has recently stopped accepting apps that use UDIDs after customers complained that they violated their privacy.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency said in a statement Tuesday afternoon.

"At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Hackers, FBI press office go head to head on Twitter

TheFBI press officealsoTweeted about the matter, saying, "We never had info in question. Bottom Line: TOTALLY FALSE."

The hackers responded with their own tweet on the FBI's feed that said "Wait, what? So because you don't know of any data breach it never happened? So the conference call was fake, too? ;-)"

They later alsotweeted another commenton the@AnonymousIRC Twitter feed,where news of the leak first appeared:

"You know you're doing something right if @FBIPressOffice throws caps at you on Twitter to deny an #Anonymous statement," thetweet said.

The @AnonymousIRC feed is used bythe international hackercollectiveAnonymous, whichgained notorietywhen itcame to the defence of WikiLeakswith a series of high-profile cyberattacks against companies that boycottedthe activist groupafter it released a series of classified U.S. diplomatic cables.

AntiSec said it uses the @AnonymousIRC Twitter feed, one of several associated with Anonymous,to share ideas and post news of its activities.

Personal data not published

Instructions for accessing one million out of the 12 million UDIDsallegedly obtained by AntiSec wereposted on the website Pastebin.comin an at timesrambling text peppered with expletives and anti-establishment rants againstcertain perceived abuses and corrupt actions of security agencies, governments and corporations.

Pastebin isa site used to temporarily store and share various kinds oftext andprogramming code and has been used to release statements about hacking activities in the past.

Some of the IDs were associated with personal information of the device owners,such as names, cellphone numbers and postaladdresses, while others were not linked with any personal data.

AntiSec said it removed all personal details before postingthe IDs online.

AntiSec, orAnti-Security,is the name given to an operation aimed at hacking into the computer systems of government agencies and financial institutions launched last year by theinternational hacker collectiveAnonymous and one of its offshoots,Lulz Security, or LulzSec.

"Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments," Lulz Security said in a June 19, 2011,post on Pastebinannouncing the Anti-Security initiative.

Privacy concerns over UDIDs

AntiSec said ina postexplaining the UDID leak that part of the motivation behind it was to point out the dangers of assigning specific codesto devices that can be tracked.

"We always thought it was a really bad idea. That hardware-coded IDs for devices concept should be eradicated from any device on the market in the future," the group wrote on Pastebin.com.

The groupalso saidit publicized the IDs in order to draw attention to the fact that the FBI was compiling such information, and to get people to startasking why the law enforcement agency might becollecting the data, and what they could be doing with it.

"We have learnt it seems quite clear nobody pays attention if you just come and say 'Hey, FBI is using your device details and info'," the group wrote.