1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Hackers claim FBI iTheft of IDs

September 4, 2012

Internet blogs were abuzz on Tuesday with a claim by hackers that the American FBI had collected personal data of millions of cell-phone and digital tablet users. In response, the FBI said "we're not commenting."

GettyImages 147142646 A man poses with a tablet on June 26, 2012, in the Parisian metro, on the inauguration day of a free Wi-Fi access available in forty-six Paris' public transportation sites including platforms of three underground stations. AFP PHOTO FRANCOIS GUILLOT (Photo credit should read FRANCOIS GUILLOT/AFP/GettyImages)
iPad iPhoneImage: Getty Images

The hacking collective AntiSec said to prove its claim it had posted on the Internet a sample of one million user identities in the form of unique device IDs (UDID) of Apple iPhones and iPads, which are 40 typographic characters long.

AntiSec, a movement which rejects pressure from computer software security firms on customers to fully disclose private details, said its evidence was obtained in March from a notebook PC of a FBI operative who worked at a cyber policing center in New York.

A man wearing a grey jacket. On it a FBI logo.
'No comment,' says the FBIImage: AP

Inside the stolen data file, said AntiSec, was a tabular list of 12.3 million UDIDs.

The Internet blog 'geekosystem' said, if proven, the disclosure by AntiSec could be "one of the worst data privacy disasters yet."

It added that, if accurate, the file could point to the National Cyber-Forensics & Training Alliance, a non-profit, public-private corporation set up to fight cyber crime.

Experts seek verification

Although it was unclear whether the FBI had been tracking Apple users, the British security firm Sophos said it was obvious that the FBI data was not adequately stored.

"Hacking into computers is a criminal act -- and I would anticipate that the FBI and other law enforcement agencies will be keen to hunt down those responsible," said Sophos spokesman Graham Cluley.

Commenting via a social network service, Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, said the leak was "real" and that he had found three of his own devices listed in the leaked data.

"Also notice that they claim to have full name, addresses, phone numbers etc..," Kruse said.

But Johannes Ullrich of the SANS Internet Storm Center told the news agency AFP that it was difficult to verify the AntiSec claim.

"There is nothing else in the file that would implicate the FBI. So this data may very well come from another source."

"The size of the file...  would imply a widespread, not a targeted tracking operation, or the file was just kept in case any of the users in the file needs to be tracked," Ullrich said.

AntiSec claimed that government services were hunting hackers world-wide while at the same time recruiting hackers to pursue political agendas within government circles.

ipj/mz (dpa, AFP)