LE MONDE (France), THENEXTWEB (USA)
A group called AntiSec, linked to international hacker movement Anonymous, claims that it has broken into an FBI computer to obtain the User IDs of 12 million Apple iPad and iPhone owners, which include private user data.
Apple has declared that it has nothing to do with any collection of data by the FBI, while the U.S. federal investigators insist they never had the data in question in the first place. But even as the source of the data leak remains a mystery, at least one million and possibly up to 12 million Apple users have had their private information compromised. An expert, or a government, could use this information to monitor millions of users at a time.
This latest online privacy breach began on September 4 when AntiSec published a slightly cleaned-up sample of the huge file, which is preceded by a "long and chaotic manifesto," according French daily Le Monde. Personal names were eliminated (in hacker culture it is unethical to publish names of the innocent), but the names given to computers by their users were published. According to Le Monde, thousands of these apparently belong to Apple customers in France.
According to the manifesto, the hack was aimed at the FBI's New York cyber-security chief Christopher Stangl, in revenge for his recruiting for the FBI at a major hacker conference in Las Vegas. There is bad blood between Anonymous and the FBI since the collaboration of Hector Monsegur, known in hacker circles as Sabu, with the FBI against his former hacker friends at Anonymous, starting in June 2011. This resulted in the March arrests of five top Anonymous hackers.
AntiSec claims that a few days later, it penetrated Stangl's laptop remotely, found a huge file labeled iOS intel, signed NCFTA [National Cyber-Forensics and Training Alliance], and stole it. When extracted, according to AntiSec, this file contained the 12 million user IDs.
Within a few hours of AntiSec's announcement, webmagazine TheNextWeb had put up a search engine allowing Apple customers to search by their own user ID to see if it was listed. On Twitter, AntiSec encouraged those who had been hacked to find which Apple applications were feeding the data to the FBI, via crowdsourcing.
The FBI, without denying outright AntiSec's accusations, issued a statement that “there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
Apple hastened to offer its own statement that “the FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs [user interfaces] meant to replace the use of the UDID and will soon be banning the use of UDID.”
The AntiSec file has been downloaded thousands of times by journalists, bloggers and the curious. For many people, the FBI is the ideal culprit. Meanwhile, AntiSec has already announced that it will be publishing more extracts in the near future.