Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

FBI Denies AntiSec Claims of iOS Related Privacy Violations

The FBI has issued a flat-out denial on the claims made Tuesday by AntiSec,which said the law enforcement agency was hoarding personal information on some 12 million Apple customers. However, the statement leads to more questions than answers.

The FBI has issued a flat-out denial on the claims made Tuesday by AntiSec,which said the law enforcement agency was hoarding personal information on some 12 million Apple customers. However, the statement leads to more questions than answers.

To recap, AntiSec released 1,000,001 Unique Device Identifier (UDID), records, taken from a list of 12 million, after scrubbing of other personal information such as user names, device names, device type, Apple Push Notification Service tokens, zip codes, cellphone numbers, home addresses, and more. They claim the data was taken from an FBI laptop on during the second week of March 2012.

The file itself, NCFTA_iOS_devices_intel.csv, led many to wonder if Apple had handed the data over willingly, as NCFTA stands for the National Cyber-Forensics & Training Alliance, which “functions as a conduit between private industry and law enforcement.” 

There is plenty of debate around how the file was compiled and obtained, including the fact that an app for iOS is to blame. But the FBI has denied that it was taken from them. In a statement, the agency says they are aware of the reports alleging that the data came from a compromised laptop, but they have no evidence to back any of this up.

“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data,” the statement reads in full.

Responding to the statement, comments on Anonymous’ Par:AnoIA website pointed out that the absence of evidence does not mean the breach never happened. In addition, other experts note that while an agency laptop might not have been breached, a personal laptop could have been.

“We would like to point out that at this time, we have no reason to doubt the claim that the data in question was indeed obtained from the agent’s notebook. The fact that the FBI has no “evidence” of a databreach on one of their notebooks does not allow the conclusion that it never happened,” the post said.

UUIDs have been called a privacy disaster, and Apple has said their use would be phased out. Additional details on UUIDs and the problems they pose can be seen here

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.