Categories: Global Tech News

App Dev: Anonymous’s Claim That it Stole iPhone UDID From FBI is a Yarn

Members calling themselves members of the hacker collective Anonymous and the movement AntiSec claimed to have stolen 12 million UDIDs (unique device identifier) that are used to uniquely identify an iPhone, iPad, or iPod touch.

The groups claimed to have stolen the data from “a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team.”

But an app developer is calling that claim into serious question, after it decided to come clean, claiming the ids were stolen from its databases, not from the FBI.  It said all 1 million UDIDs nearly all (98 percent) matched those in its scooped table.  It claimed the table was illegitimately accessed two weeks ago — not back in March as Anonymous/AntiSec had claimed.

An Apple, Inc. (AAPL) spokesperson confirmed this was possible, commenting, “As an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type. Developers do not have access to users’ account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer.”

Blue Toad helps newspapers and other publications monetize their content via an app platform for the iPhone and iPad.
Pauld Dehart, CEO of BlueToad, who makes apps for written content publishers (e.g. magazines), commented, “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

Of course if you were prone to conspiracy theories, you could imagine that Blue Toad was “covering” for the U.S. Federal Bureau of Investigation.  More likely, though, whoever took the data — be it Anonymous/AntiSec or someone posing as the well-known “hacktivist” groups — spun the yarn about the FBI laptop to make the tale of a pedestrian SQL injection effort a bit more exciting.

If so, the ploy worked — the story received truckloads of attention from the media.  

The story is similar, in some ways, to Goatse Security’s 2010 illicit capture of 114,000 ICC-IDs — another unique identifier code which are associated with iPad/iPhones’ SIM cards on AT&T, Inc.’s (T) U.S. network.

Recent Posts

AMD Dual-Core Optimization Utility Available

AMD Dual-Core Optimization Utility Available

Improving dual-core compatibility for gaming

5.7″ ZTE ZMAX “Phablet” Coming to T-Mobile Sept 24 for $252

ZMAX will come with a Snapdragon 400 processor and 720p display

100 Northern California Households to Receive Plug-in Priuses

UC Davis dares to go where Toyota won't with the Prius

Apple on Microsoft Ads: PCs Are “No Bargain”, Macs Are “Cool”

An Apple spokesperson fires back over Microsoft's latest commercials

Update: 13.3″ Dell XPS m1330 Notebook Details Leaked

Engadget gets the scoop on Dell's latest "ultra-portable" notebook