Forgot your password?
typodupeerror
Apple Your Rights Online

App Developer Says Stolen UDIDs Came From Them, Not FBI 180

Posted by samzenpus
from the who's-to-blame dept.
pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."
This discussion has been archived. No new comments can be posted.

App Developer Says Stolen UDIDs Came From Them, Not FBI

Comments Filter:
  • This just shows that you cannot trust anonymous. but then again.. WOOHOO, EA SPORTS [youtube.com]!!
    • by Anonymous Coward on Monday September 10, 2012 @02:08PM (#41290561)

      Or maybe that you just can't trust Blue Toad, who got paid behind the scenes to take the fall for this.

      Or maybe that was a double fake, and that this whole thing was set up as a distraction by Google to undermine iPhone.

      Or maybe it was actually stolen by the EFF, who then spoofed an FBI operation for Anonymous to find so that they could promote their agenda.

      (Or maybe you're completely right)

    • by hemo_jr (1122113) on Monday September 10, 2012 @03:23PM (#41291639)

      As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.

      • As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.

        Exactly. The FBI doesn't have to have gotten the data directly from Apple or NSA hackers or somesuch. However, you can't discount that the hackers might have been motivated to lie in order to smear the FBI, too.

    • by Dr Max (1696200)
      Who says the FBI didn't steal it from blue toad, then anonymous stole it from the FBI?
  • Flowers By Irene?
    • by amicusNYCL (1538833) on Monday September 10, 2012 @02:05PM (#41290513)

      As phrased by an article at ZDNet, it's any company that allows this result:

      So there are two things we know: Apple and the FBI are back on the Christmas card lists of the general public, and hackers apparently lie.

      Apple and the FBI are good, and hackers are bad. Apparently that's the lesson to take away from this.

      According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.

      • by Sarten-X (1102295) on Monday September 10, 2012 @02:22PM (#41290773) Homepage

        According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.

        As soon as I saw that, my thought was "so that's where the kid thought he was".

        I figure a script kiddie broke into the Blue Toad servers, found some documents talking about working with the government (perhaps the FBI in particular), then found the UDIDs, and jumped to the conclusion that they had broken into an FBI system involved in domestic surveillance. Then they release it as Anonymous in an act of misguided privacy activism, throwing in an agent's name (possibly even mentioned in the found files) for credibility.

        I'm jumping to conclusions myself, though, and assuming that there's some shred of truth to anybody's statements.

        • Re: (Score:2, Insightful)

          by Em Adespoton (792954)

          ...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).

          • by Infernal Device (865066) on Monday September 10, 2012 @02:49PM (#41291175)

            ...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).

            It could also be that the developer got hacked w/o being involved with the FBI in any way, prior to the attack.

            Which, on the whole, is a lot simpler explanation than a conspiracy theory.

            • The developer got hacked prior to the attack? Do you mean that the attack was directly against Blue Toad? Or are you saying they got hacked, then they got attacked?

              I like my answer better: the data likely originated with them, and eventually got from there to AntiSec's computers, through some unknown path that they claim involved the FBI, and the FBI claims didn't. Everything else is pure guesswork.

            • by idontgno (624372) on Monday September 10, 2012 @03:33PM (#41291781) Journal

              Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."

              However, this neglects the little-known fact that William of Ockham was one of the founding members of the real Illuminati (and not the 18th-Century cover organization everyone knows about). He planted his philosophical disinformation into the intellectual culture specifically to cover the elaborate and long-running schemes he knew his secret society would enact over the coming centuries. By making us think that the simpler solution is the better one, he innoculated us against uncovering complex and insidious schemes, or believing them if they are uncovered. Fnord.

              • Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."

                The internetization of Occam's Razor is "If something could have happened by any wild stretch of the imagination, that's how it happened."

            • ...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).

              It could also be that the developer got hacked w/o being involved with the FBI in any way, prior to the attack.

              Which, on the whole, is a lot simpler explanation than a conspiracy theory.

              Meh.. given the subject, both seem equally plausible to me. Not that it matters, who in their right mind would trust the FBI or anonymous?

  • Hm... (Score:5, Insightful)

    by JustAnotherIdiot (1980292) on Monday September 10, 2012 @01:56PM (#41290357)
    Which side to believe when both sides are known liars?
    • Re:Hm... (Score:4, Insightful)

      by Gaygirlie (1657131) <gaygirlie@hot m a i l.com> on Monday September 10, 2012 @01:58PM (#41290415) Homepage

      I was just thinking the same: Anonymous have time and again lied about stuff, but so has the FBI and the FBI could just have paid Blue Toad to take the blame or made some other deal with them. Can't know, really, and with that in mind I'll just assume maliciousness from both parties.

      • What "Anonymous"? Wasn't the point of Anonymous that there is no Anonymous?
      • Re:Hm... (Score:5, Insightful)

        by Anonymous Coward on Monday September 10, 2012 @02:16PM (#41290677)

        Oh this is getting funny.

        Ridiculously unlikely conspiracy theory get blown out of the water? Not a problem... just double-down on the crazy!

        Let's see if I've got this straight. So the FBI and Apple are secretly in collusion to provide LE with a database of increasingly-useless UUID's, and the FBI stored this super-secret database in-the-clear on a laptop, the database was stolen from the FBI, but they somehow know the people that did it can't demonstrate that, so they secretly paid a 3rd party a big sum of cash to take a nasty PR hit, knowing the public (excepting those unusually perceptive slashdotters) would buy he cover story since it's, you know, far more likely to have happened that way in the first place.

        Have I got it?

        • Re:Hm... (Score:5, Funny)

          by ColdWetDog (752185) on Monday September 10, 2012 @02:32PM (#41290927) Homepage

          You're forgetting the fact that it was Obama's fault all along.

        • > Have I got it?

          Almost, the story needs more explosions and a comic relief.
          Be sure to shoot the film in 3D.

        • The funny thing is the conspiracy theory guys are missing the most juicy conspiracy theory sitting right there in front of them.

          The list was super-obviously not from the FBI right? So why would Anonymous leak such a list, when it so obviously would come back and damage credibility?

          The answer s obvious. The FBI was in fact "Anonymous" that leaked the original list, known it would be disproved and make Anonymous look bad. The original leak was just credible enough that the real Anonymous would not speak ou

        • ...and the FBI stored this super-secret database in-the-clear on a laptop

          The operator of the laptop did that...

          ...so they secretly paid a 3rd party a big sum of cash to take a nasty PR hit

          the same company who they are contracting with in regards to Public Relations [wikipedia.org]

          ...knowing the public (excepting those unusually perceptive slashdotters) would buy he cover story since it's, you know, far more likely to have happened that way in the first place.

          Isn't that the whole point to PR firms/departments/companies - to protect the organizations public perception?

          Regardless of far you want to twist/stretch things - I'm still defaulting to the bad guys at fault (ie: the Feds :-P )...

        • The simplest answer is Blue Toad is doing outsourced work for the FBI or another agency. Or it's as the article says, they have those ids because the've sold stuff to 11 million unique iPxd devices. Or both. What better cover than start a legitimate company selling to Peter and Paul at the same time. It's possible the DOS/DOD/FBI has outsourced this for multiple reasons. Not the least of which *might* be deniability. UDID? Us? No way. Never. That would be our sub-contractor's job. The gov't routinely outsou

          • The next question should be, "Why did Blue Toad have 11 miilion UDIDs from Apple and where did they get it from?"

            Because Blue Toad like many other Apple App developers used to have their iOS app send their servers the UUID and some personal information. It became against the rules some time ago, but this list dates from when it was still a common practice.

            The UUIDs and the info did not come from Apple.

            Several people pointed this out in the original story comments, but looney-tunes conspiracy nuts chose not to believe it.

        • It isn't a matter of a legit theory, it is a matter of a belief they have which they'll try and find any evidence and force it to fit in to. It can get wilder and wilder the more their stuff gets shot down, but they never stop with it.

      • by zzsmirkzz (974536)

        FBI could just have paid Blue Toad to take the blame

        That's assuming that Blue Toad isn't just a front-company for the FBI to start with. No payment necessary and is possibly how the FBI got the list in the first place. i.e. The normal way, through an undercover operation, disguised as an iPhone developer company.

      • Can't know, really [...]

        There's nothing wrong with that, but if that's case, your participation in the discussion really needs to start and stop right there. Too many people view their personal ignorance of a situation as a license to make shit up based on their world view rather than do any kind of research.

      • I personally think "Anonymous" is an entity created by the FBI to make "hackers" look bad, and to justify such things as spending money on "cybersecurity" and taking away people's privacy and freedom on the Internet.
      • Give Anonymous a break, it's an anarchist colective. Organization of message may not be their strong point. I'm more loath to trust the FBI. Largely because this scary shit could easily be tied to some good initiative but they remain oddly silent.
    • by SuperKendall (25149) on Monday September 10, 2012 @02:19PM (#41290717)

      How is Blue Toad a liar?

      They are admitting a serious breech which impacts goodwill at the company.

      Even at the time of the UDID release, I argued that the simplest explanation was simply that the list came from some app developer that had a server collecting some data. After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete, the only reason why such data would be sparse is that it was collected by an app that ran on a variety of devices with a variety of information provided by the users. There was also no reason WHY the FBI would even care about a UDID for a user since Apple had discontinued use months ago and there is really no way to use that data for anything useful.

      Now the Blue Toad admission verifies what was already by far the likely scenario. At this point to believe anything else is right up there at the three-tinfoil hat level.

      • by MikeMo (521697)
        The /. crowd would rather believe the FBI is lying. They will contort themselves to protect that belief. Just as with so many other issues discussed here, like Apple and Android.

        Goodbye karma. sigh.
        • Re: (Score:3, Insightful)

          by Anonymous Coward
          The original claim that the list came from the FBI is an amazing act of trolling. There are way too many people who not only believe that the instant they hear it, but will never let it drop, regardless of how much other evidence or pieces of the story come out.
        • The /. crowd would rather believe the FBI is lying.

          And that Apple is evil, don't forget that bit of confirmation bias.

    • by Hatta (162192)

      I don't trust the FBI at all, but WTF were they going to do with a patchy database of deprecated hardware IDs?

    • by Sir_Sri (199544)

      Which side to believe when both sides are known liars?

      I'd err on a developer (not necessarily this developer, but A developer), because 12 million device ID's for a collection of phones would be bizarre for the FBI. Why not just get all of them, or a more targeted subset. 12 million always seemed like it was everyone that downloaded some particular app or collection of apps, it's just not clear which one(s).

      Which doesn't negate the possibility of it being on a laptop in the FBI's possession either - I just don't see what could such a half assed effort at sur

    • by Solandri (704621)

      Which side to believe when both sides are known liars?

      Oh come on. Do you really have to ask? Does scientific methodology go out the window whenever it's politically inconvenient?

      You can't prove a negative. The FBI cannot prove they're not the source of the leak. Therefore the burden of proof has to be upon Anonymous to prove that they got the files from the FBI.

  • Or the FBI (Score:3, Interesting)

    by Lawrence_Bird (67278) on Monday September 10, 2012 @01:56PM (#41290365) Homepage

    was given the data by an insider or hacked it themself first.

    • Why Why Why (Score:2, Interesting)

      by SuperKendall (25149)

      The data file is of no use to the FBI. It has way too little data compared to total number of devices. UDID's have been of no use to anyone since about the start of the year.

      The data file also had WAY too little information (too sparse) to be of much use in correlation. In short, there's no good reason why the FBI would care about a list of UDID's even if you tried to GIVE them to the FBI.

      There is no logical reason why the FBI would care at all about the data set shown; to my mind that's the most damnin

      • In fact, history shows that all of the three letter agencies gather information which has no apparent value or use and were just fishing expeditions. We also have no idea what other sources of UDIDs they may have which could have additional information that can be cross referenced to BlueToad app users, which depending on the material published might be of great interest to the FBI.

        • We also have no idea what other sources of UDIDs they may have which could have additional information

          They may have such a list. But that'e even MORE of a reason why they would not have the Blue Toad list - there is NOTHING in there really worth cross-referencing to, if they had such a list it would have as you said way more data.

          The Blue Toad list is worthless as something to corss-reference TO. The Blue Toad list is worthless as a list to cross reference FROM.

          Why can't you and others accept the by FAR s

    • Only on Slashdot would this get modded as 5 interesting.
  • The real question! (Score:4, Interesting)

    by HornWumpus (783565) on Monday September 10, 2012 @01:57PM (#41290379)

    The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?

    Lets run those apps under traffic analysis. The version that was live a week ago.

    • Re: (Score:2, Insightful)

      The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?

      Read the story. The data was stolen off of Blue Toad's servers. The FBI wasn't part of this at all. Anonymous lied.

      • Right. You're a company which has data in the same class as anonymous claims to have stolen from the FBI. So naturally you get a copy and check if it's yours, then publicly claim it.

        Somebodies lying, that's for sure.

        • by Desler (1608317)

          Because we all know companies routinely go around telling people they have been compromised and data stolen when it's all a lie. Uhhh, what?

        • Or maybe you make a public announcements because you're afraid that security experts are going to figure out that it was your company's database that was compromised and would rather preempt it to try and control the message. You know, kind of like how David Schuetz, a third party, figured it out, and then Blue Toad decided to work with him to make the announcement themselves rather than have multiple security experts make announcements about it.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      You seem stuck on the premise that the data ever existed on an FBI computer. While that is possible, it is certainly no longer the simplest explanation.
  • by KhabaLox (1906148) on Monday September 10, 2012 @01:57PM (#41290383)

    4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?

  • by Anonymous Coward
    Surprise, surprise. Excuse me while I go back to read the pages of FBI-Apple conspiracy theories on the last related slashdot post, where this infinitely more likely possibility didn't appear until about the 3,000th post.
  • woohoo (Score:4, Funny)

    by zlives (2009072) on Monday September 10, 2012 @01:58PM (#41290397)

    the fbi check cleared... i did it

  • by hawguy (1600213) on Monday September 10, 2012 @02:01PM (#41290459)

    If the FBI was caught doing something illicit or illegal, wouldn't you expect them to come up with an alternate source of the data to cover up their behavior?

    • Oliver North called, looking for Blue Toad's address to gift them a barely-used sword to fall on.

    • A very useful definition of religion is "the lack of falsifiability". If there is no evidence which would convince you that the FBI isn't a bad actor in this case then your claims are not falsifiable. Therefore, your belief that that "the evil government is out to get you" is a religion. I'm not sure when it happened, but at some point most of Slashdot was swallowed up by this same "Church of the Tin Foil hat". It used to be funny, then it got scary, now it is just boring.

      Since this is your religion, there

      • by Americano (920576)

        It used to be funny, then it got scary, now it is just boring.

        No, it's still kind of scary. Consider: these are supposed to be the rational, intelligent, science-minded geeks, for whom logic and reason trump everything. Watching the de-evolution of ostensibly rational people from a fact- and logic-based worldview to one based on primitive superstition and fueled by paranoid delusion is disconcerting.

        • One person's paranoid delusion is another person's rational conclusion based on the facts and evidence available.

          Fact, the Feds have build a huge database on every person in America.
          Fact, the Feds want to build a National Facial recognition system to track every citzen in America.
          Fact, the Feds have made wide indiscriminate tapping of inbound and outbound international phone calls in secret hidden and without reasonable suspicion.
          Fact, the Feds have a long history of lying to and deception of the publi
          • by Americano (920576)

            Need I go on?

            Fact, you're simply underscoring my point.
            Fact, the UDID's are useless for any sort of "tracking."
            Fact, you're taking a bunch of completely disparate individual points and trying to make a pattern out of them.
            Fact, the human brain is very good at this, which is why we often times fool ourselves into believing that we see deep patterns in fundamentally random data.
            Fact, you're doing it right now.

            So... No, you need not go on, unless you're prepared to provide a much stronger argument than "some u

            • Actually, I consider my fact #2 to quite a strong argument, unless of course you see nothing wrong with a National infrastructure designed to be able to track any given individual and hence by definition *every single individual* in the US 24/7/365.25, to be nothing to worry about.

              I for one find it deeply disturbing that anyone in the US even thinks this is even remotely a good idea, and not at the least not in the top three most insidious ideas ever put forward. I can tell you one thing if it ever happe
              • by Americano (920576)

                Actually, I consider my fact #2 to quite a strong argument,

                I consider it pretty irrelevant. UDIDs are useless for any "tracking" purpose - and even if they *were*... these UDID's were not taken from an FBI computer.

                So explain how any of your shouty mad paranoia has anything to do with this, won't you?

          • by Urza9814 (883915)

            You forgot one that I would consider among the most important:

            FACT: The feds have been proven to have arrested, detained and tortured people who were, at the time of their abuse, known to be innocent of the crimes they were accused of. (Anyone who is not familiar with this, spend some time on Google. Khalid El-Masri is a good example, though hardly the only one)

      • You're absolutely right! The governement has no desire or plans to track every person in America. If they wanted to track every person in America, they'd just install/tap into a nationwide facial recognition network, which we know they'd never ... oh wait ...

        you mean they are installing a nationwide facial recognition system? Well, they'd never implement a nationwide database of every person's DNA they could get their hands on. What? Oh.

        Well at least they aren't compiling a list to track identities of e
  • Just because someone denies it's happening doesn't mean it isn't. And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens. History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy". Of course, in doing so, they trample the very protections meant to protect the innocent, and so many people are in jail simply because they were in t

    • And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens.

      If you think that way about the FBI, then you know the list was not from the FBI.

      With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.

      It was always bullshit to think this list was from the FBI. It was painfully obvious the list was published by a group that

      • by Sancho (17056) *

        With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.

        I have no reason to disbelieve the Blue Toad story, but your suggestion doesn't consider all of the quite reasonable possibilities.

        First of all, it assumes collusion between Apple and the FBI, which isn't a requirement for the FBI to have 12million UUIDs. Even with collusion, the FBI could have requested only certain UUIDs.

        More likely, the FBI has an app (Child ID.) The UUID database could have come from that. Or they could have other apps not branded with "FBI", or they could have colluded with an app d

    • by pitchpipe (708843)

      History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy".

      Just wait until they couple this [extremetech.com] with data from Facebook. Oh wait, what am I worried about? They're the good guys, right?! And this is a new age where shit like that could *never* happen. Yeah.

      Anyone here remember J. Edgar Hoover [wikipedia.org]?

  • I RTFA (Score:4, Informative)

    by Ecuador (740021) on Monday September 10, 2012 @02:10PM (#41290579) Homepage

    I RTFA to see why a company would voluntarily make such a claim ( unless they are an FBI front ;) ), and it seems the company were contacted by an outside researcher who suggested they were the "leak" (and perhaps would tell the world if they did not confess?). There are no further details that seemed interesting in case you were tempted to RTFA.

    But of course the whole case seems rather uninteresting to me. A list of UDIDs. Wow, if FBI has them, they might also know who owns the UDIDs and have a pretty good list of annoying consumers with which you can't have a rational discussion on the subject of electronic devices. So what?

  • 2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.
    • 2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.

      Perhaps their database has changed since it was hacked?

    • Numerically, in comparison to the number 1, yes, 2% of 1,000,000 is a lot. However, when the list is a current list of known UDIDs, which you get from users who have installed your apps, and you're comparing a list that was leaked at some time in the past that was at least a week ago with your current list, a 2% change in the sets isn't that much.

  • Since possessing such info is usually against the law for the FBI to have, agencies like the FBI have private companies gather it up for them. Then the FBI, or the NSA, or the CIA, or whoever, just gets the data on request through the "legal" channel of the private company. This is standard procedure. This means that the story is not danrathered yet; we are perhaps splitting hairs. The question is: WHO were they gathering the information for? Anyone? Was that "anyone" any law or spook service that asked for

  • Two Guys From Quantico Pizza
  • If both datasets measure or collect the same data, that they would have 98% of their data coincide is not that unlikely.

    Depending on the collection methods used, they might get a 100% match if the data was collected through some common data-access method at near the same point in time.

    I see this more as an attempt to discredit anonymous than anything else at this point -- which lends legitimacy to their claim of the FBI doing the monitoring.

    Note -- I find the above to be near equal likelihood of being true

16.5 feet in the Twilight Zone = 1 Rod Serling

Working...