Apple, FBI play down alleged Anonymous hack

Anonymous says it obtained a bunch of iPhone and iPad user IDs. Not so, counter the FBI and Apple. 

Apps are shown on the screen of an Apple iPhone.

Reuters

September 5, 2012

Over the weekend, the "hacktivist" group Anonymous released a cache of more than a million of what it said were Apple Unique Device Identifiers, or UDIDs, which were apparently stored on a computer owned by an FBI agent. At least a few security professionals think the breach might be for real. But today the FBI sought to distance itself from the Anonymous allegations – if not refute them altogether. 

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency said in a statement. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

As Anonymous partisans have gleefully noted, there's a little wiggle room here: "no evidence" is different from "it never happened." 

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

Meanwhile, Apple has issued its own statement on the hack.

"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," Natalie Kerris, an Apple spokeswoman, told The New York Times. "Additionally, with iOS 6, we introduced a new set of [application programming interfaces] meant to replace the use of the UDIDs and will soon be banning the use of UDIDs." 

In summary: Apple says it didn't give the UDIDs to the FBI and the FBI says it (probably) never had the UDIDs.

So should we be worried?

Well, sort of. Anonymous, it's worth noting, has only released a series of UDIDs, not the names and addresses associated with those UDIDs. Still, says Rob Rachwald, director of security strategy at Imperva, that doesn't mean Apple users aren't at risk. 

Howard University hoped to make history. Now it’s ready for a different role.

"If the hackers have what they claim, they may be able to cross-reference the breached data to monitor a user's online activity – possibly even a user's location," Rachwald told Information Week. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today. But with the full information that hackers claim to have, someone can perform this type of surveillance. This implies that the FBI can track Apple users."