Two nights ago, a group of hackers claiming to be Antisec announced via Pastebin that they had hacked an FBI computer which contained 12 million Apple user IDs and other data. Antisec released one million of the identities to highlight, as they saw it, the FBI’s domestic espionage.
Last night the FBI tweeted, “”Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE.”
The Feds followed that up with the statement: “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
So, who is telling the truth: Antisec or the FBI?
As noted in a tweet by Space Rogue, former editor of Hacker News Network, “FBI statement is ambiguously short. States not from an ‘FBI’ laptop. How about a personal laptop of an FBI agent?” Not only that, but the FBI states there there is no evidence “[a]t this time.”
If the files were in fact lifted from Special Agent Christopher Stangl’s laptop, the FBI now finds itself in the unenviable position of either having to admit to a colossal fuck-up or confirm that they are storing Apples iOS user data. In that scenario, it’s better to hedge by saying there’s no evidence and that they neither “sought or obtained this data”; although that leaves open the possibility that it was freely shared via the NCFTA, or the National Cyber Forensics and Training Alliance.
NCFTA is a non-profit organization that “functions as a conduit between private industry and law enforcement,” allowing ISPs, credit card companies, banks, etc., to share cyberthreat information with the FBI. “Share” is the operative word. The FBI doesn’t have to ask for data gathered by private entities party to NCFTA—the information is shared.
One of Stangl’s files, NCFTA_iOS_Devices_intel.csv (the one that contained the Apple user data), would seem to hint at a NCFTA connection. It’s possible that Antisec gave the file that name after lifting it from another source in order to make the FBI look bad.
Ah, what a mindfuck.