A small Florida publishing company says it, and not the FBI, was the source of the one million Apple UDIDs released by AntiSec last week.
There was a mighty uproar last week when hacker group AntiSec claimed it had obtained 12 million unique device identifiers attached to various Apple devices from a compromised FBI laptop. How could FBI security be so lax as to allow hackers to get into one of its computers - and what was it doing with 12 million UDIDs in the first place? The FBI denied it ever happened, but what else would you expect it to claim?
Unfortunately for all the conspiracy theorists out there, it looks like feds may have been telling the truth. Paul DeHart, CEO of digital publishing company Blue Toad, has come forward to lay claim to the data, saying that his technicians compared the information released by Anonymous with the company's database and found a 98 percent correlation.
"That's 100 percent confidence level, it's our data," DeHart told NBC News. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."
Blue Toad was put on the trail by researcher David Schuetz, who contacted the company last week to say it might have been the source for the data. Schuetz had analyzed the data released by AntiSec and found several clues pointing at Blue Toad, including "numerous" devices with names that included variations of the company name. "What I was seeing was that there were - of the million devices that were in there - there were a few devices that showed up multiple times with themes that were related to Blue Toad," he said. "By the time I was done, late Tuesday night, I think I had 19 devices that... all belonged to Blue Toad."
The company doesn't know who actually stole the data, but analysis indicates that it was taken within the last two weeks, rather than in March as AntiSec had claimed. And while the FBI had no reason to possess the data, Blue Toad does.
"As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," Apple rep Trudy Mullter said. And while Blue Toad isn't a well-known company, DeHart claimed the company serves 100 million page views every month and has partnerships with "household name" companies.
Despite the discovery, Schuetz said he couldn't say for certain whether AntiSec's claims about getting the data from the FBI are false. "It does raise questions," he said. "I think people need to question what they see online, whether it comes from Anonymous or from a news organization or from a politician or from a corporation. You need to not take things at face value right away and jump straight to what you think it says. Somebody says, 'Oh this, came from the FBI,' everybody believes it. Well, let's think about [it]."
Source: NBC News