The FBI on Tuesday disputed a computer hacker group’s claim that it stole personal identification data on millions of Apple device owners from an FBI agent’s laptop.
FBI officials said the bureau never asked for and never possessed the database that the group, which calls itself AntiSec, is posting on a website.
The group has released a link to a database of more than 1 million unique identification numbers for Apple devices, which could include iPhones and iPads. AntiSec said the data is just a piece of the more than 12 million unique identification numbers and personal information on the device owners that it got from a laptop used by an FBI agent.
The FBI denied that it ever had that information. But officials there said they could not verify the validity of the data that AntiSec released. Federal officials also warned that computer users should be careful when clicking on such links because they sometimes may contain malware that can infect computers.
Joe Stewart, a security researcher with Atlanta-based Dell SecureWorks, said, however, that he tested the link and did not find any connection to malware.
Apple did not respond to repeated requests for comment Tuesday.
Apple assigns unique device identification numbers (UDIDs) – a string of numbers and letters – to all of its devices. The numbers let iTunes and application developers know which device is running which apps. As an example, the numbers allow game developers to keep track of users’ high scores.
Besides the identification numbers, the information posted by AntiSec has the name that a person chooses to name their device and a description of whether the device is an iPhone, iPad or iPod Touch.
If linked with other information such as a name or address, the numbers could be used as a way to get at other more sensitive data. But knowing the number doesn’t enable the FBI to track or eavesdrop on people.
In its posting, AntiSec said it got the file by hacking into the laptop of an agent who was on one of the bureau’s cyber action teams. And it said part of the file’s name on the laptop was “NCFTA,” referring to the National Cyber-Forensics & Training Alliance. The NCFTA is a nonprofit group made up of experts from the public and private sectors to share information on cyber threats.
In the Internet post, it said the FBI was “using your device info for a tracking people project.”
A group known as Anonymous and its offshoot Lulz Security have been linked to a number of high profile computer attacks and crimes, including many that were meant to embarrass governments, federal agencies and corporate giants. They have been connected to attacks that took data from FBI partner organization InfraGard and they’ve jammed websites of the CIA and the Public Broadcasting Service.
Earlier this year, FBI agents arrested several hackers tied to the group, and in the process revealed that LulzSec’s reputed leader, known as Sabu, was an FBI informant.
Law enforcement officials said that linking the Apple data theft to an FBI agent may have been done, in part, as retribution for the arrests.