Source of UDID Hack Revealed, But Who Was the Culprit?
It was only last week that we reported on the hack of reportedly 12 million Apple product UDIDs from an FBI agent’s laptop, carried out by AntiSec, a group associated with well-known hackers, Anonymous. After yesterday’s revelation that the UDIDs came not from the FBI but from BlueToad, an Orlando-based app developer, a new question arose: Who actually stole the file in the first place?
Paul DeHart, BlueToad’s chief, said in an interview with the New York Times that the company chose to voluntarily disclose the threat to “apologize to our customers, partners, and the public in general.” Along with publicly disproving AntiSec’s claims to have hacked into the FBI laptop, DeHart stated that they had “nowhere near” the 12 million UDIDs that the hackers claim to have stolen.
It was what DeHart then said that must sting AntiSec the most:
“The way we understand it, somebody got into our systems, took the information and, to prove themselves, handed it to this other group who exploited it for their own purposes.”
If DeHart’s statements are true, it means that AntiSec lied about where they carried out their hack, the size of the attack, the use of the data they acquired, and even having performed the hack. This claim would mean that AntiSec only had the data dropped in their laps by someone looking for recognition from within AntiSec’s ranks.
While Apple is the only party that doesn’t seem to be somewhat responsible for the attack, outside of developing the UDIDs in the first place, many feel that is enough to include them in the blame. The amount of information that can be retrieved from UDIDs has been debated for years, but after increased privacy concerns, Apple is phasing them out. An Apple spokeswoman recently told the Wall Street Journal:
“…with the next version of Apple's mobile operating system, the company would be replacing the use of the UDID and 'will soon be banning' it, after concerns about how the identification number was being used to track users and tie their device ID to other information.”
TechWell will report new information as it is revealed, as this story still leaves many questions unanswered.