FBI dismisses iPhone ID hack claim

Reckons it never had the IDs in the first place

TODO alt text

The FBI has hit out at reports that it has been hacked by AntiSec and has denied all knowledge of holding millions of Apple IDs.

AntiSec revealed earlier this week that it had found millions of Apple IDs on a laptop belonging to the FBI, explaining it had obtained around 3TB of information from the FBI.

The FBI has released a statement refuting the claims and even posted on its Twitter feed that the allegations were: TOTALLY FALSE (FBI's caps, not ours).

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," noted the statement.

"At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Once more unto the breach, dear friends

AntiSec has also responded to the FBI's response and picked apart the statement, saying that 'no evidence' is not the same as not being hacked.

"The fact that the FBI has no 'evidence' of a data breach on one of their notebooks, does not allow the conclusion that it never happened," said AntiSec's statement.

The hacking collective is standing by its claims and has promised to leak more information in the coming days.

On the AnonymousIRC Twitter feed it posted: "Also, before you deny too much: Remember we're sitting on 3TB additional data. We have not even started."

It is also hinting that an app may have been the source of the leak but hasn't revealed anything more than that.

Known Java vulnerability

Security experts Imperva has taken a look at the breach and it reckons there could be weight to the claims.

On its blog, it says about AntiSec's revelations: "The FBI agent that was supposedly breached is real. He's a known recruiter in the FBI focused on getting white hat hack hackers to work for the feds.

The blog continues: "The data base that was breached seems authentic—though only Apple can confirm. However, the structure and format of the data indicates that this is a real breach. It would be hard to fake such data."

It has also posted a breakdown of how AntiSec may have found the data, explaining: "For a while now, there has been a known Java vulnerability CVE-2012-0507, that effects specific versions of Java on all platforms and allows the remote attacker to gain control over its victim."

Via Wired