The issue is AntiSec’s theft of Apple UDIDs. AntiSec claimed it came from a hacked FBI laptop, even naming the FBI agent: “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached."
AntiSec then released 1,000,001 Apple UDIDs it claimed to have stolen from the FBI – and in general the media tended to believe AntiSec. The FBI denied ever having the UDIDs. Soon after that, Apple developer BlueToad held its hands up, apologized, and said the UDIDs were stolen from them. And in general, the media believed the FBI and BlueToad. “Now the media has come full circle like baying dogs,” says Anonymous, “and is reporting this... as the newest version of reality.”
But AntiSec is standing firm, and Anonymous asks, who is offering the greater proof? AntiSec “provided the method used, and most security ‘experts’... have grudgingly admitted the hack would be possible using the technique described. AntiSec has even provided the MAC addresses of all the hardware used in the New York office of the Cyber-Crime Division.”
Anonymous and AntiSec, it continues, “have provided FAR more evidence for their side of the story than the FBI has with their two lousy tweets and then a steady stream of ‘no comments’. The FBI has not provided one shred of evidence for their... denials.”
All sides, however, recognize one simple fact: if AntiSec is telling the truth, it can at some stage prove this by releasing details of the remaining 10,999,999 UDIDs it claims to have lifted from the FBI – more than six times the number ‘lost’ by BlueToad. The Anonymous statement alludes to this: “Anonymous and AntiSec have provided what they can, and may provide more in the future.” But in a separate statement, AntiSec is already saying this may be more difficult than it might seem. It also claims to have provided a clue in the original leak, but “it seems nobody has figured it out.”
Take the number: 1,000,001: “the last one added represents a joker card,” says AntiSec. “After randomly picking one million devices, the last one was selected from the ~ 11 000 000 remaining devices till we get, either: the plain text list md5 hash or the final encrypted tar.gz hash containing the string '1337' in it.”
What this tells us, however, is that we still don’t know the truth of where these UDIDs came from – and the fact is, we may never have that absolute proof.