This morning AntiSec released a list of 1 million out of 12 million Apple UDID's that it said it got from the FBI, which has raised many questions, most prominently perhaps: Just what was the FBI doing with that data in the first place? First off, neither the FBI nor Apple has confirmed that the data released so far is real. Update: Just after we published this post, the FBI issued a statement to Gizmodo denying that the data came from them. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Before that statement, an FBI spokesperson told Computer World and Gizmodo that it was "declining to comment," which has led Gizmodo's Jamie Condliffe and Sam Biddle to suggest "it's very much possible that an FBI computer is the original source of this alleged data dump." Even though we have no proof of that, others have at least confirmed that the UDIDs out there correspond to actual phones, with ArsTechnica's Jacqui Cheng posting responses from Security journalist Rob Lemos and "eCrime specialist" Peter Kruse saying that they have devices on the list. With so little information -- AntiSec has refused to give interviews, for now -- we still can't be sure that these came from the FBI. But if the hackers are to be believed (an admittedly big if), it brings us back to that initial question: What did the FBI want with those Apple IDs? Some theories.

  • "FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT." That's the explanation that AntiSec uses in its post, which Anonymous reiterated in the following tweet.
    AnonymousIRC @AnonymousIRC

    12,000,000 identified and tracked iOS devices. thanks FBI SSA Christopher Stangl. #AntiSec

    3 Sep 12
    The Apple IDs alone don't give access to anything too useful. But, AntiSec claims that many of the codes were linked with other information like addresses, zip codes, name, and e-mail. How and for what exactly AntiSec does not say. The file name (NCFTA_iOS_devices_intel.csv) has led others to believe the info came from the FBI's National Cyber-Forensics & Training Alliance, which has a slew of cyber crime related projects, including Malware, Internet fraud, pharmaceutical fraud, and financial cyber threats, according to its website. So perhaps it was part of some project there? AntiSec also says it got the info from Cyber Action Team member Christopher Stangl's computer. Stangl, as a member of CAT, was part of a "highly trained team" of agents who "gather vital intelligence on emerging threats and trends that helps us identify the cyber crimes that are most dangerous to our national security and to our economy," as the FBI site explains.
  • The FBI got this information by proxy. It's possible that the FBI just had this data as a part of another project, as Marcus Carey, a researcher at Rapid7 explained to Bits Blog's Nicole Perlroth. "The F.B.I. could have obtained the file while doing forensics on another data breach," he said. The FBI once got a hold of an Instapaper server from an unrelated raid, last year. Instapaper CEO Marco Arment has denied that the two incidents are related -- Instapaper has nowhere near 12 million members, for one. But, this could have been from something like that. That makes sense, especially since these ID's don't reveal anything too dangerous, as Carey continues. "This poses very little risk. None of this information could be used to hack someone or launch an attack," he adds.
  • Apple gave it to them just because. This isn't really an explanation for what the FBI wanted with the information, but some on Hacker News have suggested that the FBI asked for it, so Apple obliged because why not. "There might be legitimate law-enforcement reasons for doing so, though it's hard to image what they might be given the sheer numbers said to be involved," notes AllThingsD's Arik Hesseldahl. "It's not hard to imagine the FBI requesting a UDID along with other information as part of building a case in a criminal investigation into a person or a set of people," he continues. But that sounds like a privacy disaster waiting to happen -- er, that just happened -- for Apple, which has not yet commented.
  • This info isn't from the FBI, at all. From what we know, this could have come from anywhere. "Apple could have been breached. AT&T could have been breached. A video game maker could have been breached," adds Carey. Since UDIDs are used in relation to push notifications with apps, others have surmised that the info comes from a database dump of an app with 12 million users. "Any app with more than 12 million users, then, would be suspect," wrote TechCrunch's John Biggs.
Since posting the original hack, AntiSec hasn't given any more information about the data and won't until Gawker's Adrian Chen meets their demands that he wear a ballet tutu and a shoe on his head and post it to the site. Earlier we explained how to check if you were part of the list, but it looks like this move was more to embarrass the FBI than to compromise devices. So far, that part is working. Without any answers from the FBI (or Apple) we are left with this question, and other related ones, reminding us that there is some possibility the government wanted something with 12 million iPhones.