Re: [Fed-Talk] Whoa Nelly
Re: [Fed-Talk] Whoa Nelly
- Subject: Re: [Fed-Talk] Whoa Nelly
- From: Dave Schroeder <email@hidden>
- Date: Tue, 04 Sep 2012 20:22:53 -0500
The existence of this type of information -- from ANY source, including app developers -- is itself of immense interest for mobile forensics and surveillance. The FBI has a distinct interest in knowing just what kind of information can be collated, and for what purposes it can be used, including by bad actors. This issue, and its implications, has been studied by security researchers, and is part of why Apple is moving away from UDIDs.
I do find it amusing that you are assuming that claims of emails (implying email contents) and user passwords were a part of this file, with no proof, with a release of a UDIDs. The storyline that's starting to take form out there now outside of the tech press is that "the FBI" is "monitoring" ALL activities on iOS devices -- emails, texts, iMessage, web usage, etc. -- simply because of a release of UDIDs by an anonymous group of hackers with no proof.
Even IF the AntiSec allegations are true at face value, they claimed the file contained "user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc." This does NOT include "emails" or "passwords" -- it's all info that an app developer can obtain -- and says nothing about its purpose. Have you considered that groups like Anonymous and AntiSec have an agenda all their own?
- Dave
On Sep 4, 2012, at 7:42 PM, "Pike, Michael (IHS/HQ)" <email@hidden> wrote:
> I admire your defense of Apple.. but mind you the information that we have based on the leak is only a subset (and it was filtered by the group) of what is available.
>
> There are purported usernames, emails, email addresses, passwords, physical addresses and more.
>
> I don’t think it’s an exercise... and if it is, they are using real UDID information. I’ve already had two people tell me their UDID was in that list. Pretty scary...
>
> If it was used for training, they had to get the information somewhere.
>
> I’m not so much concerned the FBI has it... I personally don’t feel they are the enemy and they have to do what they have to do to protect us... Hell I am dedicated federal employee, and I know there are places in life I don’t want to know about.
>
> I’m more concerned that possibly Apple forked over information, and how much more goes to other places that maybe aren’t our own government?
>
> 12 million devices... that is no “pick a few people for training” that's a dump of information, in mass quantity. In a CSV none the less, meant to be sorted, searched and stored.
>
> mike
>
>
> Sent from Windows 8 Mail
>
> From: Dave Schroeder
> Sent: September 4, 2012 6:26 PM
> To: William Cerniuk
> CC: Fed Talk
> Subject: Re: [Fed-Talk] Whoa Nelly
>
> Or, equally likely, AntiSec wants to shame this agent -- for the "lulz" -- just like they did with Gawker:
>
> http://gawker.com/5940444/here-is-a-picture-of-a-gawker-writer-wearing-a-tutu-with-a-shoe-on-his-head
>
> Let's say this file was on this particular agent's laptop, and his laptop was indeed owned by a Java 0day:
>
> It's more plausible that this file was used for iOS forensics training, or was itself part of an investigation, than there is some sinister "partnership" between Apple and "The Man" wherein Apple provides incomplete device and customer data for a subset of iOS devices to the FBI to enable them to do -- what, again, exactly?
>
> - Dave
>
> On Sep 4, 2012, at 5:12 PM, William Cerniuk <email@hidden> wrote:
>
>> "No Evidence" Hmm, can't find the proverbial body?
>>
>> I am not a tinfoil hat man but I will point out that the statement does not say "we do not have nor ever did have such data" or similar.
>>
>> Perhaps it was not a laptop but rather an FBI desktop. Or could this have instead been a personal personal laptop belonging to an FBI agent who was doing a little extra curricular activity? Perhaps a compromised laptop in the possession of the FBI that was taken from a iOS app developer in a raid?
>>
>> Fun to speculate. Reads like a Mickey Spillane novel. Now if only the FBI agent's name was "Mike Hammer" <grin>
>>
>> --
>> Best,
>> Wm. Cerniuk
>>
>> Ph: 703.594.7616
>>
>>
>>
>> On Sep 4, 2012, at 5:30 PM, Todd Heberlein <email@hidden> wrote:
>>
>>> Another data point:
>>>
>>> FBI Says AntiSec Hackers Lied About List of iPhone ID Numbers
>>> http://allthingsd.com/20120904/fbi-says-antisec-hackers-lied-about-list-of-iphone-id-numbers/
>>>
>>>> The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
>>>
>>>
>>> Todd
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden