FORTUNE -- Last week, the AltSec hacker group claimed it found 1 million UDIDs -- the numbers by with Apple (AAPL) identifies iOS devices -- on an FBI agent's laptop. They used the purported discovery as evidence that the U.S. government was engaged in widespread surveillance of its citizens through their smartphones.
On Monday, NBC News reported that that the numbers did not come from the FBI, but rather from the servers BlueToad, an Orlando, FL-based company that distributes digital magazine content to iPhones and iPads.
How do they know?
Because of the work of a lone mobile security expert named David Schuetz. NBC and Blue Toad asked Schuetz not to write about how he cracked the case until Monday so that Blue Toad could release a statement and NBC could have its exclusive.
With the embargo lifted, Schuetz has now posted the details of his work on his Intrepidus Security website. The key: The usually large number of repeats he discovered within the 1 million UDIDs.
It was a neat piece of digital sleuthing, and it makes for a cool detective story. A sample:
As this was the kids' first day of school, we went out for a nice dinner to celebrate. While there, I thought more about what I'd found, and decided to roll the dice: I sent an email to BlueToad, using the email address on their website. I didn't say much, just that there'd been a breach involving UDID and push tokens, and I've found some interesting data that suggest they may be involved. After returning home, I spent another four hours digging for more.
By the time I went to bed, I had identified nineteen different devices, each tied to BlueToad in some way. One, appearing four times, is twice named "Hutch" (their CIO), and twice named "Paul's gift to Brad" (Paul being the first name of the CEO, and Brad being their Chief Creative Officer). I found iPhones and iPads belonging to their CEO, CIO, CCO, a customer service rep, the Director of Digital Services, the lead System Admin, and a Senior Developer.
This felt really significant. But as I started writing up my notes, doubt crept in. What are some other explanations? Perhaps everyone at the company uses a common suite of applications. Like the same timesheet app, for example. Then of course they'd all appear in the data. But even still, I couldn't shake the feeling that I'm onto something.
Release 1 million iOS device IDs out of 12 million reportedly taken from an agent's laptop
UPDATE: According to NBC News, a small Florida-based app publisher called Blue Toad has told authorities that the million IDs released by Anonymous matched -- with 98% accuracy -- the ID numbers in its servers. That would seem to contradict the claim that the data were stolen from an FBI agents laptop. See here.
FORTUNE -- MOREPhilip Elmer-DeWitt - Sep 4, 2012 6:14 AM ET
Citigroup is the latest to report a security breach, but the hack occurred more than a month ago. It's time for companies to open up about exposures to its systems.
FORTUNE -- Given the number of recent, high-profile network security breaches, it might be tempting to call 2011 the Year of the Hack. The danger is that there's a good chance 2012 might be even worse.
The underlying reason for this is MOREDan Mitchell, contributor - Jun 9, 2011 3:57 PM ET
Mark Zuckerberg's fan page was hacked, scams permeate the news feed, and fake profiles abound. What's Facebook doing about it?
Objections over privacy, or the lack of it, have plagued Facebook for almost as long as it's been around, but only recently has the social network's security become a contentious issue.
Earlier this week, a hacker hijacked CEO Mark Zuckerberg's fan page, and updated his status with a message that started "Let MOREJP Mangalindan, Writer - Jan 28, 2011 12:21 PM ET
Facebook's "Groups" refresh takes a slide from one participant in Fortune's privacy redesign bake-off.
When Facebook Groups launches, users will have more control over privacy and sharing with the ability to grant subcircles of friends customized access to post updates and media without the need for friends' approval or confirmation.
Privacy issues aside, we applaud Facebook for giving its hundreds of millions of users these new features. But if eagle-eyed Fortune readers MOREJP Mangalindan, Writer - Oct 11, 2010 1:01 PM ET
Thousands of websites and millions of pieces of private data are increasingly in one big cloud, where some of the old rules of data security are out the window.
With the rise of cloud computing companies, and the ferocity with which tech's biggest companies are snatching those firms up, it's no secret that a good chunk of our user data is already stored in the cloud. Our emails, our documents, our MOREJP Mangalindan, Writer - Sep 24, 2010 3:00 AM ET
Also, Google notes that they will start offering an encrypted version of Google Search starting next week.
Alan Eustace, Senior VP, Engineering & Research, posted some bad news for privacy advocates today on Google's Official Blog.
Those cars (right) that go around collecting images for street view use local Wifi hotspots to help map the world. It turns out that they've also been collecting and storing data from those MORESeth Weintraub - May 15, 2010 8:15 PM ET
Kicked and dragged for taking photos of a Foxconn plant from a public road in China
Reuters' report Wednesday about the lengths to which Apple (AAPL) and its suppliers will go to guard Steve Jobs' secrets has everything: metal detectors, fingerprint scanners, product head-fakes, lawsuits, multimillion-dollar fines, a suicide, and employees afraid to breathe a word about what they do, even to their wives.
But the highpoint of the piece is a MOREPhilip Elmer-DeWitt - Feb 17, 2010 6:35 PM ET
In the latest installment of Connected, Fortune Senior Editor at Large Adam Lashinsky sits down with Adobe (ADBE) CEO Shantanu Narayen to discuss hacking threats from China and beyond, competing with tech giants Microsoft and Google and explaining the reasons behind the Omniture deal.
_____________________________________________________________Ben Baer, Senior Producer - Feb 11, 2010 1:14 PM ET
By Jon Fortt and Michal Lev-Ram
Will Apple give up some control over the iPhone in order to court corporate customers?
That's one of the juiciest questions surrounding a gathering on Apple's (AAPL) campus Thursday, where CEO Steve Jobs has promised to open up the iPhone's software secrets to the world for the first time. Apple's invitation to the event also hinted at new business-friendly features for the device, and Silicon MOREJon Fortt - Mar 5, 2008 8:54 AM ET
|Water becoming more valuable than gold|
|Will 7 Apples a day keep the bears away? - The Buzz|
|Don't assume you're safe from Heartbleed|
|Postal workers protest Staples|
|Tesla finds friends in the FTC|