UPDATE: According to NBC News, a small Florida-based app publisher called Blue Toad has told authorities that the million IDs released by Anonymous matched -- with 98% accuracy -- the ID numbers in its servers. That would seem to contradict the claim that the data were stolen from an FBI agents laptop. See here.
FORTUNE -- Toward the end of a bizarre rant that begins with a quote from Salman Rushdie's The Satanic Verses and ends with an off-color suggestion -- in German -- for the Republican candidate for President ("Romney aber, sag's ihm, er kann mich im Arsche lecken!") the anonymous AntiSec hacking group gets to the point:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The statement says the data were released Tuesday -- with some identifying information removed -- to alert the public that, in its words,
"[unprintable] FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME [unprintable]"
Note that the hackers don't say they have obtained Apple IDs, passwords or credit card numbers.
Still, if the claims are to be believed, users whose addresses, cell phone numbers and iOS device IDs made their way from Apple's (AAPL) servers to an FBI agent's notebook computer deserve an explanation.
Comments in updates below from Apple and the FBI.
The hackers, for their part, say that no further statements or press interviews will be forthcoming until Gawker's beat reporter for two rough-and-tumble social media sites, 4chan and Reddit, is pictured on Gawker's front page dressed in a tutu with a shoe on his head. "No tutu, no sources."
You can read the AntiSec post in full here. Warning: It contains language unsuitable for polite company.
UPDATE: Gawker's Reddit/4chan reporter, Adrian Chen, has complied with AltSec's demand, posting a photo of himself in tutu with a shoe on his head. Meanwhile, the FBI has issued a statement through AllThingsD:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Hmm. "At this time... no evidence...." Perhaps. But back in the Watergate era, that's what we used to call a nondenial denial.
UPDATE 2: An Apple spokesperson addressed the leaks Wednesday through AllThingsD:
"The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID."
The vulnerability of 225 million iTunes credit card accounts has been grossly exaggerated
The headlines over the July 4th weekend were pretty scary.
Wall Street Journal: "Computer-Hacking Group Targets Apple In Latest Attack"
Financial Times: "Hackers Claim Attack on Apple Server"
Gizmodo: "Apple Is Latest Company To Feel the Might of AntiSec's Hacking Power"
Coming less than a month after Steve Jobs unveiled Apple's (AAPL) iCloud project, the reports had a predictably unsettling effect.
"WOW," wrote MOREPhilip Elmer-DeWitt - Jul 4, 2011 8:29 AM ET
It's hard to get a handle on the hacker community, but here's a look at the range of people -- from lone geeks to organized governments -- who could be behind recent security breaches.
FORTUNE -- The recent hacking headlines make it seem like we're in the middle of a cyberwar: In the past few weeks, there have been revelations of security breaches at organizations including Citigroup, Sony, the IMF, and MOREShelley DuBois, writer-reporter - Jun 16, 2011 1:58 PM ET
|Yahoo to buy Tumblr for $1.1 billion: Report|
|Stocks on a roll: Yahoo, Microsoft stoke appetite|
|The Winklevoss twins are Bitcoin bulls|
|5 reasons why Yahoo is making a $1.1 billion mistake|
|Bernanke's advice for college grads|