Stolen Apple UDIDs Came from BlueToad, Not FBI
The connection was first made by Intrepidus Group consultant David Schuetz.
In a recent blog post, Paul DeHart, president and CEO of digital publisher and app developer BlueToad, stated that a cyber attack had resulted in the theft of Apple UDIDs from the company's systems. Those UDIDs were then posted online by members of AntiSec, who claimed the data had been taken from an FBI agent's laptop.
"When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information," DeHart wrote. "We have fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again. In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts."
"The admission by the publishing company's chief executive, BlueToad's Paul DeHart, contradicts claims made by the hacktivist collective [AntiSec] that it stole the codes from the U.S. Federal Bureau of Investigation, and exonerating Apple from claims it gave the device codes to the federal law enforcement unit," writes ZDNet's Zack Whittaker.
"David Schuetz, a consultant in the Northern Virginia office of New York-based mobile-security company Intrepidus Group, approached BlueToad last Wednesday (Sept. 5) with evidence that their database was the source of the UDID data dump," writes SecurityNewsDaily's Paul Wagenseil. "Schuetz posted a detailed account of his methods on his company blog."
"DeHart... told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database," write NBC News' Kerry Sanders and Bob Sullivan. "The analysis found a 98 percent correlation between the two datasets. 'That's 100 percent confidence level, it's our data,' DeHart said."