Company CEO: Stolen UDIDs Came From Our Server Data Was From Hack of Small Florida Developer's Server Tipped by Contents 
Last week AntiSec released a portion of a database of unique Apple Unique Device IDs (UDIDs) they claim were obtained by hacking an FBI laptop, something the FBI denied ever happened. Now in an interesting twist, Paul DeHart, CEO of a small Florida company named Blue Toad publishing, tells NBC that the data actually came from their server. According to DeHart, techs at his company analyzed the leaked data released from AntiSec and found that there was a "98 percent correlation between the two datasets." "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," says the CEO. It remains unclear if the data was simply making the rounds and the FBI had a copy, or if Anonymous lied and the FBI never had a copy of the data in the first place. So far, Anonymous has been quiet on the revelation.
|
 |  | | | Re: This was always the most likely explanation. Its pretty sad when you are willing to believe a hacker group over the FBI.
And for the record, as of right now I believe the hacker group and believe this company to be a scape goat for the FBI. | |
| | |  MoracCat god
join:2001-08-30
Riverside, NJ
kudos:1
 ·Comcast
1 edit | Re: This was always the most likely explanation. I know the Government doesn't always tell the truth, but you have to make so many leaps here to believe AntiSec (who also frequently doesn't tell the truth, they came from 4chan), that it really makes no sense.
Add to the fact that the FBI doesn't even need UDIDs since they aren't really used for anything the FBI would care about.
Here you go:
| |
|
 DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:78 | betting time. My guess is they pounded the server and wanted to blame the FBI. I got $10 that says they don't say anything. | |
|  EdrickI aspire to tell the story of a lifetimePremium
join:2004-09-11
Woburn, MA | FBI Really guys we didn't do it, I know we're usually spying in all your stuff and logging all your info, but for realz we didn't do it this time. | |
| |  intellerSociopaths always win.
join:2003-12-08
Tulsa, OK | Re: FBI well ya know, I don't really care WHO they got the data from, someone, either these yokels or the FBI, were capturing UUIDs and is is complete BS.
--
"WHEN THE LAUGH TRACK STARTS THEN THE FUN STARTS!" | |
|
 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 | Big suprise, the internet is full of... leet hacker dudes with megacool crib vs Guy in mom's basement
ultra hacks the FBI, vs steals from tiny publisher
total chick magnet vs wishing he actually knew a girl
online fantasy life vs totally lame reality | |
| CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
 ·Verizon FiOS
| Too convenient While I don't doubt that the data may have come from Blue Toad, I still say it is more plausible that DeHart (or someone working for him) was selling the data to an FBI agent. He even covers his ass in case AntiSec proves it was an FBI laptop:
quote:
DeHart said he could not rule out the possibility that the data stolen from his company’s servers was shared with others, and eventually made its way onto an FBI computer.
Why would AntiSec make up that the FBI had the data knowing that the FBI would simply deny it. For that matter, why bother hacking anything at all? If they are going to make something up and blame the FBI, why not simply 'generate' a file of names, UDID's, phone #'s, etc.?
The whole thing stinks like a cover-up to me. | |
| | Reviews:
·Charter
| Re: Too convenient »venturebeat.com/2011/12/27/anony···or-hack/
quote:
More than 9,000 active credit card numbers were stolen from the security think tank.
In a high-profile incident that blew up the news on Christmas, the notorious hacker group Anonymous claimed to have stolen credit card data and other client details from Austin-based security think tank Stratfor, with the intent of donating $1 million in stolen cash to charity.
Quit automatically believing these scumbags. They say what they want so their mindless sheep followers will believe they have a good purpose in what they do. | |
| | | | | Re: Too convenient The game is changed when it's Stratfor that's hacked. | |
| | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| Well, I don't know about the credit card #'s but the emails they got from Stratfor are very interesting!
»wikileaks.org/the-gifiles.html
quote:
They say what they want so their mindless sheep followers will believe they have a good purpose in what they do.
Haha, that sounds more like you are talking about the government! | |
|
| | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| Re: Too convenient Like I said, if it was only for the fun of poking at the FBI there would be no reason to bother actually hacking anything; just release made up info... much easier and just as effective.
I am still waiting for Blue Toads explanation of exactly why they were keeping records of people that weren't their customers. If their plan wasn't to sell them to the FBI then why did they have them? | |
| | | | | | | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| Re: Too convenient I assume by 'marketing' you mean selling that data to an interested third party? Do you think Blue Toad gives a frog's ass if they sell the data to Google, Doublelick, or the FBI? They will sell to anyone willing to pay.
Welcome to a new era in government surveillance... private companies can collect the data on us and make a profit selling it to the Feds; just another form of privatization. | |
| | | | | | MoracCat god
join:2001-08-30
Riverside, NJ
kudos:1 Reviews:
·Comcast
| Re: Too convenient Yes, they could sell it to the FBI (or the FBI could just subpena it), but my point is the data is virtually worthless to the FBI.
A name and an UDID gives them a lot less information that they could get by pulling tax records from the IRS or pull cell phone records from cell companies. The FBI would be better off simply swiping phone books from door steps as that would provide tons more information which could actually be used. Hell if they wanted UDIDs, they could have just gotten all of them from Apple.
It's not like the UDID is tied to any useful information. Okay so the FBI could see your Angry Birds high score (possibly). What would that get them?
If you truly believe that Blue Toad is front company created by the FBI to harvest Apple UDIDs for some insidious purpose to track all iPhone users on the planet, then this website is for you.
--
The Comcast Disney Avatar has been retired. | |
| | | | | | | | | | | | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| said by Morac:If you truly believe that Blue Toad is front company created by the FBI to harvest Apple UDIDs for some insidious purpose to track all iPhone users on the planet, then this website is for you.
I appreciate the hat advice but I already have one of those. I wasn't saying (or even implying) that they were a front company but I don't doubt that the FBI (et al) does in fact have front companies set up to collect data. I think the FBI was merely purchasing the data from the Toads who would willingly sell out to the Feds for a few bucks. Times are hard out there, companies have to do what they have to do to survive.
It is quite possible that Apple is not interested in selling customer information at the level the FBI would be interested in. If that were the case, the FBI would have to resort to other means to get the info. A subpoena wouldn't work since there is no legal case that could be made to justify the wholesale handing over of ALL customer info.
If you want to claim that UDID's aren't tied to any useful info and are basically worthless as far as a 'leak' goes then there would be nothing for AntiSec to gain by making up this story. Your theory tends to disqualify itself. | |
| | | | | | | | MoracCat god
join:2001-08-30
Riverside, NJ
kudos:1 Reviews:
·Comcast
| Re: Too convenient said by CXM_Splicer:If you want to claim that UDID's aren't tied to any useful info and are basically worthless as far as a 'leak' goes then there would be nothing for AntiSec to gain by making up this story. Your theory tends to disqualify itself.
What AntiSec leaked in itself is useless. It ties a user specified and changeable device name to a UDID. AntiSec themselves said only some of the data they stole has any more info than that (probably whatever app users optionally entered).
Apple is moving away from using UDID in iOS 6 anyway so the UDID will no longer be able to be used to track iOS users, so like I said the list is pretty much useless.
Interestingly enough my first and last name is on the leaked list, but the associated UDID doesn't match any of my devices. I can only conclude from that that there is another person with the same first and last name as me, who has an Apple product.
--
The Comcast Disney Avatar has been retired. | |
|
| | Told you. Script kiddies find any kind of security flaw using their protocols (made by other people), break in, steal your information, then try to blame it on the 'evil government'. | |
| | | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 Reviews:
·Verizon FiOS
| Re: Told you. Even if it happened the way it is now being reported (which I think is questionable) you guys seem to be missing the point... ANY business or government agent that has millions of sensitive personal records should take the time to secure their computer against 'pitiful basement dwelling loser script kiddies'. After all, if losers like that can 'break in', pretty much anyone can.
In fact, I would consider Blue Toad more liable for the breach of security than the script kiddies. The sad part is that there are millions of similar companies out there with our records in just as insecure systems. Blue Toad sounds like they are whining that their unsecured WiFi was 'stolen' and someone else downloaded a movie.
There is also the question of why Blue Toad had the UDIDs at all. From what the article said, they did not deal with the end users... they dealt with publishers. So why was Blue Toad collecting the data of the end users? | |
| | | clone
join:2000-12-11
Portage, IN | said by Linklist:+1 All to make themselves feel like big shots instead of the pitiful basement dwelling losers they really are. Hmmm....those sound like the same kind of people that, once they hit puberty and move out of their mom's house, become involved in partisan politics. They do things like make their net handle the name of a loser political candidate, while attacking the "other guy's" loser candidate because they know that the are so on the "winning team".
All to make themselves feel like big shots instead of the pitiful losers they are.
P.S. Who cares where the data came from? Someone is engaging in a massive surveillance effort against iOS users, and if anyone is naive enough to believe that the 3-letter spook agencies don't already have all this information and so much more, I have a bridge to sell you. Calling people names doesn't change that fact. It's a logical fallacy called the ad hominem attack. Nice try though, mittens. | |
|
| Reviews:
 ·Callcentric
| said by Metatron2008:Script kiddies find any kind of security flaw using their protocols (made by other people), break in, steal your information, then try to blame it on the 'evil government'.
Nailed it. They know we have some bizarre baseless paranoia with law enforcement and government. Therefore, these actual and real crooks make out scot-free with our info and data.
This recession illustrates that it's still extremely easy to scapegoat the government, due to its abstract nature. All while the real perpetrators are drinking their piña colada and free to do it again. | |
|
SunnyD
join:2009-03-20
Madison, AL | But why? Why would a small Florida publishing company even give a crap about a UDID hack let alone put forward the effort and resources to "analyze" the offending leaked data and admit it came from them?
I know it writes like conspiracy theory, and I admit it probably isn't, but if it were my company and unless the evidence of the hack and what exactly was pilfered was obvious, I'd never bother to put 2 and 2 together unless someone (FBI?) tipped (paid off?) me to. | |
| | openbox9Premium
join:2004-01-26
japan
kudos:2 | Re: But why? Because if the company knew of the infiltration and did nothing, they are liable for a lot of unhappy customers. It's much better to take the PR beating up front rather than later in court. | |
|
| | Perhaps, perhaps not Now first off, I could give a rats arse about iOS user id's, the feds, or antisec.
I don't trust any of them.
BUT.....
Everyone knows the feds will lie, steal, cheat, slander, and do anything else possible if they feel it's in thier best interest.
Sometimes they do it just for the hell of it, no reasoning required.
Apple has shown over and over that they will do the exact same, and have even less remorse than the feds.
Slave labor at Foxconn anyone (and for such a green minded company too!) ?
As I already stated, I could care less about anon/antisec/lulzsec/cdc/etc...
They (IMHO) do lie less than the feds and apple though.
Would I trust them before I trusted the FBI ? In a NY second.
Now for the kicker....
Blue Toad has connections to the DoD (google it up yourselves).
Who is willing to wager a fat check did, or did not, just appear in Blue Toads account ?
Remember, AT$T and the feds still deny sniffing and logging data and phone tranmissions in the US.
It all seems way way way too convienient.
Exactly how does Blue Toad warrant having 12 MILLION iPhone id's ? No way thier software sold that many times, it's nothing anyone I know would have on thier phone.
There are many free solutions that do the same, if not better.
If you look at the website for them, it seems they don't have any real product other than some proprietary book reader....fishy.
dare I say it.....it looks like a front. | |
| | openbox9Premium
join:2004-01-26
japan
kudos:2 | Re: Perhaps, perhaps not said by TypeNameHere :Everyone knows the feds will lie, steal, cheat, slander, and do anything else possible if they feel it's in thier best interest. And the script kiddies and a lot of other people wouldn't do similar actions?said by TypeNameHere :Slave labor at Foxconn anyone (and for such a green minded company too!) ? Apple doesn't own Foxconn and it definitely isn't Foxconn's only customer. Why do people have such a difficult time actually pointing the finger at the actual one deserving the blame?said by TypeNameHere :Blue Toad has connections to the DoD (google it up yourselves). The connection that Blue Toad appears to post journal articles involving the DoD on its website?said by TypeNameHere :Who is willing to wager a fat check did, or did not, just appear in Blue Toads account ? I'll take the other side of that bet. | |
|
 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| Blue Toad quote:
Kudos
In the short time we've had a BlueToad App in iTunes, we have seen rapid growth in our online readership. The subscription feature allows customers to instantly purchase back issues as well as current issues. This has opened up the markets to international customers, as well as providing us with a vehicle to grow more on the web with new interactive features and bonus videos.
»www.bluetoad.com/BlueToad/shows-conferences
quote:
DOD data policy focuses on sharing
JASON MILLER
New strategy requires more complex thinking about data use, accessibility
The Defense Department’s new information-sharing strategy will require officials to anticipate their data being used by nongovernmental organizations, coalition partners, other federal agencies, and state and local governments.
DOD leaders say the strategy represents a big change, and how well people adapt to it will largely determine the department’s future success. The new information-sharing strategy is necessary, they say, because DOD’s mission is evolving, and the military must often work with outside partners.
“The strategy promotes, encourages and incentivizes information sharing — which might sound like a softball — but it is a new way of doing business for us,” said Debra Filippi, DOD’s federal informationsharing executive.
“Our practices of the past need to change because we have been very sheltered,” Filippi said. “We are trying to inspire folks to make information accessible and visible and not worry about keeping it [away from] folks who don’t have an obvious need. It requires an uncomfortable shift from the past.” John Grimes, DOD’s chief information officer, signed off on the new informationsharing strategy May 4.
»www.bluetoad.com/display_article.php?id=5354 | |
| | fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 Host:
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| Re: Blue Toad quote:
Blue Toad is a little-known privately held company, but its technology touches millions of users around the world. It provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month, DeHart said. He declined to discuss business partners, but said the list of clients includes household names.
DeHart said his firm would not be contacting individual consumers to notify them that their information had been compromised, instead leaving it up to individual publishers to contact readers as they see fit.
quote:
There is no way for users to check to see if their UDID information has been collected by Blue Toad, DeHart said.
»redtape.nbcnews.com/_news/2012/0···eek?lite | |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | Wut? Really? 
said by Paul Dehart :
"As soon as we found out we were involved and victimized..."
Victimized? Seriously? More like poor sec skills. What an idiot.
--
Better to have it and not need it, then need it and not have it. | |
| |  cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7 | Re: Wut? said by Juggernaut:Really?
said by Paul Dehart :
"As soon as we found out we were involved and victimized..."
Victimized? Seriously? More like poor sec skills. What an idiot. If you're walking down the street flashing a wad of money and get mugged, you were just asking to be mugged. That doesn't mean you still aren't a victim.
If indeed the information was stolen from them, and it was due to lax security, then sympathy for them is greatly diminished. But that doesn't change that they are still a victim in the overall crime. | |
|
 KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | It wasn't surprise me if it was both. BlueToad's database....
... from an FBI laptop. | |
|
| |
|
|
