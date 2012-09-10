* Digital publisher BlueToad says its files were hacked
* Stolen data were ID numbers for Apple products
By Barbara Liston
ORLANDO, Fla., Sept 10 A Florida company said on
Monday that its files - not an FBI agent's laptop - were hacked
by a renegade group that released Apple product
identification data it claimed to have obtained through a breach
of the nation's top law enforcement agency.
"We want to apologize, announce what happened and set the
record straight," said Paul DeHart, chief executive officer of
software company BlueToad Inc, told Reuters.
FBI spokesman Paul Bresson confirmed to Reuters that "it
certainly does appear that BlueToad was where the information
was actually compromised."
BlueToad hosts more than 5,000 worldwide publications
including consumer magazines and business documents, and creates
apps for its clients. DeHart said the company experiences about
1,000 unsuccessful break-in attempts a day.
DeHart said his company realized it had been hacked soon
after the group "AntiSec," an affiliate of Anonymous, posted a
file on the Internet with the identification numbers for what it
claimed were 12 million Apple devices on Sept. 3.
Anonymous is one of several loosely affiliated hacking
groups that take credit for breaking into government security
agencies and major corporations worldwide.
"A third party reached out to us who was examining the list
that was on the Internet and said, 'Hey, we see some connections
to you guys,'" DeHart said.
He said his company is cooperating fully with the FBI. For
security reasons, he declined to provide details of how they
confirmed the data file came from his company.
"We haven't tied it to a person at least as of yet ... but
we were able to figure out essentially what happened, tied to a
lot of things and we've passed that information on (to the
FBI)," DeHart said.
He said fewer than 2 million device IDs were obtained by the
hackers rather than the 12 million the group claimed. He
said his company, which does not collect private information
such as Social Security numbers or credit card information,
plugged the hole in its security system and has hired a national
security firm to perform a complete security analysis.
"The attack that we got was pretty sophisticated, pretty
determined," he said.
DeHart said his company hosts time-embargoed and
time-sensitive content that could make it a target of hackers.
He also speculated that whoever posted the data on the Internet
might have been acting out of a grudge against a hosted
publisher, or might be trying to establish their bona fides
among the well-known hacking groups.
The Apple ID numbers, called unique device identifiers or
UDIDs, are a sequence of letters and numbers assigned to Apple
products, such as iPhones or iPads. Many Web-based mobile
applications and gaming networks use UDIDs to identify users.
Marc Maiffret, chief technology officer of security firm
BeyondTrust, said the data dump itself, while serious, would not
prove to be very damaging to consumer privacy, and would not
allow hackers to break into peoples' iPhones.