Tracking Down the UDID Source - Archived Comments

Mon, Sep 10, 2012

- ∞ -

Mek0s

September 10, 2012 at 12:32 pm

            GJ on this guys&#8217;.  Much respect.

PhishMe

September 10, 2012 at 1:11 pm

            nice work!

mattjay

September 10, 2012 at 1:24 pm

Really great to see less echo chamber finger pointing and actual research. Great job!

@zcobb

September 10, 2012 at 2:14 pm

            Nice work Mr. Schuetz! I admit that I had started to look for patterns in the names (why do so many Dawn&#8217;s own iOS devices?) but you nailed it. Congrats on some inspired analysis!

ohgoodnesswhat

September 10, 2012 at 3:03 pm

            Horsepuckey.

And how much was BlueToad paid to be the alibi?

### Scruff
#### September 11, 2012 at 3:34 am 
Your evidence? Otherwise your comment is worth nothing, and adds exactly zero to the public knowledge. 

Cough up your evidence, or shut the hell up. 


### LEDiogenes
#### September 11, 2012 at 10:54 am 
Ding Ding.  And Scruff the sock puppet comes along to quickly squash those who read between the lines.

Randy

September 10, 2012 at 3:23 pm

Well done, both technically, ethically, and professionally.

Richard Steven Hack

September 10, 2012 at 9:09 pm

I’m still skeptical about the company’s claims. Of course, I don’t have the technical details they shared with you.

However, initially their statement said a “significant match” and then it was escalated to “100% certainty”, etc.

Can we rule out the possibility that their UIDs were added to some other set of UIDs from elsewhere and acquired by the FBI and subsequently by the hackers? I think not.

I think we can completely rule out the possibility that the FBI is not lying, just on general principle. If you know who Sibel Edmonds is, you know the FBI simply cannot be trusted. Period.

However, at this point, clearly the hackers involved need to provide more evidence of the source of the file and proof that they indeed have more data as well as the user names, in order to bolster their case. If they can do that, then Blue Toad is only one of the sources of that data and the FBI is still on the hook.

### mcgorgomagan
#### September 11, 2012 at 12:53 am 
Wait, so everything the FBI ever says is false? Doesn&#8217;t that make them exactly as reliable as if everything they said was true? What makes them unreliable as a source is if you can&#8217;t *tell* if they&#8217;re lying.

Katie

September 10, 2012 at 10:00 pm

DarthNull you rock!

Justin Horn

September 10, 2012 at 10:44 pm

Nice work! Fun reading through your detective work.

afc

September 10, 2012 at 11:05 pm

Props to you for your curiosity. Great interview BTW.

Marco

September 10, 2012 at 11:05 pm

You rock David!

Podesta

September 10, 2012 at 11:45 pm

I would like to know what apps Bluetoad publishes. That’s the easiest way for a non-techy to determine whether he or she is a victim of the breach.

Nik

September 11, 2012 at 3:41 am

Now we just need an explanation of why it was reported as being data on an FBI laptop – for the lulz, to harm Apple, to sound uber hacker ?

### SomeGuy
#### September 11, 2012 at 8:31 am 
Yes. Maybe. Yes

Saram

September 11, 2012 at 3:51 am

Wow!!! Good Work….

@aallan

September 11, 2012 at 5:07 am

Thanks for this, it’s a solid analysis. It hadn’t occurred to me to do a frequency analysis on the UDID strings themselves, I was more concerned with the Device Name field, http://radar.oreilly.com/2012/09/udid-data-analysis.html . Although it does support my analysis, BlueToad makes apps for magazine publishers, hence the predominance of of the iPad over the iPhone in my results. Also they seem to mostly market into the U.S., which supports the ethnicity findings. I can’t find a list of what titles they technology underpins, but I’m fairly confident you’ll find they are magazines targeted at men in their 30′s and 40′s. I’d actually been really confused about what type of app could possibly have that narrow a demographic, and this sort of clears up my confusion. Nice!

jasontoheal

September 11, 2012 at 6:20 am

good stuff.

Saram

September 11, 2012 at 7:11 am

How did track the UDID to device name

Jim Ellison

September 11, 2012 at 9:05 am

Your sleuthing reminds me of “The Cuckoo’s Egg” by Clifford Stoll who hunted down a hacker because of an anomaly between 2 account balances in a Unix system.

crush

September 11, 2012 at 10:50 am

so now off to find the other dump “partial password dump” and yes you would think that they would of put more info from the pc to prove it was the fbi’s. if you time to dump a file you of grabbed the the hashdumps from the pc at least i would think anyway

Bill

September 11, 2012 at 11:07 am

Question- I looked up a specific UUID and it linked to “RamSOFT”, searching this is looks like its a physician technology company. So my question is if the device was “supposedly” brand new, and this UUID is linked somewhere to that name, do you think APPLE is providing previously owned tablets to people….Or am I just way off..

Sam M.

September 11, 2012 at 11:09 am

Nice work. I love how you used nothing more than cut, sort, uniq, and cat to crack the puzzle.

Augustus

September 11, 2012 at 11:11 am

Bravo!

John

September 11, 2012 at 2:40 pm

I’m just curious as to why Bluetoad CIO had Kerry Sanders from NBC in the next room for an interview? Also curious as to how Kerry Sanders knew about the breach if bluetoad had only been discussing it with the author? Theory – Maybe the leak was done on purpose to convince the public that tighter regulations are needed for the internet so the govt can impose greater restrictions on the general population in the name of “security” or “commerce”. Would anybody have paid attention if it were RIM user data being leaked? Google or Apple are the only two worth following so why no go with apple. Makes for sexy news, dont you think?