LulzSec Hacks FBI, Steals Apple User Data: Report

A hacking group says it has acquired personal information associated with 12 million Apple user accounts, and that it got those details by hacking into an FBI agent's computer.

So far, the group has published data from one million of those Apple accounts.

The publication comes from LulzSec, a group whose name is a combination of "security" and a slang term for carrying out online activities for the sake of amusement ("Lulz"). Last summer, the same group leaked documents belonging to Sony Pictures.

LulzSec claimed it ceased operations after a 50-day campaign. But later it re-emerged to hack the websites of British newspapers.

Several people alleged to be leading members of LulzSec have since been arrested. At least one of them may have been working as an FBI informer.

That's why it seems ironic to many observers that the FBI is at the center of this latest LulzSec attack.

FBI Agent's Laptop Security Breached

According to a lengthy statement bearing LulzSec's name, the group breached security on a notebook computer belonging to Christopher Stangl, an FBI special agent dealing with cyber activities.

The attack appears to have been carried out wirelessly, with no need for the hackers to take physical possession of the computer in order to pry open its secrets.

The LulzSec statement says the group opened a file containing personal information related to 12 million Apple devices, including iPhones and iPads. Details include the Unique Device Identifier, plus the specific number Apple uses for each device, such as when linking it to an iTunes account.

Reportedly, the same file also contained the user's own identification name for each device, along with personal details such as addresses, phone numbers, and zip codes. (Source: pastebin.com)

LulzSec Publishes Sample of Leak

So far, LulzSec has published these details for 1,000,001 devices. The group omitted any personal data, but did reveal enough information so users can check to see if their device's information is listed.

LulzSec appears to want enough people to spot their machine's information to bolster the group's credibility, but doesn't want to threaten individual security.

While LulzSec members will earn criticism for this breach of security, which is a violation of current law, the case also raises serious questions for the FBI and for Apple.

For example, it's unclear why an FBI agent had a list of Apple customers' devices and personal details. LulzSec's access to the list also highlights the FBI's inability to protect information from hackers. (Source: slashgear.com)

Update: FBI Denies Attack Ever Occurred

The FBI now denies that the attack ever took place, claiming that "We never had info in question," in a Twitter statement.

In an email sent afterwards, the organization had this to say:

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple [user information] was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."