With What Databases Has NCTC Cross-Referenced with FBI’s 12 Million iDevice User IDs?

Update, 6/13/13: For those coming to this via my Twitter link, subverzo reminded me that this turned out to be a false claim. The data came from an Apple developer, not from FBI. 

Sorry for the confusion.

As you may have heard, Anonymous and AntiSec hacked into a database of 12 million Apple Universal Device IDs that were in an FBI officer’s laptop and released 1 million of them, ostensibly so some people could identify if their device was one of those FBI was tracking.

They claimed to have tapped into a Dell laptop owned by Special Agent Christopher K. Stangl, an FBI cyber security expert. They downloaded several files, including one that contained “12,367,232 Apple iOS devices including Unique Device Identifiers (UDID)” and other personal information, they wrote in a text file published online. “[The] personal details fields referring to people appears many times empty leaving the whole list incompleted [sic] on many parts. no other file on the same folder makes mention about this list or its purpose.”

While it’s not immediately clear what the FBI is doing with the Apple UDIDs and detailed information on device owners, Gizmodo pointed out that the acronym “NCFTA” could stand for the National Cyber-Forensics & Training Alliance, a nonprofit that acts as an information-sharing gateway between private industry and law enforcement.

These are unique identifiers for things like iPhones and iPads that have long presented the risk of tying someone’s identity to an individual device.

There are multiple ways FBI could have collected this information–either using an NSL or Section 215 request or an insecure transmissions to an ad or game server. And no one knows how the FBI was using it. Whatever you think about Anonymous, we may finally learn more about how the government is tracking geolocation.

But here’s one other concern. Assuming that’s an official FBI database, not only the FBI has it, but also the National Counterterrorism Center. And they’ve got access to whatever federal databases they want to cross-check with existing counterterrorism databases. And one of the few checks we have on the use of our data in this way is a Privacy Act SCOTUS just watered down.

This is a massive amount of data the government likely has no good excuse for having collected, much less used. But it’s likely just one tip of a very big iceberg.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

29 replies
  1. joanneleon says:

    Never heard of this before. Is this yet another way to subvert our laws and Constitution?

    National Cyber-Forensics & Training Alliance, which “functions as a conduit between private industry and law enforcement

    Wonder if they wear superhero leotards, public sector and their patriotic private sector partners teaming up to save the world (and help spy on their fellow citizens).

    Don’t they ever worry about the fact that their own (and that of their kids, their friends and their mistresses) private information is being Hoovered up too?

    Well anyway, it’s another way of avoiding the courts. Subpoenaing Twitter or ISPs or telecoms for identities will be a thing of the past eventually, I guess.

    Man. The guy had this stuff in a desktop folder too. In a .csv file probably so it could easily be popped into a spreadsheet, maybe. What was he doing with this and if it was in a desktop folder was that because he used it so frequently that he wanted to have it really handy there?

    Weren’t we just told that the govt. is not creating files on millions of Americans… in that response about how at least once, communications were collected inadvertently in violation of the 4th Amendment? Not that I believed the answer but weren’t we officially told that files are not being made on millions of Americans as suspected (and asserted by at least one whistleblower)?

  2. peasantparty says:


    You know, in all these things there are many questions unanswered, but the biggest one is why. Why would the FBI need to scoop up all those telecommunication ID’s and locations on citizens? Has our President ordered it done? If so, why? Why would the FBI treat the population at whole as suspects of terror?

    The only reason I could possibly come up with is that the Government intends to remake itself from within and yes, the populace would then become the enemy.

    Just following orders is no longer a valid excuse for the FBI.

  3. ferd says:

    And then, there’s that huge new total info. awareness style complex nearing completion, out in . . . Utah!

  4. Scott Lazarowitz says:

    Peasantparty wrote: “Why would the FBI need to scoop up all those telecommunication ID’s and locations on citizens?”

    FBI bureaucrats need unconstitutional, warrantless access into everyone’s private information and communications so they can keep track of who is criticizing the government (such as Brandon Raub) and who is trying to expose government crimes (such as Bradley Manning) so they can then arrest and detain them indefinitely.

    Government bureaucrats don’t like their imbecility and criminality to be exposed or criticized. Government bureaucracies are monopolies, and monopolists are not accountable. They know this, and so it is far easier for them to commit crimes against the people’s persons, property and privacy, and get away with it with impunity. The more powerful the central government in DC is and the bigger it is, the more the government criminals and nudniks need to keep track of everyone.

    It will all eventually collapse on its own weight, and we won’t have to worry about our privacy being invaded by these paranoid jerks anymore.

  5. pdaly says:

    I noticed on my Mac laptop that after I clear out the Safari internet cookies/cache and refuse all cookies such actions do not prevent the cache from filling up again with third party website data.

    This happens even if I merely close Safari and reopen it. About 50 website names have repopulated the Safari cookies/cache.
    Not sure they are actually cookies. Sometimes the Mac indicates the sites are stored in ‘cache’ and sometimes as ‘database.’

    I cannot tell if my computer is reinstalling this data, if the companies are doing so, or whether that is effectively the same thing.

    This on top of news reports this weekend that Angry Birds is collecting data (including geolocation and websurfing activity) on iPad and iPhone users. However, even that is old news. See this article from 2010.

    Is Angry Birds in contact with NCFT?

  6. pdaly says:

    @Phil Perspective:

    “That surprises you?” –> which part? That I cannot clear out cache or that Angry Birds collects and other iphone apps collect data?

    I don’t use apps, but I would have assumed (wrongly, of course) that the game app, once on your personal device, was akin to playing an off-line computer game, in the pre-internet days. Any data transfer would have been (I again would have wrongly assumed) at the point of downloading the game.

    “Didn’t the CIA’s hedge fund invest with FB?”

    By hedge fund, do you mean IntelQ? And by FB you mean FaceBook?
    I don’t know the answer to your question. But I doubt that the CIA would need to hide its tracks anymore, given the erosion of privacy and the continual erosion of the expection of privacy that we are witnessing.

  7. emptywheel says:

    FWIW, the FBI says this isn’t their data.

    Ah for the days when the FBI had credibility on such issues. Wait–I guess it never really has.

  8. MadDog says:

    @emptywheel: That may even be technically true. Third-party public (or private) companies collect oodles of this data and sell it to almost anyone anywhere.

    The laws that purportedly restrict the US government from collecting this data are nowhere to be seen with third-party providers.

  9. greengiant says:

    Angry birds, check,
    Bit Torrent, check,
    cell phone ping, check,
    Pacific interconnect fiber, check
    Intel web connect with device off, check
    cvs file used for data mining, check
    personal voice monitoring devices, check
    third party providers using off shore server loops to collect data, check…

  10. MadDog says:

    OT – Updates via the AP on a couple stories that have headlined Rancho Emptywheel recently:

    Mexico: Attack On Us Embassy Car Was An Accident

    “Mexican officials are indicating that a shooting by federal agents against two CIA agents and a Mexican navy captain in a U.S. Embassy vehicle was an accident and not a deliberate attack…”

    Is the next AP piece related or not? Did the CIA provide assistance? You be the judge. And you might ask yourself why it is that the Mexican Navy seems to be the lead Mexican agency nabbing drug kingpins…on land!

    Marines Detain Alleged Gulf Drug Cartel Leader

    “The Mexican Navy says it has detained a top leader of the Gulf drug cartel.

    Navy spokesman Jose Luis Vergara says marines detained Mario Cardenas Guillen Tuesday in the northern city of Altamira…”

    And finally:

    Pentagon Says Ex-Seal Book Contains Secrets

    “A former Navy SEAL’s insider account of the raid that killed Osama bin Laden contains classified information, the Pentagon said Tuesday, and the admiral who heads the Naval Special Warfare Command said details in the book may provide enemies with dangerous insight into secretive U.S. operations…


    …At the Pentagon, press secretary George Little said…


    …the Pentagon did not try to stop the public release of the book this week in part because there wasn’t much time.

    “Pre-release copies of the book were already being circulated around,” Little said. “So the practical effect of requesting that the publisher withhold release of the book just wasn’t an available option.”

    He added that the Pentagon also has not taken steps to stop the book from being sold on military installations. It’s not the Pentagon’s practice, Little said, “to get into the business of deciding what and what does not go on bookshelves in military exchanges…”

  11. ferd says:

    I suppose that a lot of this burgeoning surveillance could be an attempt by one side of the political divide trying to catch up and close a gap with the other side’s surveillance advantage.

    “You’ve got your files, and now we have our own. So let’s move on to other business.”

  12. MadDog says:

    Wired’s Kim Zetter has an update on this FBI Apple database story:

    FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs

    “The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.

    The FBI also said it did not possess a file containing the data the hackers said they stole.

    In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”


    …The FBI did not say whether the NCFTA, which was allegedly referred to in the file name the hackers obtained, possessed the data…

  13. Jim White says:

    @MadDog: In unrelated news, the FBI has announced a plan to quietly replace any personal iPhones agents or their families might own. (Not really, but it could happen, couldn’t it?)

  14. MadDog says:

    @MadDog: And more OT this time via Reuters:

    Analysis: Chastised Israel seeks way forward with U.S. over Iran

    “Stunned by a rebuke from the United States’ top general, Israel is preparing a climbdown strategy in its war of words over Iran’s nuclear program, aware that its room for maneuver is shrinking rapidly…

    …In a move that dismayed Israeli ministers, U.S. Chairman of the Joint Chiefs of Staff, General Martin Dempsey, told reporters in Britain last week that the United States did not want to be “complicit” in an Israeli attack on Iran.

    He also warned that go-it-alone military action risked unraveling an international coalition that has applied progressively stiff sanctions on Iran, which insists that its ambitious nuclear project is purely peaceful.

    Dempsey’s stark comments made clear to the world that Israeli Prime Minister Benjamin Netanyahu was isolated and that if he opted for war, he would jeopardize all-important ties with the Jewish state’s closest ally…


    …”All this talk of war is bullshit. If they could do it, then they would have already done it long ago,” a senior European diplomat in Israel said…”

  15. MadDog says:

    @MadDog: There appears to be an ongoing Twitter war between Anonymous and the FBI. One example of where the story is going:

    “Kim Zetter [email protected]
    FBI denies that laptop was hacked or that the bureau possessed the Apple UDID’s that were published.

    AnonymousIRC [email protected]
    @KimZetter They did not deny that. FBI apparently said that “at this time they have no evidence”. That is far from denial; they don’t know.”

  16. jerryy says:


    1) Switch over to using Safari’s private browsing feature. Note this tends to really really annoy some sites, you may have to open a temporary new window for that site and dispose of the leftovers after visiting it. Cookies set to only if necessary (ie.’ only from visited site’, and remember to clean them out at least once a week. Setting cookies to ‘none’ may prevent your browser from chatting with your bank site. You will have to remember passwords though.

    2) The database thing is indeed different from a cookie, it was initially designed to be an aid to commerce sites (or similiar) that had catalogs, it saved you the hassle of repeated downloads. It does get misused. It is easily wiped by the user.

    3) Some sites are thumbing their noses at secure browsing ideas put out there by Apple and Microsoft, so be warned!!! These include folks like Google, the issues are not as clear as any one would like.

    4) If possible do not allow Flash do-hickeys to run — they still have those ‘flash cookies’ which are different than reegular cookies. You can find Flash blocking plug-ins such as Click-To-Flash to install for your browser for those just gotta times.

    The private browsing idea I mentioned at the top of this comment is not perfect, but it makes your browsing easier in terms of limiting data exposure. It limits the data sites can put on your computer. Limits, but does not absolutely stop.

  17. earlofhuntingdon says:

    Yep, most of that data privacy intruding iceberg is hidden under water, and it calved from a much bigger surveillance glacier.

  18. MadDog says:

    Even more OT – Continuing with my ongoing focus on the US drone strike in Yemen that massacred 13 civilians (and the mostly crickets heard in the US media), this is the latest news from the Shanghai Daily:

    Yemeni president orders investigation into botched U.S. drone strikes

    “Yemeni President Abd-Rabbu Mansour Hadi on Tuesday ordered an investigation into the civilian deaths in a U.S. drone strike earlier this week, as the parliament summoned the interior minister to clarify on the incident at an emergency meeting.

    Up to 13 civilians, including two women and a child, were killed Sunday by a botched U.S. air strike, just few days after similar errant airstrike claimed the lives of dozens of Yemenis in south and east of the impoverished Arab country.

    “President Hadi formed a special team to investigate the airstrike’s civilian deaths in Radda city of the southeast al- Bayda province,” the state Saba news agency quoted a presidential statement as saying.

    According to Saba, Hadi made the order hours after he received a phone call from assistant to U.S. President Barack Obama for counterterrorism, John Brennan, in which they discussed the anti- terror cooperation between the two countries…”

    The AP still has not corrected their story where they continue to state:

    “…In a separate incident, Yemeni warplanes killed 14 civilians in an errant airstrike, officials said…


    …In the other incident Sunday, Yemeni fighter planes mistakenly hit vehicles carrying civilians traveling south of the capital, killing 14…”

    (My Bold)

    Nor has Reuters:

    Yemeni warplane misses target, kills 10 civilians -sources

    “Ten civilians including a 10-year-old girl were killed in a Yemeni government air strike that had apparently missed its intended target, a car carrying Islamist militants, tribal officials and residents there said on Monday…

    …Officials initially said a U.S. drone had killed five people in the attack on Sunday evening.

    But residents said on Monday a Yemeni warplane had hit a car, killing 10 people, including a 40-year-old woman and her 10-year-old daughter…”

    (My Bold again)

    What does it take for the supposed “journalists” in the US media before they bother to report on a US drone strike massacre of civilians?

  19. spanishinquisition says:

    @MadDog: Somehow I doubt the Pentagon would let Wikileaks get onto the bookshelves of military exchanges. If this was something that embarrassed the President, all the books would be shredded, anyone who posted an online version of it would get DDoSed and the guy would be tortured in solitary confinement.

  20. scribe says:

    This little set-to between Anon and FBI reminds me of the scene in Goodfellas, where DeNiro, Pesci and Liotta hijack a truck then take the driver’s license. Waving the license at him they tell him: “you might know who we are, but we know who you are [and where you live].”

    Remember, given the level of FBI infiltration of Anon (and creating snitches in it) we’ve seen in the last year Anon really can no longer be trusted to be independent from FBI. This very well could be a sham fight, an argment between puppeteer and puppet, intended more to tell everyone who uses a computer “we have the information on you”.

    Now, who thinks those nice Bible-bangers who run psychological profiles on places like e-Harmony haven’t long since created a direct pipeline from their servers to the FBI’s? It’s just like looking for the guy who dodges process servers by searching the database of hunting and fishing licenses, save people lie less about hunting and fishing than they do about looking for love.

  21. MadDog says:

    @MadDog: Even with their news today of another US drone strike in Yemen (the 5th in a week?), Reuters still maintains that Sunday’s massacre of 13 Yemeni civilians was done by “a Yemeni government airstrike”:

    U.S. drone attack kills 5 suspected militants in Yemen

    “Five suspected Islamist militants were killed in a U.S. drone attack on Wednesday in Yemen’s eastern province of Hadramout, a Yemeni security official said…”

  22. MadDog says:

    @MadDog: The Yemen Post still maintains that it was a US drone strike that massacred 13 Yemeni civilians this past Sunday:

    Hadi, Brennan discuss Yemen’s settlement

    “President Abdu Rabo Mansour Hadi discussed Tuesday with Obama’s top counter-terrorism advisor John Brennan obstructions of Yemen’s political settlement.

    In a phone call, Brennan affirmed that the United States will support Yemen in implementing the GCC-crafted power transfer deal.

    The state news agency (Saba) said that they also discussed priorities and results of the donor conference held in Riyadh on Tuesday as well as the imminent visit of Hadi to Washington in late September.

    According to Saba, they reviewed the international counter-terrorism cooperation and attacks of al-Qaeda against yeomen.

    Hadi appreciated the United States’ interests on Yemen’s developments, updates, its permanent support to Yemen and help it overcome its crisis. This call came two days after US drones killed about 13 civilians in Rada’a district of Al-Baida governorate…”

Comments are closed.