Hacking can indeed hurt some butt. (Screengrab)

NBC News is reporting the millions of Apple Unique Device Identifiers (UDID) hackers say they snatched from an FBI agent's laptop actually came from Blue Toad Publishing, a Florida-based app developer. NBC reports that Blue Toad "provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month."

A researcher named David Schuetz contacted Blue Toad last week with the suggestion the data actually came from them, and the company's engineers conducted a forensic analysis:

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database. The analysis found a 98 percent correlation between the two datasets.

Mr. DeHart told NBC that his company has "100 percent confidence" that the currently available UDIDs were in their system and likely hacked from Blue Toad servers a couple of weeks ago.

As NBC reports, Apple and the FBI have issued denials in connection with the hacker's claims regarding the data, which surfaced early last week. The FBI has denied the UDIDs were snatched from the compromised laptop of Special Agent Christopher K. Stangl and along with Apple insists it is not colluding with the feds in using the identifiers to track private citizens.

Anonymous and AntiSec, the sub-collective that released the initial 1 million numbers, have used the leaked UDIDs and their alleged connection to the FBI to shore up a contention that the government is invading our privacy and creating a dystopic surveillance state. If the numbers actually came from Blue Toad, has AntiSec resorted to what amounts to a kind of "false flag" operation to try and make a point?

At this time no Anonymous-associated Twitter account has responded to NBC's report. We will update this post if they do.

The initial response might include the question, what the heck was Blue Toad doing with all those numbers sitting in its servers in the first place?

U mad?

The Federal Bureau of Investigation has issued a statement regarding Antisec's claim of having hacked over 12 million unique Apple user IDs from an agent's laptop: the feds say that's bullshit.

AllThingsD reports the FBI states that it is "aware of published reports alleging" Agent Christopher Stangl's laptop was breached "and private data regarding Apple UDIDs was exposed."

The FBI begs to differ:

At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

As AllThingsD notes, one of Antisec's main goals was to alert the public to a "top American law enforcement agency" possibly making this list for what may very well be nefarious reasons--perhaps furthering a persistent hacktivist concern about creeping surveillance states.

The @AnonymousIRC Twitter account has already posted what appears to be a response to the FBI's denial:

Also, before you deny too much: Remember we're sitting on 3TB additional data. We have not even started. #funtimes #fff

— AnonymousIRC (@AnonymousIRC) September 4, 2012

One question still unanswered--was that really President Obama's iPad user ID? If so, the leader of the Free World may now be restoring his tablet to avoid having his Words With Friends screen name revealed.

PasteHTML states that the number of UDIDs leaked from the hack is 985,117. If you are concerned your own UDID is in that batch of data you can use this tutorial to find it.

We have contacted the Obama campaign for comment regarding this claim and will update if we receive a response.

Hacking can indeed hurt some butt. (Screengrab)

Hackers post their ideas of epic lulz on Pastebin all the time but it appears a late drop on Monday night by AntiSec, an Anonymous-affiliated group of hackers, could be pretty impressive if the claims prove true.

After the usual giddy preamble, Antisec explains in their Pastebin post how they snagged 12 million FBI-related Apple Unique Device Identifiers (UDIDs)--though at the moment they claim they've only posted 1 million:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device,type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

The statement goes on to slam Gawker's Adrian Chen and express support for Wikileaks, Julian Assange and Pussy Riot, the Russian punk rockers recently convicted of "hooliganism."

As far as this claim goes, it's worth the trouble to track a few things down.

• The AtomicReferenceArray vulnerability in Java--This exploit was first disclosed in January, 2012. IBM's Internet Security Systems states the flaw makes it easy for a hacker to slip into the vulnerable computer and write and implement their own files.
• The unfortunate Christopher K. Stangl is, according to his LinkedIn page, a supervisory special agent with the Federal Bureau of Investigation. He has been with the FBI since 2003 and does indeed work out of the Greater New York City area.

The post ends with further shout-outs and a non-sequitur in German, "Romney aber, sag's ihm, er kann mich im Arsche lecken!"--in English, "Romney, however, tell him he can kiss our asses!"

So on top of hacking Mr. Stangl's files and possibly compromising millions of Apple devices, the hackers are also clearly not Republicans.

An interesting addendum to this claim: Agent Christopher Stangl also appeared in this January Pastebin post of what appeared to be a hacked email to multiple law enforcement officials regarding an "Anon-Lulz International Coordination Call." The call was intended to discuss "Anonymous, Lulzsec, Antisec, and other associated splinter groups."

Groups which will apparently now be up for some intense discussion by the same officials, very soon.

Unlike the recent Brazzers porn site hack, however, sloppy practices are being blamed for the YouPorn incident, with debug data about users seemingly being stored in a public fashion since 2007.

Because what people think about first and foremost when visiting a porn site is absolutely rock-solid security.

The breached data contains clearly identifiable email addresses that lead to individuals and institutions, such as two instances of someone using a Messiah College email--Messiah is an explicitly Christian institution that promotes "character and Christian faith" in students "in preparation for lives of service." Another series of logins appear to track back to a former student athlete at Alvernia University, which educates students "in the Franciscan tradition." Adults are free to visit legal porn sites, but the institutions in question might have an issue with their names being anywhere near the user database.

On a much more serious note, Naked Security points out that the hacked data can lead to what amounts to identity theft: "if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and all many of other online resources."