FORTUNE — Last week, the AltSec hacker group claimed it found 1 million UDIDs — the numbers by with Apple (AAPL) identifies iOS devices — on an FBI agent’s laptop. They used the purported discovery as evidence that the U.S. government was engaged in widespread surveillance of its citizens through their smartphones.
On Monday, NBC News reported that that the numbers did not come from the FBI, but rather from the servers BlueToad, an Orlando, FL-based company that distributes digital magazine content to iPhones and iPads.
How do they know?
Because of the work of a lone mobile security expert named David Schuetz. NBC and Blue Toad asked Schuetz not to write about how he cracked the case until Monday so that Blue Toad could release a statement and NBC could have its exclusive.
With the embargo lifted, Schuetz has now posted the details of his work on his Intrepidus Security website. The key: The usually large number of repeats he discovered within the 1 million UDIDs.
It was a neat piece of digital sleuthing, and it makes for a cool detective story. A sample: