Hackers Swipe 12 Million Apple Device Codes From the FBI

[Andy Chalk]

Hackers Swipe 12 Million Apple Device Codes From the FBI

AntiSec claims to have proof that the federal government is spying on the American public.

A UDID, for those not in the know, is a 40-character "unique device identifier" tied to iPhones, iPads and iPod Touches, typically used by app developers for tracking and by Apple to authenticate Siri requests on the iPhone 4S. But more than 12 million of them, along with all sorts of other information, are apparently now in the hands of AntiSec, which came to them by way of the Federal Bureau of Investigation.

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java," the group said in a rambling and rather mangled release on Pastebin. "During the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."

Download links to 1,000,001 of the stolen UDIDs, along with decryption instructions, are provided later in the post. "we decided a million would be enough to release. we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." the statement continues. "not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset."

In case it's not sufficiently alarming that AntiSec has access to 12 million UDIDs - and I honestly don't know if that's something to get overly alarmed about or not - the question behind the question is what the FBI was doing with them in the first place. AntiSec theorizes that the feds are "using your device info for a tracking people project or some shit," which, while impossible to prove, may not be too far off the mark. The only good news in this debacle is that AntiSec has made no claims about accessing passwords or credit card numbers. Neither Apple nor the FBI have commented on the leak or how the FBI came to be in possession of the UDIDs.

Source: CNN [http://pastebin.com/nfVT7b0Z]


Permalink

 

[Gearhead mk2]

...I'm not sure wether to be elated that they bassically went "screw you US goverment" or terrefied that they're using their insane hacktivism powers in such a way.

 

[Lvl 64 Klutz]

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

 

[mattttherman3]

I KNEW ANDROID WAS BETTER!!!!! But they probably have that too lol. Oh well, they really shouldn't have that info but whatever. Good thing I live in Canada, CSIS probably doesn't have the resources to do this kinda thing. Why does this surprise anyone though?

On second thought it's probably in the apple user agreement somewhere.

 

[yuval152]

Unless someone is going on a killing spree or rape someone, they're fine.

 

[McMullen]

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

One legitimate concern would be how government agencies like the FBI semi-regularly get hacked by people who are not considerate enough to omit sensitive financial information. These agencies are not good custodians of data at all, and if they compile a database that includes our financial information, someone will hack them, and a lot of people will suffer for it.

It's similar to my concerns about their involvement with cyberwarefare. I'm not worried about the CIA or NSA engineering things like the Flame virus. I'm worried about what happens when cybercriminals take those techniques and use them for their own purposes.

The government has massive resources for technical engineering and data-gathering, but has a piss-poor record of keeping what they find secret, so if they have a lack of caution in what they engineer or what data they gather, they're functioning as an unwitting R&D department for criminals.

 

[razer17]

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

How about the fact that it's clearly not that hard for non-government agencies to get a hold of it?

I just don't understand this type of thinking "Who cares what the government knows about us!" "If you're not a criminal why do you care" Etc. Etc. No. Bullshit. They shouldn't just be able to gather every tiny piece of information about us and store it for seemingly no reason. There's a reason why we have warrants and stuff, so normal people don't constantly get harrased and tailed by the cops for no reason.

If they are tracking all our electronic devices, what's next? Police tails on every person in the country, just looking for the one time you jay walk or drop a ciggarette on the ground?

 

[PrinceOfShapeir]

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

ME. Because I value my privacy. The government does not have the right to know where I am and what I am doing at all times.

 

[1337mokro]

Some people in this thread : "Who cares if your government is spying on you and keeping records on you of how big the crap you took last night is. I'm sure they are using that information for good."

Some people in this thread : "The government is spying on us and they are trying to control everything we do! Grab your tin foil hats fast to protect yourself!"

In reality this is nothing new. Information is a weapon and the government loves weapons against it's citizens. This is not something you should get up in arms about because what do they really have? Your porn records? Big deal. On the other hand. If I hide in the bushes spying on my neighbours having sex to document at what time they go at it. I get arrested. The government should not be allowed to spy on it's citizens without having to prove there is a suspicion to warrant such monitoring.

 

[Eternal_Lament]

I'm actually more worried about what AntiSec was originally looking for rather than the fact the FBI has that information. I'm in Canada so it doesn't really affect me, however I can understand why people may or may not be upset. Still, I'm sort of glad this was the ONLY stuff they got, because god knows what else they had planned (AntiSec I mean)

 

[Uber Waddles]

Well, considering that these UDID's had lumps of major data, such as addresses, push tokens, and personal information (which may contain financial information), I don't think the "who the hell cares" attitude is right to have. You should care.

The way the story is presented, lets go under the idea that it is true - if this turns out to be a ruse, then none of this will matter. I expect this will either be investigated or shooed under the carpet.

First off, they are using a private companies information to keep tabs on people. This is *technically* illegal to do - the Patriot Act does give the FBI the power to spy of people, but there has to be a cause. And I don't think 'buying Apple products' labels you as a jihadist. If the government is using its power to spy on citizens, thats a VERY slippery slope. What stopping them from saying "alright. Now we get to bug your phones to listen to your calls. Or tap into the camera". If they're using it to track criminals or not doesn't matter - the second you say "Ill give up freedom for security", you cross into a dangerous area.

Second off, amassing personal information is a really bad idea. 12 Million people have had information compromised - and that's assuming that ONLY Apple is being monitored. What if this is happening with Android? Motorola? Samsung? Granted, I doubt they use the same process as Apple does, but its not out of the picture to say that the way they keep their user data stored isn't hackable.

Now, there is a counterpoint to this. Companies like Apple, and more importantly, any service provider over the internet HAS to store personal information. Its just something that has to be done to ensure speedy and accurate content - be it from GPS data, to purchases, etc. Some degree of information has to be held on to. This data, however, is usually minimalistic in nature, highly encrypted, and destroyed when the data ceases to be relevant. Private enterprises hold data in a different way than the government would - Apple doesn't store your UDID information in ONE spot. Its hosted over hundreds of different servers, each with their own encryption. Amassing it all onto a SINGLE laptop, that can be hacked using a Java exploit is complete madness.

I expect to see this either blow up or blow away. If it is true, I am dissapointed.

 

[Lvl 64 Klutz]

Look, I'm not saying we live in an ideal world, or that in an ideal world the government would have all the freedom they do. But does that give anyone the right to call them out for it by committing a federal crime? As some have mentioned, AntiSec has only just proven that assholes like them can get this information whenever they want.

I'm not being unrealistic by saying there's no reason to care, I'm just saying that we don't need a group of excuse-riddled cyber criminals to tell us what we already know.

 

[OldNewNewOld]

I'm always depressed by this kind of threads/news. But not because the actual news, but because of the huge number of people who are all so eager to give up part of their freedom.
America, the land of the not so free.

 

[cerebus23]

Ya know if our government was not an out of control monster i would be more against this.

The story that needs to be looked into however if the FBI had all this information where did they get it? Did apple hand over 12 million plus ids to the fbi to use however they wanted?

Did the FBI steal this info off apple servers?

Whatever happened to privacy? whatever happened to search and seizure laws, you would think the digital age is all about invasion of privacy, just who can do it better, pirates or government, and the pirates seem to do it much better IMO. It makes me no more comfortable to think that pirates have personal information about me than to think the federal government has it.


Just because you own an apple product does that give the federal government any right to assume all data belongs to them? Who made that decision? Did apple consumers have any say? What was the reason why the government had all this stuff?

And i thought that obama was so against the "patriot" act, facist dictator act it should have been called, and not only did that lying moron resign the thing he made it even more intrusive, and more guilty unto you prove your innocent legislation.

 

[flarty]

Jesus do you people like shiny things that much that you don't care about the possibly that a government enforcement agency could be using said shiny things to encroach on your privacy and freedom. Indoctrinated to a system of materialism, and its a damn shame.

 

[Zombie_Moogle]

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

Happen to notice how he seemed upset about "outing" one FBI agent, but the violated privacy of 12,000,000 other people means nothing?
This is why it's a problem
Example: Twitter's currently fighting subpoenas for the personal information of users that are supposedly connected to the Occupy movement. Set aside what you feel about the movement itself & consider that at the same time, law abiding citizens are routinely arrested and/or assaulted for so much as taking a picture of a law enforcement agent.
Innocent people have to watch their backs & the government is without accountability. THAT is why people care

 

[Evil Smurf]

In other news, AntiSec just learned about the fucking Patriot Act!

Republiclican senators: WE WANT TO SPY ON THE AMERICAN PEOPLE! SMALL GOVERNMENT!

 

[TotallyTroll]

I think that the people taking sides here (Gov. vs. Privacy) are kind of missing the point. This sort of mass data collection is AGAINST THE LAW, and although the FBI and the talking heads that will pop up with their 1 cent will no doubt pull the "we can do whatever we want because something something national security something something make you safer" card; ask yourself a question. Did you or any of the 12m victims involved give the FBI permission to collect this data? What's that? YOU SAY YOU DIDN'T! OMG YOU SHOULD GO CALL UP YOUR REPRESENTATIVES AND COMPLAIN (by phone, not by mail) RIGHT NOW!

Seriously folks. You pay for these people. Go harass them, like right now.