Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop [updated]

Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop

appleinsider

Hackers from AntiSec on Tuesday claim to have leaked 1,000,001 iPhone and iPad identifiers the group allegedly obtained from a hacked FBI laptop holding over 12 million such Apple device IDs and corresponding personal information.

From AntiSec's post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached ....

(visit the link for the full news article)


Related News Links:
pastebin
thenextweb

I expect that the significance of these almost back-to-back security breaches will prompt some kind of official response... although it seems like Americans are far too enthralled by the political theater to pay any mind to this growing trend.

According to AntiSec, the unique device identifiers (UDID) of 12,367,232 Apple iPhones and iPads were discovered and lifted during the breach of an FBI agent's notebook, reports The Next Web. UDIDs are unique 40-character codes assigned to iDevices with cellular connectivity, their primary use being app registration and tracking by developers.

Now Apple will likely follow the standard Madison Avenue PR strategy of downplaying the matter, insisting that since they have previously issued statements about not using these identifiers. And the media will not report it past any specialized narrowly-channeled venues.

But the FBI was keeping track of how many identifiable devices? really? I wonder what the warrant with that list looked like? ... Oh wait.... no warrants needed since the agent may have signed it himself. And is anyone liable for the "leak?" - oh wait - no....

In closing, the reason that all government protected data ends up in corporate hands is....?

Here's the salient AntiSec post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

appleinsider
(visit the link for the full news article)

I hate that I-phones may have huge backdoors to our information and private converstations, nothing is private if you use technology these days. If this is true, thats a lot of information put onto to one guys Laptop, what the hell was the FBI agent doing with all of this information, for the Hacker group to decide it was nessecary to take action.

Originally posted by Glassbender777

what the hell was the FBI agent doing with all of this information

That's what I want to know.

I cant buy that 1 million Apple product users were under suspicion of terrorist activity and being investigated by one agent.

It's like they're just collecting all the data they can just for the heck of it.

Originally posted by thisguyrighthere

Originally posted by Glassbender777

what the hell was the FBI agent doing with all of this information

That's what I want to know.

I cant buy that 1 million Apple product users were under suspicion of terrorist activity and being investigated by one agent.

It's like they're just collecting all the data they can just for the heck of it.

edit on 4-9-2012 by thisguyrighthere because: (no reason given)

Well, I think most of us have known for a while that theyve been collecting information on us through our computers and smart phones. If this isnt enough to open the skeptics eyes, then their eyes cant be opened.

reply to post by thisguyrighthere
TWELVE-plus million, actually - at least in just this one file. Anonymous was kind enough to only release one million.

I can see no good reason for an FBI agent to have this. Then again, I can see no good reason for various government entities to track ALL our communications and interaction, regardless of medium, all the time.

But I know they do, anyway.

Last time I heard, the FBI was a crime investigation/law enforcement agency, not a spy agency. When the government decides that it no longer has to be lawful then I guess there are no rules. I don't care if what I do is legal or illegal anymore, so long as I feel it meets my personal moral standard. I feel somewhat liberated now.

reply to post by dainoyfb


Well the named agent (poor fellow) has some serious 'splaining to do!

I can't help but wonder why - after Apple publicly announced it was rejecting applications that used the identifier codes (due to congressional inquiries about the disposition of personal information) the FBI would amass all those numbers? Perhaps they would represent a way of white-hat hacking into suspects devices; or at least tracking them....

... but that raises the question (as was so sharply noted above) when did the list of 'suspects' rise to 12 million and how is it that they are all Apple device users?

I would almost rant against Apple....but where would you turn? Linux? What Linux build doesn't include these Federal backdoors?

No where to turn but to use a cave to unplug.

reply to post by bigfatfurrytexan


I might try backtrack linux, unless your talking mobile. I dont know much about this as i am just becoming involved in trying to secure my digital self. And the only way the cave will work is if you are the only one who knows where it is and no one is looking for you.

I'm not sure which bit of this story is more shocking, the number of device id's on record or the fact that antisec got hold of them through a Java vulnerability.
For some reason I guess I thought that a laptop belonging to an FBI agent would have some kind of propriety security software or at least not run something as well known for it's constant security problems as Java

www.appleinsider.com...

Text
Apple recently began taking steps to block UDID app access amid increased scrutiny of privacy practices from both consumers and the government. In August 2011, the company warned developers that it would be ending UDID access with iOS 5, effectively ending an easy solution to OS-wide user tracking.

www.appleinsider.com...

As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.

A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.

reply to post by Maxmars


The introduction of the Apple iphone was a vast experiment in individual tracking technology from the very start - this latest news only verifies what law enforcement has had at their disposal for years now.

Ask yourself - why does the iphone it have a built-in battery for instance - the answer may surprise most people:-

Even if a cell phone is completely turned off, law enforcement authorities can still listen in on the conversations that a suspect is having. All that is necessary is for the battery to still be in the cell phone.

According to CNET News, the FBI can remotely activate the microphone on your cell phone and listen to whatever you are saying.... The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. When you make a telephone call, it is never private. The reality is that the NSA has been monitoring all phone calls for years and years. According to USA Today, the NSA intends "to create a database of every call ever made"....

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.The American Dream............

Similar but limited tracking technology such as Spy Bubble allows for individuals to track their "cheating partners' every move" including remote downloads of SMS messages, emails and recorded conversations.

Being ex-law enforcement and still having access to individuals within the service, take the following story as personal testimony.

A friend whom is in the upper echelons of the legal game and I regularly meet to discuss topics of mutual interest. This individual will simply refuse to even utter a word unless both our phone(s) are at least 30m away - preferably housed within a sealed compartment. This individual is by no means a conspiracy minded individual but is ACUTELY aware of the remote tracking and microphone activation technology available - because this individual uses the same technology on others as deemed necessary and it does not matter if your phone is on or off or even if your battery is dead - as long as it is in the phone!

Just remember, that little chip in your passport, for instance, holds a vast amount of data, requires no power source and can be scanned from a distance - what then do you suppose your phone can hold by way of data - to be accessed remotely - and even if the battery is dead now remember that it was at one stage fully charged up!!!

Don't be fooled by the Government having your ID numbers on hand - that is a drop in the ocean compared to what they already have access to..................

What I want to know is:

Why was this data on a laptop and not on a mainframe with very high security.

Why was JAVA even on an FBI laptop, everyone in IT knows that JAVA is a security risk.

Why wasn't this information ENCRYPTED?

Sounds like this is gross incompetence or something else entirely.

This kind of breach doesn't happen unless IT WAS DESIGNED to happen this way.

Pricks up ears.

reply to post by trekwebmaster


All those things confuse me too, lots of "normal" people have better security on their home machines then this fbi lap top apparently
I guess gross incompetence and complacency could account for it or do you think theres something else going on?

reply to post by trekwebmaster

Since i deal with these types of people i can give you a few pointers.

The csv extension means it's more than likely from a database, whether it be mainframe, sql, oracle etc. So it's being stored somewhere and it's being updated with people's info.

The reason it exists at all means one of 2 things. He either needs access to the data in the field/offline or he was trying to do something with the data. Since it wasn't being referenced anywhere else I'm guessing it's the first reason.

I think it's required for all federal laptops to have encrypted hard drives, but that means nothing when he's already logged onto the operating system and you have access through security holes in software.

reply to post by Praetorius


it is reason the internet was devised, facebook started up, twitter imagined and smart phones pushed over regular cell phones.

so its not hard to imagine when your perspective is that of the forces that try to rule the world and not the naive and ignorant consumer who has been conditioned to not question people whose motives are unclear.

reply to post by Maxmars


This is absolutely hilarious to me. So ironic and for a good purpose. We need more of is. We need to stand up and take back what's ours. Freedom. Liberty.

I wonder if this is related

www.ncfta.net...

The file name has ncfta in it.

reply to post by davespanners


Well we are all human too, but things like this do happen...unfortunately, you'd think this would be a positive example for support for "cloud" computing...sometime I think keeping up with security is a catch-22 situation...it changes so rapidly...