backtop


Print 38 comment(s) - last by tastyratz.. on Sep 6 at 8:19 AM

AntiSec hacked an FBI laptop back in March, and is just now revealing its loot

AntiSec is up to its usual antics again, and this time the hacker group managed to score a wealth of information on users of Apple iOS-based devices. The group claims to have hacked an FBI laptop and obtained over 12 million Apple UDIDs were.
 
A UDID (unique device identifier) is a 40-character code that is tied to a single device, be it an iPhone, iPad, or iPod touch. The UDID is normally used by app developers for tracking purposes, and Apple uses the UDID when authenticating Siri queries on the iPhone 4S.
 
In its rather long, rant-filled manifesto, AntiSec describes how it obtained the information:
 
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
 
While over 12 million UDIDs were obtained during the attack on the FBI laptop, AntiSec has “only” released 1,000,001 UDIDs to the public. The group has thankfully removed personal information (names, address, cell phone numbers, etc) from list, but searching for your own UDID is rather simple using the following tool. The site allows you to search the list for your UDID using a partial string instead of divulging all 40 characters.

 You can view your UDID from within iTunes or via an app directly from your iPhone or iPad.

It's worth noting that the NCFTA reference in the filename is likely pointing to National Cyber-Forensics & Training Alliance. The group describes itself a "Non-profit corporation, evolved from one of the nation’s first High Tech Task Forces and, since 1997, has established an expansive alliance between subject matter experts (SMEs) in the public and private sectors (more than 500 worldwide) with the goal of addressing complex and often internationally-spawned cyber crimes."
 
Regardless of the motives behind AntiSec's latest antics, there are many questions that arise from this breach. Why does the FBI have 12 million Apple UDIDs on a laptop? Did a developer willingly hand over the UDIDs to the FBI? Did Apple itself play any part in divulging the information to the FBI upon request?
 
Only time will tell as we learn more from this “big reveal”.

Sources: The Next Web, Pastebin, UDID Checker



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Cypherdude1 on 9/4/2012 8:29:01 AM , Rating: 5
I want to know myself: Why does the FBI have 12 million Apple UDIDs on their laptop?

This is yet another example on how the government is spying on us. It's bad enough their rich friends in the media are spying on us. Now we've got the FBI obtaining lists of our devices on their files.

There's a simple solution here. How about this: don't buy Apple products. Simply return to buying other players and devices.




By probedb on 9/4/2012 9:43:58 AM , Rating: 2
Erm, nope, only what you put on facebook is available on facebook.


By GotThumbs on 9/4/2012 12:08:03 PM , Rating: 1
So you think your click activity or your association of "Friends" are not useful data? Do you even know if FB is looking at the cookies on your computer to gleam more information about you and your interests? How about your IP Address to see what region of the country you live in?

You seem to only have a one dimensional imagination.

Best wishes on that,


By SPOOFE on 9/4/2012 3:06:02 PM , Rating: 2
quote:
So you think your click activity or your association of "Friends" are not useful data?

"Useful data" is still a far cry from "your ENTIRE life".


By NellyFromMA on 9/4/2012 10:43:22 AM , Rating: 2
It's not foolish for people to be trusting by nature. It is foolish to think they can be fooled forever.


By Motoman on 9/4/2012 11:20:31 AM , Rating: 3
...judging by the popularity of Apple/Bose/Monster Cable products and Facebook, I'd say the "forever" is looking pretty good.


By GotThumbs on 9/4/2012 11:48:03 AM , Rating: 2
That's where your wrong.

Only a fool would blindly trust. That's why so many fools are conned out of their money.

Don't try and make excuses for being ignorant about the possibilities.

You only show your ignorance of the real world and might as well paint a target on your back.

Best wishes for your future,


By dgingerich on 9/4/2012 1:04:08 PM , Rating: 2
Good thing I no longer do any business with Apple. Facebook, they can have that info. Info on my relationships or my daily status isn't worth much.

I do worry about how Google tracks me, though. That company scares me, but not as much as Apple.


By tayb on 9/4/2012 9:10:31 AM , Rating: 5
Excellent job attacking the effect and not the cause.

The problem is government spying and your "solution" is to simply stop buying Apple products? How idiotic. When you realize they're tracking Android, WP7, and BB will your solution be to stop buying those as well? And when you realize they're scanning your emails will you stop sending those?


By PaFromFL on 9/4/2012 9:13:55 AM , Rating: 2
I suspect that this is just the tip of a larger iceberg, and is not limited to Apple. This may be evidence of an unreasonable search that violates our fourth amendment rights.


By WinstonSmith on 9/4/2012 10:30:16 AM , Rating: 2
Sorry, but I had to laugh at that comment. WHAT Fourth Amendment? It was dead long ago. Just one example of many:

Supreme Court Ruling Allows Strip Searches for Any Arrest

http://www.nytimes.com/2012/04/03/us/justices-appr...


By RedemptionAD on 9/4/2012 10:49:21 AM , Rating: 2
If you are so worried about the government or other possible spying entities, how about disinformation, information redirecting, or "information laundering", the tools of the actual spy world to combat those kinds of things?
Anyways, the government and other entities has the potential to get alot of information about people, they have too much at the moment, to the point where it actually gets in their way so that by the time they sort through it, it is actually useless. So the best thing you can do it not worry about it.


By GotThumbs on 9/4/2012 11:55:12 AM , Rating: 3
The group claims The group claims The group claims The group claims The group claims The group claims The group claims The group claims The group claims The group claims The group claims The group claims

No where do we see that it has been verified that the data came from an FBI laptop.


By anactoraaron on 9/4/2012 12:29:44 PM , Rating: 3
You forgot to add:

"Best wishes on that,"


By kattanna on 9/4/2012 12:44:31 PM , Rating: 2
quote:
No where do we see that it has been verified that the data came from an FBI laptop.


while true, they do give some high levels of detail on whose laptop it was and how they accessed it, and not the usual vagueness we often hear.

and individuals with laptops have always been a weak point


By nocturne_81 on 9/4/2012 5:22:35 PM , Rating: 2
Always wondered about this.. recall a report years back where the IRS admitted that it simply 'lost track of' a few hundred laptops, a few dozen desktops, and even 8 or so full server racks -- all likely holding sensitive info.

Besides coaxing employees to do work at home off the clock, what benefit is there to an employer to insist on giving laptops to it's entire workforce..? You certainly can't get more work done on one. All I see is the obvious -- intentionally allowing an employee to take potentially sensitive materials outside company grounds with no guarantee of security.


By tayb on 9/4/2012 1:29:40 PM , Rating: 2
If AntiSec hacked Apple they would have bragged about hacking Apple.


By nocturne_81 on 9/4/2012 5:25:24 PM , Rating: 2
Hack the FBI.. or hack Apple..

Really, if they wanted to hack Apple.. but who is their real enemy here..?

I'm sure any decent hacker can get into Apple.. it's just they wouldn't find anything of value. A laptop of an FBI investigator, on the other hand.. should be obvious which is a greater payoff..


By jwdR1 on 9/4/2012 12:49:37 PM , Rating: 2
And now the rest of the world can spy on us as well...or at least 12 million of us. :(

I wonder how many people naive enough to think this is limited to Apple devices.


what interests me
By mchentz on 9/4/2012 8:29:04 AM , Rating: 2
is

Why does the FBI have 12 million Apple UDIDs on a laptop?




RE: what interests me
By jeepga on 9/4/2012 9:39:16 AM , Rating: 2
Your question is pretty much the closing of the article. I'm troubled by the fact I'm more worried about the FBI than I am about Antisec.


RE: what interests me
By tastyratz on 9/4/2012 10:25:08 AM , Rating: 2
I'm more troubled by the fact that I am not troubled by this news as an American.
I don't entirely consider this invasive. I would be surprised if the fbi DIDN'T have an offline copy of facebook as well as things like this. apple id's are hardly private. Having a list of user id's does not mean the fbi has an algorithm to tie your Justin Beiber itunes collection to terrorism.

What is troubling here is that sensitive information was allowed or even capable of being put on a portable device. I expect tight security protocols for a security oriented organization. The days of unencrypted and hackable laptops should be beyond us by now in that arena, shame on you fbi.


RE: what interests me
By NellyFromMA on 9/4/2012 10:45:53 AM , Rating: 2
It's also troubling to me to see more and more people ok with their digital information being ammased for uses deemed 'good for society' that the individuals in question frankly aren't allowed to have a meaningful say in largely because the implications span further than the average person is willing to expend effort thinking on.

I know that's not what you meant, but it raises a different concern for me..


RE: what interests me
By GotThumbs on 9/4/2012 12:02:15 PM , Rating: 3
Any intelligent American would already understand that with today's technology...it's a possibility and expect any Intelligence agency to use any resources available to counter any and all criminal activities.

Grow up please....or maybe ask for your parents permission first before you use any technology you have no concept of.

Ignorance is NOT an excuse for stupidity.

BTW. If you use FB, Itunes, or any computer with internet access....Your activity is being tracked. Marketing is the main reason.


RE: what interests me
By jeepga on 9/4/2012 5:47:54 PM , Rating: 2
It's one thing to use publicly available information to counter criminal activity. It's quite another to data mine and otherwise aggregate information that doesn't pertain to criminal activity. The same goes for private data, but I would hope that due process falls into place for that.

It's one thing for me to knowingly give up some information for marketing purposes when I get use of a service. It's quite another for the government to jump in and get that information for free. I voluntarily entered into a relationship with the service. There's no quid pro quo with the government. Just because I tell you my phone number when I do business with you doesn't mean that information is public or should be made available to the government.


RE: what interests me
By tastyratz on 9/6/2012 8:19:15 AM , Rating: 2
Information is always pertaining to criminal activity. the determination is considering what's reasonable and invasive.

Let's use this apple leak as an example. By collecting that information the government could tie an ID - thumbprinted in a file purchased - to a person. If say a criminal organization were to leave a laptop behind used for human trafficking and they have no idea who is running the ring. Maybe he had a playlist for people stealing? They find his copy of the latest Bieber and as a result are able to tie that mystery machine to a name.

That's one example, information is always useful. The question is where the line is drawn for misappropriation/invasiveness. The digital age makes it a lot easier to amass.


RE: what interests me
By GotThumbs on 9/4/2012 11:53:49 AM , Rating: 2
You ALSO need to ask....how do I know this is a FACT?

Your getting the story from someone who's own actions are criminal.

Why do so many fools blindly believe anything they see printed or on the web.

Question everything and take most with a grain of salt. Every "reporter" has bias and aims to steer their readers in a certain direction.

My goal is to get you to question both sides and ask...."What and I NOT being told and what is the writers goal?"

Please start thinking more for your-selves.


Check if your Apple product was compromised
By ThreatcoreNews on 9/4/2012 9:00:10 AM , Rating: 2
TNW has a tool to check if your device was compromised: http://thenextweb.com/apple/2012/09/04/heres-check...




By Brandon Hill (blog) on 9/4/2012 9:06:28 AM , Rating: 2
I already included one in the article, one that doesn't require your entire UDID for those that don't want that info shared.


By NellyFromMA on 9/4/2012 10:46:23 AM , Rating: 3
If they don't want the info shared, maybe they should start with the FBI and Apple...


By hexxthalion on 9/4/2012 12:37:34 PM , Rating: 2
right, very nice to submit your UDID on unsecured protocol :)


Need for privacy laws
By woody1 on 9/4/2012 10:35:34 AM , Rating: 1
This points to the need for US laws protecting private information. Europe has much stronger laws on privacy. If this happened in Germany or France, it's likely that the government guys would be the ones going to jail.




RE: Need for privacy laws
By Reclaimer77 on 9/4/2012 11:29:21 AM , Rating: 3
lol Europe? Better privacy?

Yeah I feel real private with CCTV's everywhere and them mandating that cars can actively report your GPS position to any cop who requests it. And that's just the tip of the iceberg.


And why is this a suprise?
By GotThumbs on 9/4/2012 11:44:28 AM , Rating: 2
It just amazinse me how naieve so many people are these days.

Data of any kind, is a hot commodity....Facebook tracks all its followers and sells that information to interested marketers. How else could they operate? You know FB users will not pay to support the infrastructure.

The FBI would be full if idots if it failed to look at what kind of helpful data it can gleam from certain users phone data. GPS location data would be key when tracking known criminals intent on things such as US terrorest attacks. Each and every phone or web device can be used as a tracking device.

If you didn't already know that....Your ignorance is not an excuse for surprise.

Say you are involved in a car accident (its really just a collision)...know that your phone activity will be looked at to see if you were texting or talking on your cell at the time of the collision....you will then have contributed to the collision. You may not like it...but if your not doing anything wrong...then its not a big deal. You can whine all day about it...but everyone knows this fact.




By Lord 666 on 9/4/2012 1:05:56 PM , Rating: 2
Its a trap!!!

Wonder if that 12 million users represents the number of paying customers of iTunes Match who have been flagged for bootleg songs.




I can hear the whining now...
By Beenthere on 9/4/2012 10:29:38 AM , Rating: 1
...as Antisec members are convicted and shipped off to prison.

There is only one question to ask: Was it worth going to prison?




"Folks that want porn can buy an Android phone." -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki