backtop


Print 38 comment(s) - last by tastyratz.. on Sep 6 at 8:19 AM

AntiSec hacked an FBI laptop back in March, and is just now revealing its loot

AntiSec is up to its usual antics again, and this time the hacker group managed to score a wealth of information on users of Apple iOS-based devices. The group claims to have hacked an FBI laptop and obtained over 12 million Apple UDIDs were.
 
A UDID (unique device identifier) is a 40-character code that is tied to a single device, be it an iPhone, iPad, or iPod touch. The UDID is normally used by app developers for tracking purposes, and Apple uses the UDID when authenticating Siri queries on the iPhone 4S.
 
In its rather long, rant-filled manifesto, AntiSec describes how it obtained the information:
 
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
 
While over 12 million UDIDs were obtained during the attack on the FBI laptop, AntiSec has “only” released 1,000,001 UDIDs to the public. The group has thankfully removed personal information (names, address, cell phone numbers, etc) from list, but searching for your own UDID is rather simple using the following tool. The site allows you to search the list for your UDID using a partial string instead of divulging all 40 characters.

 You can view your UDID from within iTunes or via an app directly from your iPhone or iPad.

It's worth noting that the NCFTA reference in the filename is likely pointing to National Cyber-Forensics & Training Alliance. The group describes itself a "Non-profit corporation, evolved from one of the nation’s first High Tech Task Forces and, since 1997, has established an expansive alliance between subject matter experts (SMEs) in the public and private sectors (more than 500 worldwide) with the goal of addressing complex and often internationally-spawned cyber crimes."
 
Regardless of the motives behind AntiSec's latest antics, there are many questions that arise from this breach. Why does the FBI have 12 million Apple UDIDs on a laptop? Did a developer willingly hand over the UDIDs to the FBI? Did Apple itself play any part in divulging the information to the FBI upon request?
 
Only time will tell as we learn more from this “big reveal”.

Sources: The Next Web, Pastebin, UDID Checker



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: what interests me
By GotThumbs on 9/4/2012 12:02:15 PM , Rating: 3
Any intelligent American would already understand that with today's technology...it's a possibility and expect any Intelligence agency to use any resources available to counter any and all criminal activities.

Grow up please....or maybe ask for your parents permission first before you use any technology you have no concept of.

Ignorance is NOT an excuse for stupidity.

BTW. If you use FB, Itunes, or any computer with internet access....Your activity is being tracked. Marketing is the main reason.


RE: what interests me
By jeepga on 9/4/2012 5:47:54 PM , Rating: 2
It's one thing to use publicly available information to counter criminal activity. It's quite another to data mine and otherwise aggregate information that doesn't pertain to criminal activity. The same goes for private data, but I would hope that due process falls into place for that.

It's one thing for me to knowingly give up some information for marketing purposes when I get use of a service. It's quite another for the government to jump in and get that information for free. I voluntarily entered into a relationship with the service. There's no quid pro quo with the government. Just because I tell you my phone number when I do business with you doesn't mean that information is public or should be made available to the government.


RE: what interests me
By tastyratz on 9/6/2012 8:19:15 AM , Rating: 2
Information is always pertaining to criminal activity. the determination is considering what's reasonable and invasive.

Let's use this apple leak as an example. By collecting that information the government could tie an ID - thumbprinted in a file purchased - to a person. If say a criminal organization were to leave a laptop behind used for human trafficking and they have no idea who is running the ring. Maybe he had a playlist for people stealing? They find his copy of the latest Bieber and as a result are able to tie that mystery machine to a name.

That's one example, information is always useful. The question is where the line is drawn for misappropriation/invasiveness. The digital age makes it a lot easier to amass.


"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki