or Connect
AppleInsider › Forums › General › General Discussion › Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop
New Posts  All Forums:Forum Nav:

Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop

post #1 of 43
Thread Starter 
Hackers from AntiSec on Tuesday claim to have leaked 1,000,001 iPhone and iPad identifiers the group allegedly obtained from a hacked FBI laptop holding over 12 million such Apple device IDs and corresponding personal information.

According to AntiSec, the unique device identifiers (UDID) of 12,367,232 Apple iPhones and iPads were discovered and lifted during the breach of an FBI agent's notebook, reports The Next Web. UDIDs are unique 40-character codes assigned to iDevices with cellular connectivity, their primary use being app registration and tracking by developers.

From AntiSec's post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.


If the alleged attack and subsequent UDID leak is legitimate, it is unclear how or why the FBI secured the Apple UDIDs.

AntiSec noted the UDIDs had varying amounts of personal data, with some having just basic personal information while others were more comprehensive and included full names and addresses. When the group published the UDID sample set, it stripped out identifying data but left Apple Device ID, Apple Push Notification Service DevToken, Device Name and Device Type data intact for users to "look if their devices are listed there or not."

It should be noted that some of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, however private data like phone numbers and addresses are usually blocked.

Apple recently began taking steps to block UDID app access amid increased scrutiny of privacy practices from both consumers and the government. In August 2011, the company warned developers that it would be ending UDID access with iOS 5, effectively ending an easy solution to OS-wide user tracking.
post #2 of 43
Quote:
Originally Posted by AppleInsider View Post

Hackers from AntiSec...
It should be noted that most of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, among other uses...

 

Most of the information, or all of the information?

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #3 of 43

Well, let's assume there is a valid reason for the FBI to keep such a ridiculous amount of private and confidential data on a cheap-ass laptop (can't think of one, but what do I know), this is still rather worrisome. I would expect some Supervisor Special Agent working for FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team (of all people), to know that such data does not belong on a mobile device, and that running something as unsafe as Java on the same device is approaching grossly negligent territory. These incompetent creatures might be more dangerous than what they are fighting.

 

Quote:
It should be noted that most of the information provided in the leaked data sets are commonly available to iOS app developers as a requirement for push notifications, among other uses.

 

Well, that is a bit misleading / euphemistic. Developers would get some of that for/from their own app, but certainly not for all of them on any phone; and certainly not any ZIP codes, phone numbers or addresses without user consent. Even if this just lands in the hands of online marketing spammers, this is 12 million of the most sought-after contact details. Real addresses, belonging to real people with considerable income. No need to downplay that.

post #4 of 43

Your homeland security hard at work.  Lets see.  If they have such information then maybe they have a list of all the rolls of toilet paper  and their serial numbers ever sold to Osama Bin Laden.  Also I have built a bridge to London out of sharp cheddar cheese and green beans.  Yes green beans!

An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #5 of 43

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!

post #6 of 43
13million odd people can now sue the FBI.
post #7 of 43
Quote:
Originally Posted by moustache View Post

13million odd people can now sue the FBI.

The person who sues first will end up in a ditch somewhere mysteriously killed. With their identity wiped and replaced with a wanted fugitive posting.

Or is that the CIA's job?

LOL

Seriously, a embarrassment such as this will result in a manhunt costing not only our information, but millions if not billions of tax dollars (since your essentially sueing for money you paid for this dept work)

Of course the PC boys will laugh at the idea of Mac's replacing the PC's because they are "Less secure" in PC hardcore user's eyes.
White Nexus 7 8GB
Black & Slate iPhone 5 32GB AT&T
Reply
White Nexus 7 8GB
Black & Slate iPhone 5 32GB AT&T
Reply
post #8 of 43
Awesome. Good job to the hackers for exposing a single FBI agent having 1 million user profiles in a bl**dy plain text CSV file.
post #9 of 43
Quote:
Originally Posted by Macky the Macky View Post

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!

Bingo.

Crap laptop
Crap OS
Crap Java
Crap security
Crap CSV file
Crap (no) Encryption

FBI annual budget: 8 Billion USD.

What's wrong with this picture?
post #10 of 43

And to think that Apple got complains for removing Java from Mac OS X. There are a couple of desktop apps I still run that use Java, but I'd never allow it to run in the browser.

post #11 of 43
Quote:
Originally Posted by Macky the Macky View Post

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!

From a poster on Mac Rumors:
Quote:
The laptop probably was encrypted, but encryption doesn't protect you from an exploit that occurs while your computer's running.

Why? Because when you're using the computer, the decryption keys are already there. (otherwise your computer wouldn't be running; can't boot an encrypted laptop without providing the keys)
post #12 of 43

IT sure does beg the question what the FBI is doing with that many UDID's to begin with….. I suppose we could have 12 million "suspected terrorists" and "felony suspects" and "drug-related criminals" in the US… but no doubt mixed in among those; "political activists" and "journalists" and "certain practitioners of selected religions" and so on… after all, Hoover may be long gone, but much of his culture remains...

 

I'd wager a good half those UDIDs are what we would consider unjustified, and crossing some legal lines...

 

 

The next big question would be, where did they get them? The same AT&T that helps the NSA monitor EVERYONE'S phone calls perhaps? Or maybe the NSA just shared...

 

No matter what, this is why I have a problem with laws like the Patriot Act… abuse of power is easy…. recovering the reins of power from the abusers, not so much...

post #13 of 43
Quote:
The laptop probably was encrypted, but encryption doesn't protect you from an exploit that occurs while your computer's running.

Why? Because when you're using the computer, the decryption keys are already there. (otherwise your computer wouldn't be running; can't boot an encrypted laptop without providing the keys)

 

This is not exactly true; actually, it is all wrong. In high sensitivity areas you would normally either not use disk-level encryption, or at least file-level encryption in addition. Systems like Apple's FileVault only protect entire disks and that results in exactly the described problem.

 

In sensitive areas, like research, nuclear technology etc. you normally have a proper PKI-based file-level encryption in place that is even able to detect/log file alterations. Such a system would still work (i.e. ask for a password, biometric information, a token etc.), even if the user is already logged in properly. Actually OS X works the same way for e.g. software installations and keychain access. Even if you are logged in, you still need to re-enter your password for several transactions.

post #14 of 43
Quote:
Originally Posted by tribalogical View Post

IT sure does beg the question what the FBI is doing with that many UDID's to begin with….. I suppose we could have 12 million "suspected terrorists" and "felony suspects" and "drug-related criminals" in the US… but no doubt mixed in among those; "political activists" and "journalists" and "certain practitioners of selected religions" and so on… after all, Hoover may be long gone, but much of his culture remains...

 

I'd wager a good half those UDIDs are what we would consider unjustified, and crossing some legal lines...

 

 

The next big question would be, where did they get them? The same AT&T that helps the NSA monitor EVERYONE'S phone calls perhaps? Or maybe the NSA just shared...

 

No matter what, this is why I have a problem with laws like the Patriot Act… abuse of power is easy…. recovering the reins of power from the abusers, not so much...

 

 

Exactly. 12 million records tying device id to user, enabling tracking of push notifications to boot - and this file wasn't even worth encrypting! Let's get this straight - Congress will call company executives up to testify as to why apps can access your address book - because, you know, that's a huge privacy violation! - while they're of course authorizing spying on all of us anyways? (Or is it 12 million terrorists now?)

 

An app hitting our address book is the least of our worries at this point, and these fake demonstrations of 'we're concerned about the privacy of our citizens' on the part of our leaders is pure theater. They've already authorized full scanning of all internet communications & phone traffic (little things like Echelon / Carnivore / NSA 'anti-terrorism' hooks into internet traffic hubs), and here's a lovely reminder. I'm sure the UDID replacement is traceable by the FBI as well. Who exactly is violating our rights? Well, that's of course harder to trace because that information is of course 'secret' for our protection.  It's a truly disgusting state of affairs.

post #15 of 43

You can check if your UDID is leaked here: http://pastehtml.com/udid , partial search accepted.

post #16 of 43

This is just a small example of why iCloud will see only limited utility and adoption outside the US.  No corporation, government, or anyone with work related sensitive information will use the service.  All the data is kept on servers in the US with complete and free access provided to the US intelligence services like the NSA.

 

The NSA is well known for stealing confidential business information from foreign corporations and handing it over to US corporations to give them a 'helping hand'.

post #17 of 43
Quote:
Originally Posted by cnocbui View Post

This is just a small example of why iCloud will see only limited utility and adoption outside the US.  No corporation, government, or anyone with work related sensitive information will use the service.  All the data is kept on servers in the US with complete and free access provided to the US intelligence services like the NSA.

 

The NSA is well known for stealing confidential business information from foreign corporations and handing it over to US corporations to give them a 'helping hand'.

 

Sure, but you better also hope that your traffic doesn't pass through the US. Or England. Or Australia. Or China. Or anywhere in the Mideast. Or...

 

But I agree, in general keep your data on your own machine unless you want it ending up on a government laptop. Totally screwy - all while proclaiming how free we are and how those other governments are evil for keeping tabs on their citizens.

post #18 of 43
Quote:
Originally Posted by Macky the Macky View Post

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!
Funny that you don't seem concerned with the FBI collecting them first.
post #19 of 43
Quote:
Originally Posted by raymccrae View Post

And to think that Apple got complains for removing Java from Mac OS X. There are a couple of desktop apps I still run that use Java, but I'd never allow it to run in the browser.
Apple got complains for leaving unpatched for months -while a fix existed- its own custom build of Java.
post #20 of 43
Quote:
Originally Posted by dreyfus2 View Post

]
Actually OS X works the same way for e.g. software installations and keychain access. Even if you are logged in, you still need to re-enter your password for several transactions.

Take a look at the "security" app in the terminal some time. There isn't nearly as much security or control as you would think from the keychain GUI.
post #21 of 43

ah, c'mon. facebook probably has more udids.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #22 of 43
Quote:
Originally Posted by magz View Post

You can check if your UDID is leaked here: http://pastehtml.com/udid , partial search accepted.

Of all my devices, only my iPad 3 (Verizon) was leaked.  I wonder if all the devices leaked were from Verizon?  

post #23 of 43

So the FBI is engaged in illegal snooping?  Doesn't everyone know they do?  The federal spooks (FBI,TSA,CIA, etc) pay little attention to either laws or the Constitution; they do as they d**n well please. The Gestapo and the NKVD would have loved all the snooping equipment and technology that the federal spooks have.

post #24 of 43

Not sure how you do that.  My wife has google docs from her work place that require java, netflix likewise requires it.  Do you have a work around that allows technically uninformed users to use the web and not have Java?

post #25 of 43
Quote:
Originally Posted by tribalogical View Post

IT sure does beg the question what the FBI is doing with that many UDID's to begin with….. I suppose we could have 12 million "suspected terrorists" and "felony suspects" and "drug-related criminals" in the US… but no doubt mixed in among those; "political activists" and "journalists" and "certain practitioners of selected religions" and so on… after all, Hoover may be long gone, but much of his culture remains...

I'd wager a good half those UDIDs are what we would consider unjustified, and crossing some legal lines...


The next big question would be, where did they get them? The same AT&T that helps the NSA monitor EVERYONE'S phone calls perhaps? Or maybe the NSA just shared...

No matter what, this is why I have a problem with laws like the Patriot Act… abuse of power is easy…. recovering the reins of power from the abusers, not so much...

It was the best Angry Bird players. Think about it, birds being shot into buildings built by pigs. Birds, as in planes, and pigs, a euphemism for law enforcement officers. Anyone who plays that game is a terrorist. It all makes perfect sense¡

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply
post #26 of 43
What the f******!
The government is up to its old tricks. Mother..........
post #27 of 43

America...Land of the free. Welcome to the real world, chaps.

post #28 of 43
Quote:
Originally Posted by dreyfus2 View Post



Well, that is a bit misleading / euphemistic. Developers would get some of that for/from their own app, but certainly not for all of them on any phone; and certainly not any ZIP codes, phone numbers or addresses without user consent.

And perhaps they gave the consent. Who knows where this information, if real, came from to be on that laptop, if that is how they really got it
post #29 of 43
Quote:
Originally Posted by old-wiz View Post

So the FBI is engaged in illegal snooping?  Doesn't everyone know they do?  The federal spooks (FBI,TSA,CIA, etc) pay little attention to either laws or the Constitution; they do as they d**n well please. The Gestapo and the NKVD would have loved all the snooping equipment and technology that the federal spooks have.

Based on a statement by a hacker group. You know they could be lying. The laptop might have been evidence from a raid. Or the file was something they had from one of those 'snooping' apps and was never on the computer. Those 'look up your UDID sites could be phishing folks to get more info somehow.

Who knows what's going on but it might be what they say
Edited by charlituna - 9/4/12 at 9:07am
post #30 of 43
Quote:
Originally Posted by moustache View Post

13million odd people can now sue the FBI.

How do you know they are "odd"?

post #31 of 43

It is unlikely that the FBI can have 12 million felons and terrorists on their laptops since most of the adult population is already in jail for one reason or another and they DONT have apple computers. I suppose it could be the "terrorists and felons" that work in financial services but I thought that they were on the same side as the FBI!

post #32 of 43
Quote:
Originally Posted by boredumb View Post

How do you know they are "odd"?

um, they use Apple products?

post #33 of 43
Originally Posted by Flash_beezy View Post
The person who sues first will end up in a ditch somewhere mysteriously killed. With their identity wiped and replaced with a wanted fugitive posting.
Or is that the CIA's job?

 

KGB.


Originally Posted by magz View Post

You can check if your UDID is leaked here: , partial search accepted.

 

That's nice. This is just in case they didn't get your UDID, you can just give it to them willingly by typing it on the Internet. That's nice.


Originally Posted by sholto View Post
um, they use Apple products?

 

No, the phrase "#-odd" is used when the true number is unknown but a moderate range around the spoken number is.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #34 of 43

The laptop could have been a honeypot...  It will be intresting to follow the story to see the who's who on this list.

Long FB, AMZN
Schlong AAPL

Reply

Long FB, AMZN
Schlong AAPL

Reply
post #35 of 43
Quote:
Originally Posted by Macky the Macky View Post

The FBI has all this shit on a cheap-assed Windows laptop and didn't even think to encrypt it????!!!!!

at least he was not using a shitty Mac

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply
post #36 of 43
Originally Posted by daylove22 View Post
at least he was not using a shitty Mac

 

What purpose do you have to be here? At all?

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #37 of 43
Quote:
Originally Posted by sr2012 View Post


Bingo.
Crap laptop
Crap OS
Crap Java
Crap security
Crap CSV file
Crap (no) Encryption
FBI annual budget: 8 Billion USD.
What's wrong with this picture?

why should they use OSX read usage data only 5% of all computers ran OSX...thank god the majority are smart and use Windows

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply
post #38 of 43
Originally Posted by daylove22 View Post
why should they use OSX read usage data only 5% of all computers ran OSX...thank god the majority are smart and use Windows

 

You're trolling. Blatant lies, no truth, complete nonsense. Why are you here?

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #39 of 43

LOL NUBES. Sorry. Just had to get that out there.

Come visit and chat with me about Apple: Appstorechronicle.com

Email Me: Editor@appstorechronicle.com

Reply

Come visit and chat with me about Apple: Appstorechronicle.com

Email Me: Editor@appstorechronicle.com

Reply
post #40 of 43

Happy to say I was not under investigation by the FBI. Don't know about you guys.

Come visit and chat with me about Apple: Appstorechronicle.com

Email Me: Editor@appstorechronicle.com

Reply

Come visit and chat with me about Apple: Appstorechronicle.com

Email Me: Editor@appstorechronicle.com

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop