Sign in with
Sign up | Sign in

Apple, FBI Deny UDIDs Discovered by AntiSec

By - Source: AllThingsD | B 18 comments

Apple and the FBI deny AntiSec's claim of hacking into a laptop and retrieving over 12 million UDIDs.

Immediately after news went live reporting that AntiSec hacked into an FBI agent's laptop and discovered over 12 million Apple Unique Device Identifiers (UDIDs) listed on a file stored on the desktop, the government agency flat out denied both the hack and the file's existence.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the FBI's website states. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

The FBI Press Office wasn't quite so diplomatic on Twitter. "Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE."

According to AntiSec, the group hacked into a Dell Vostro notebook used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team. The hack took place in the second week of March 2012 using the AtomicReferenceArray vulnerability on Java.

AntiSec said they retrieved a file called "NCFTA_iOS_devices_intel.csv" from his desktop which contained a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses and more.

The prove that it indeed retrieved the numbers from the FBI, AntiSec released a list of 1 million numbers linking to their users and their APNS tokens. The group trimmed out the more sensitive data like full names, cell numbers, addresses, zip codes and more.

"Not all devices have the same amount of personal data linked. Some devices contained lot of info," the hactivist group stated. "Others no more than zip codes or almost anything. We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not."

Despite the details provided by AntiSec, the FBI is denying everything like a classic X-Files episode. Even more, Apple claims that the government didn't request the information, nor did Apple provide the numbers to the FBI or any other4 organization.

"Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Apple spokeswoman Natalie Kerris told AllThingsD.

Meanwhile. Security firm Imperva updated its blog with a step-by-step tutorial on how the unofficial FBI breach actually worked. It was conducted as follows:

1. The hacker used a framework to load the exploit code and generate a host to let the victim download the malicious payload.
2. The victim is tricked to access the malicious host, by either persistent XSS infection on a site, malicious link in an email, or plain social engineering to name a few.
3. Once the target has activated the URL, the payload is activated via the vulnerability vector and a reverse session is opened between the hacker and the victim.
4. The hacker at this stage has full control on the machine and is able to launch commands including a prompt to execute code or search the victims host.

"If the hackers have what they claim, they may be able to cross reference the breached data to monitor a user’s online activity—possibly even a user’s location," Imperva said on Tuesday. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today.  But with the full information that hackers claim to have, someone can perform this type of surveillance.  This implies that the FBI can track Apple users."

Let's hope the hacking is all fake and merely a ploy to get attention.

 

Contact Us for News Tips, Corrections and Feedback

Display 18 Comments.
This thread is closed for comments
Top Comments
  • 26 Hide
    blurr91 , September 6, 2012 1:07 AM
    Between the government and the hacker group, I'm not sure which I would trust more.
  • 20 Hide
    amuffin , September 6, 2012 1:16 AM
    Agreed^^
  • 19 Hide
    hrhuffnpuff , September 6, 2012 2:06 AM
    I do not trust either the Government nor Crapple. Both deceive and sadly people still believe in both. As for the hacking group, leave them be. A little vigilantism never hurts. Just ask Charles Bronson.
Other Comments
  • 26 Hide
    blurr91 , September 6, 2012 1:07 AM
    Between the government and the hacker group, I'm not sure which I would trust more.
  • 20 Hide
    amuffin , September 6, 2012 1:16 AM
    Agreed^^
  • -4 Hide
    nacos , September 6, 2012 1:27 AM
    blurr91Between the government and the hacker group, I'm not sure which I would trust more.

    If there's one thing I hate almost as much as secretive government agencies, it's "vigilante" hacker groups who do what they think is right regardless of the impact or popular opinion.
  • 11 Hide
    A Bad Day , September 6, 2012 1:43 AM
    blurr91Between the government and the hacker group, I'm not sure which I would trust more.


    Welcome to the club.
  • 18 Hide
    thecolorblue , September 6, 2012 1:49 AM
    the government NEVER lies
    there is ZERO documentation proving lies by the FBI.... erm..

    ...HAHAHAHAHAHAHAHAHHHAAAA
  • 19 Hide
    hrhuffnpuff , September 6, 2012 2:06 AM
    I do not trust either the Government nor Crapple. Both deceive and sadly people still believe in both. As for the hacking group, leave them be. A little vigilantism never hurts. Just ask Charles Bronson.
  • 11 Hide
    DavidRitchey , September 6, 2012 2:42 AM
    Vigilante hacker groups are far more righteous than a government secretly operated by the owners of the corrupt, private, "Federal" Reserve.
    Read about the history of the USA, dead presidents, and presidential memoirs.
    DOWN with the FED. DOWN with dishonorable government. It's the American way. Go vigilantes!
  • 3 Hide
    Nills , September 6, 2012 3:28 AM
    I am not sure who is telling the truth, but it doesn't matter. I'm playing on my Macbook and some dev can have an UDID call as part of a flash game. Apple needs to patch this BS, and quit trying to play monopoly.
  • 7 Hide
    blazorthon , September 6, 2012 3:30 AM
    DavidRitcheyVigilante hacker groups are far more righteous than a government secretly operated by the owners of the corrupt, private, "Federal" Reserve.Read about the history of the USA, dead presidents, and presidential memoirs.DOWN with the FED. DOWN with dishonorable government. It's the American way. Go vigilantes!


    Being better than the USA government is easy. However, I wouldn't call them good, just the lesser of the two evils to an extreme.
  • -1 Hide
    neoverdugo , September 6, 2012 3:52 AM
    Liar, Liar! Pants on Fire! The FBI Bought those files from Apple as part of spying the population program. Like Facebook, Apple sold our privacy for money like mercenaries. (However, i don't own an iphone, ipad or itouch)
  • 3 Hide
    nebun , September 6, 2012 4:59 AM
    if you believe anything the FBI says then you are a fool...look at how many people are killed each day because of the FBI or these so called secret services
  • 1 Hide
    leeashton , September 6, 2012 6:30 AM
    other4 should be other, proof reading toms
  • 9 Hide
    rantoc , September 6, 2012 7:21 AM
    Its a sad day when a government agency have less trust than a hacktivist group, sais something doesn't it?
  • 1 Hide
    master_chen , September 6, 2012 7:53 AM
    The stupid Governments would never get it, I guess...
  • 0 Hide
    spentshells , September 6, 2012 11:06 AM
    nacosIf there's one thing I hate almost as much as secretive government agencies, it's "vigilante" hacker groups who do what they think is right regardless of the impact or popular opinion.


    Sounds like you dislike government as well
  • -1 Hide
    DRosencraft , September 6, 2012 2:29 PM
    I know it's not popular to say, and I know few will agree with me, but I do believe that the gov't genuinely tries it's best for the public's sake. There are a number of bad incidents that should be highlighted and addressed, but those moments tend to cast a shadow over everything else. I do not believe the gov't needs to be coddled or any such thing, but I think people don't give the gov't enough credit for the good it does, and piles on whenever it screws up.

    Additionally, I don't like Apple as a company. I don't hate them, and I do believe their products are at least made with quality, but as a company I can't really come to like them all that much. Then there's these hackers... They need to be locked up and someone needs to lose the key. Whether they did or didn't really steal all those UDIDs doesn't really matter right now. Their actions are nothing but self aggrandizing, grandstanding, over doing something completely stupid.
  • 0 Hide
    blazorthon , September 6, 2012 2:42 PM
    DRosencraftI know it's not popular to say, and I know few will agree with me, but I do believe that the gov't genuinely tries it's best for the public's sake. There are a number of bad incidents that should be highlighted and addressed, but those moments tend to cast a shadow over everything else. I do not believe the gov't needs to be coddled or any such thing, but I think people don't give the gov't enough credit for the good it does, and piles on whenever it screws up. Additionally, I don't like Apple as a company. I don't hate them, and I do believe their products are at least made with quality, but as a company I can't really come to like them all that much. Then there's these hackers... They need to be locked up and someone needs to lose the key. Whether they did or didn't really steal all those UDIDs doesn't really matter right now. Their actions are nothing but self aggrandizing, grandstanding, over doing something completely stupid.


    I agree with your stance on Apple, but I simply don't agree with your stance about the government. I think that the purpose of the government should be to help our nation and its people, but I don't think that that is what it is really doing. I do not believe that they are doing nearly the best that could be done in this goal. Many of their actions seems to be intentionally counter-intuitive in this.

    As for the hackers, well, they are committing criminal acts... They aren't revolutionaries fighting the red-coats like what went down in the 18th century i n the USA. They are criminals that occasionally pretend that they are justified. Yes, they should be punished. Maybe there really are a rare few people that do some cracking and actually do good with it, but that's not the kind of thing that seems easy to do genuine good with. It's like trying to do good with a gun as a guerrilla in the wrong war, except you're not even a *badass* for doing it. At least for the vast majority, these don't seem to be good people doing good deeds in the best interest of our nation. Sure, a little of what they do can be good, but not even our government does naught but bad things either.

    Well, that's my opinion of it.
  • -2 Hide
    Kami3k , September 7, 2012 8:00 AM
    DavidRitcheyVigilante hacker groups are far more righteous than a government secretly operated by the owners of the corrupt, private, "Federal" Reserve.Read about the history of the USA, dead presidents, and presidential memoirs.DOWN with the FED. DOWN with dishonorable government. It's the American way. Go vigilantes!


    Lol RonTards infest the internet.