Sign in with
Sign up | Sign in

AntiSec Reveals FBI Laptop Containing 12 Million Apple UDIDs

By - Source: Imperva | B 29 comments

Forget about AntiSec hacking into an FBI agent's laptop: we want to know why the FBI has over 12 million Apple UDIDs in the first place.

Security firm Imperva points to this report which states that AntiSec hacked into an FBI agent's laptop and retrieved over 12 million Apple Unique Device Identifiers (UDIDs). To prove this, the group has released 1 million of those numbers linking to their users and their APNS tokens. The group trimmed out the more sensitive data like full names, cell numbers, addresses, zip codes and more.

"Not all devices have the same amount of personal data linked. Some devices contained lot of info," the hactivist group states. "Others no more than zip codes or almost anything. We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. The DevTokens are included for those mobile hackers who could figure out some use from the dataset."

The group reports that during the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team, was breached using the AtomicReferenceArray vulnerability on Java. During the shell session, they downloaded a filed called "NCFTA_iOS_devices_intel.csv" from his desktop.

According to the post, this CSV file is what contained a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses and more. "The personal details fields referring to people appears many times empty leaving the whole list incomplete on many parts. No other file on the same folder makes mention about this list or its purpose," the group adds.

The big question here is not how and why AntiSec infiltrated an FBI agent's computer, but rather what the FBI is doing with over 12 million Apple UDIDs in the first place. Still, is this breach actually real, or just a stunt to shine the spotlight on AntiSec/Anonymous? Imperva thinks the FBI breach is genuine, and that the stolen Apple data is real.

"The FBI agent that was supposedly breached is real.  He’s a known recruiter in the FBI focused on getting white hack hackers to work for the feds," the firm states. "The data base that was breached seems authentic—though only Apple can confirm.  However, the structure and format of the data indicates that this is a real breach.  It would be hard to fake such data."

Interestingly, Imperva focuses on the hackers who invaded the FBI agent's PC, not what the agent actually had on his desktop. The firm said this latest release shows a new angle on hacktivism, that they targeted an individual rather than an entire entity. The hack also wasn't pre-announced – attacks are usually revealed via Twitter and IRC using Operation [Fill In The Blank].

"If the hackers have what they claim, they may be able to cross reference the breached data to monitor a user’s online activity—possibly even a user’s location," Imperva reports. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today.  But with the full information that hackers claim to have, someone can perform this type of surveillance.  This implies that the FBI can track Apple users."

Kim Dotcom took to Twitter after the stolen data was exposed and pointed out the obvious. "What's the FBI doing with over 12 million iPhone user details? Mass tracking & surveillance? Are there no more limits?"

So far we haven't seen a comment from Apple or the FBI.

 

Contact Us for News Tips, Corrections and Feedback

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 23 Hide
    jazz84 , September 4, 2012 11:40 PM
    Why does the FBI have the user info of over 12 million Apple device owners?

    My guess: because Apple willingly handed it over. I wouldn't be the least bit surprised if it was unsolicited, too.

    Apple: Hey, FBI! We keep detailed records of everything our users do with our devices. Interested?
    FBI: Yeah, but we didn't ask you fo-....
    Apple: First taste is always free. We'll talk contracts later.

    *I keed, of course... or do I?
  • 23 Hide
    _scientist , September 4, 2012 11:23 PM
    Hmm, I wonder what else the federal government is "monitoring" these days.
  • 22 Hide
    molo9000 , September 4, 2012 11:30 PM
    Welcome to 1984. Enjoy your stay.
Other Comments
    Display all 29 comments.
  • -1 Hide
    reprotected , September 4, 2012 11:20 PM
    Insert Apple hate comment here.
  • 23 Hide
    _scientist , September 4, 2012 11:23 PM
    Hmm, I wonder what else the federal government is "monitoring" these days.
  • -3 Hide
    azraa , September 4, 2012 11:25 PM
    Congrats on the hack team, thats for sure, even if they used Java to breach.
    But the real issue is the info, and how it can be used for activity surveillance.

    Damn it, I just wish everyone in this world to know how to detect tricky programming lines. This wouldn't happen if everyone could just open an OS and know exactly what it does. I miss my internet security and privacy u_u

    Maybe this is just another reminder that we should support and cheer up free thinking, ethical OS and software developers, freelancers and guys like the ones at Linux, instead of big rotten companies.
  • 22 Hide
    applegetsmelaid , September 4, 2012 11:27 PM
    I don't think it's too far fetched to conclude that Apple gives the FBI whatever info they ask for.
  • 22 Hide
    molo9000 , September 4, 2012 11:30 PM
    Welcome to 1984. Enjoy your stay.
  • 19 Hide
    azraa , September 4, 2012 11:33 PM
    applegetsmelaidI don't think it's too far fetched to conclude that Apple gives the FBI whatever info they ask for.

    It's not.
    That is within the FBI attributions. They can ask for digital records held by any company in case that a subjet is being investigated. But seriously, 12million IDs?, perfectly usable for tracking? ... that's the creepy part.
  • 23 Hide
    jazz84 , September 4, 2012 11:40 PM
    Why does the FBI have the user info of over 12 million Apple device owners?

    My guess: because Apple willingly handed it over. I wouldn't be the least bit surprised if it was unsolicited, too.

    Apple: Hey, FBI! We keep detailed records of everything our users do with our devices. Interested?
    FBI: Yeah, but we didn't ask you fo-....
    Apple: First taste is always free. We'll talk contracts later.

    *I keed, of course... or do I?
  • 15 Hide
    A Bad Day , September 4, 2012 11:45 PM
    Or, the FBI asked for some info regarding some people, and Apple decided to dump everything onto the FBI just in case.

    I'd think Apple's lawyers would rather face a class-action lawsuit than a FBI investigation...
  • 12 Hide
    jazz84 , September 5, 2012 12:12 AM
    _scientistHmm, I wonder what else the federal government is "monitoring" these days.


    Probably more than what they're not monitoring.
  • 4 Hide
    bllue , September 5, 2012 12:24 AM
    Apple gives the info on their own, without the FBI asking. Apple is evil
  • -4 Hide
    teh_chem , September 5, 2012 12:52 AM
    While I am doubtful of (a) the hack, or (b) the file contents if there was a hack, it could also be if the FBI is harvesting apple device info, maybe it's for government-issued devices?

    Anyhoo, I am highly suspicious that this happened simply because of the name of the file. While there are tons of examples of dummmyness and contrary-to-common-sense-ishness, I would be shocked if the name of a project were used in the name of a file. The first thing you're supposed do with classified info (or rather, info on a classified project) is detract any associations with the project in file-names. This would be a pretty unbelievable thing if it were true (yet...believable...).
  • 11 Hide
    jazz84 , September 5, 2012 1:02 AM
    teh_chem...I am highly suspicious that this happened simply because of the name of the file.


    I wouldn't be so sure (though I am in no way trying to shoot you down). Let's look at the first part of that file name: NCFTA. Forbes did a decent write-up on this shady little non-profit: http://tinyurl.com/bm73wcf
    To quote their article:

    "Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI."

    This would lend credence to the idea that Apple probably just flat-out handed the data over and likely does so on a regular basis. Easy way to bank some quid pro quo with a powerful national government. This would also suggest that the means by which the FBI received this information were not classified, so the rules you mention about file names related to classified projects may not even apply here.
  • 4 Hide
    teh_chem , September 5, 2012 1:10 AM
    jazz84I wouldn't be so sure (though I am in no way trying to shoot you down). Let's look at the first part of that file name: NCFTA. Forbes did a decent write-up on this shady little non-profit: http://tinyurl.com/bm73wcfTo quote their article:"Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI."This would lend credence to the idea that Apple probably just flat-out handed the data over and likely does so on a regular basis. Easy way to bank some quid pro quo with a powerful national government. This would also suggest that the means by which the FBI received this information were not classified, so the rules you mention about file names related to classified projects may not even apply here.

    Ah, that's all a very good point! I would counter and say that just because information was communicated between two parties doesn't mean it's still not classified. Tons of government sub-contracts are all-contained as classified/secret/top-secret, and info always goes to and fro between the two parties. If the project is classified/secret/top-secret, so is the info (again, not saying that this had anything to do with a classified project either).
  • 3 Hide
    hawkwindeb , September 5, 2012 1:17 AM
    It was stated in the article about the FBI agent: "He’s a known recruiter in the FBI focused on getting white hack hackers to work for the feds," ...

    So maybe, if the article is about real a FBI agent, and the data is really as it is stated, again - maybe the data was stolen by some hacker that is of interest to the FBI either to be recruited or prosecuted. It may be part of the hacker's portfolio to show off what that hacker can do. Yes a lot of maybe's and if's. just saying....
  • 3 Hide
    jazz84 , September 5, 2012 1:30 AM
    hawkwindebIt was stated in the article about the FBI agent: "He’s a known recruiter in the FBI focused on getting white hack hackers to work for the feds," ...So maybe, if the article is about real a FBI agent, and the data is really as it is stated, again - maybe the data was stolen by some hacker that is of interest to the FBI either to be recruited or prosecuted. It may be part of the hacker's portfolio to show off what that hacker can do. Yes a lot of maybe's and if's. just saying....



    Now THAT gets me thinking: a file like that full of seemingly-legit data (but with a way-too-obvious file name) and on the portable computer of an agent who apparently has regular contact with talented members of the hacking community? Either the agent is a grade-A doofus or this is essentially the digital equivalent of a bait car.
  • 0 Hide
    nebun , September 5, 2012 6:29 AM
    this is what i call modern day communism....yet we are trying to ensure that everyone around the world are free...oh, the irony
  • 0 Hide
    cumi2k4 , September 5, 2012 6:34 AM
    Well, since he's a recruiter, maybe he need it to perform preliminary check and elimination for potential employees? After all, you do know what they say about the intelligence of apple user nowadays, right?

    /keed
  • 0 Hide
    rantoc , September 5, 2012 7:31 AM
    Big brother is watching - Always, no matter if you are suspected of anything or not!
  • 0 Hide
    The_Trutherizer , September 5, 2012 9:22 AM
    Well I doubt that they'll be reading your texts or checking what music you've been listening to if you are not under investigation. And generally your internet privacy isn't worth squat when you are under investigation. The thing just is that somewhere somebody is abusing this information. No doubt. And assuming that the law allows for the agent to have the data then agent miserably failed to protect the confidentiality of the people he is supposed to serve. Whether it be from his own fault of that of the system he is in it marks a failure. And I just don't know whether to blame the system or blame the hackers anymore.
Display more comments