Security firm Imperva points to this report which states that AntiSec hacked into an FBI agent's laptop and retrieved over 12 million Apple Unique Device Identifiers (UDIDs). To prove this, the group has released 1 million of those numbers linking to their users and their APNS tokens. The group trimmed out the more sensitive data like full names, cell numbers, addresses, zip codes and more.
"Not all devices have the same amount of personal data linked. Some devices contained lot of info," the hactivist group states. "Others no more than zip codes or almost anything. We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. The DevTokens are included for those mobile hackers who could figure out some use from the dataset."
The group reports that during the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team, was breached using the AtomicReferenceArray vulnerability on Java. During the shell session, they downloaded a filed called "NCFTA_iOS_devices_intel.csv" from his desktop.
According to the post, this CSV file is what contained a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses and more. "The personal details fields referring to people appears many times empty leaving the whole list incomplete on many parts. No other file on the same folder makes mention about this list or its purpose," the group adds.
The big question here is not how and why AntiSec infiltrated an FBI agent's computer, but rather what the FBI is doing with over 12 million Apple UDIDs in the first place. Still, is this breach actually real, or just a stunt to shine the spotlight on AntiSec/Anonymous? Imperva thinks the FBI breach is genuine, and that the stolen Apple data is real.
"The FBI agent that was supposedly breached is real. He’s a known recruiter in the FBI focused on getting white hack hackers to work for the feds," the firm states. "The data base that was breached seems authentic—though only Apple can confirm. However, the structure and format of the data indicates that this is a real breach. It would be hard to fake such data."
Interestingly, Imperva focuses on the hackers who invaded the FBI agent's PC, not what the agent actually had on his desktop. The firm said this latest release shows a new angle on hacktivism, that they targeted an individual rather than an entire entity. The hack also wasn't pre-announced – attacks are usually revealed via Twitter and IRC using Operation [Fill In The Blank].
"If the hackers have what they claim, they may be able to cross reference the breached data to monitor a user’s online activity—possibly even a user’s location," Imperva reports. "To be clear, the released database is sanitized so you cannot perform this type of surveillance today. But with the full information that hackers claim to have, someone can perform this type of surveillance. This implies that the FBI can track Apple users."
Kim Dotcom took to Twitter after the stolen data was exposed and pointed out the obvious. "What's the FBI doing with over 12 million iPhone user details? Mass tracking & surveillance? Are there no more limits?"
So far we haven't seen a comment from Apple or the FBI.