Hackers Swipe 12 Million Apple Device Codes From the FBI

 Pages 1 2 NEXT
 

Hackers Swipe 12 Million Apple Device Codes From the FBI

image

AntiSec claims to have proof that the federal government is spying on the American public.

A UDID, for those not in the know, is a 40-character "unique device identifier" tied to iPhones, iPads and iPod Touches, typically used by app developers for tracking and by Apple to authenticate Siri requests on the iPhone 4S. But more than 12 million of them, along with all sorts of other information, are apparently now in the hands of AntiSec, which came to them by way of the Federal Bureau of Investigation.

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java," the group said in a rambling and rather mangled release on Pastebin. "During the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."

Download links to 1,000,001 of the stolen UDIDs, along with decryption instructions, are provided later in the post. "we decided a million would be enough to release. we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." the statement continues. "not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset."

In case it's not sufficiently alarming that AntiSec has access to 12 million UDIDs - and I honestly don't know if that's something to get overly alarmed about or not - the question behind the question is what the FBI was doing with them in the first place. AntiSec theorizes that the feds are "using your device info for a tracking people project or some shit," which, while impossible to prove, may not be too far off the mark. The only good news in this debacle is that AntiSec has made no claims about accessing passwords or credit card numbers. Neither Apple nor the FBI have commented on the leak or how the FBI came to be in possession of the UDIDs.

Source: Pastebin, via CNN

Permalink

...I'm not sure wether to be elated that they bassically went "screw you US goverment" or terrefied that they're using their insane hacktivism powers in such a way.

Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

I KNEW ANDROID WAS BETTER!!!!! But they probably have that too lol. Oh well, they really shouldn't have that info but whatever. Good thing I live in Canada, CSIS probably doesn't have the resources to do this kinda thing. Why does this surprise anyone though?

On second thought it's probably in the apple user agreement somewhere.

Unless someone is going on a killing spree or rape someone, they're fine.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

One legitimate concern would be how government agencies like the FBI semi-regularly get hacked by people who are not considerate enough to omit sensitive financial information. These agencies are not good custodians of data at all, and if they compile a database that includes our financial information, someone will hack them, and a lot of people will suffer for it.

It's similar to my concerns about their involvement with cyberwarefare. I'm not worried about the CIA or NSA engineering things like the Flame virus. I'm worried about what happens when cybercriminals take those techniques and use them for their own purposes.

The government has massive resources for technical engineering and data-gathering, but has a piss-poor record of keeping what they find secret, so if they have a lack of caution in what they engineer or what data they gather, they're functioning as an unwitting R&D department for criminals.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

Yes, after all, our government has never been known to attempt to silence dissidents, nor is there any chance that it might ever in the future, either. Obviously such information, collected without the knowledge or consent of the device users nor with any sort of warrant, is not any sort of sign of corruption within the powers that we the people allow to have a monopoly on force. There is nothing to worry about here.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

How about the fact that it's clearly not that hard for non-government agencies to get a hold of it?

I just don't understand this type of thinking "Who cares what the government knows about us!" "If you're not a criminal why do you care" Etc. Etc. No. Bullshit. They shouldn't just be able to gather every tiny piece of information about us and store it for seemingly no reason. There's a reason why we have warrants and stuff, so normal people don't constantly get harrased and tailed by the cops for no reason.

If they are tracking all our electronic devices, what's next? Police tails on every person in the country, just looking for the one time you jay walk or drop a ciggarette on the ground?

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

ME. Because I value my privacy. The government does not have the right to know where I am and what I am doing at all times.

Some people in this thread : "Who cares if your government is spying on you and keeping records on you of how big the crap you took last night is. I'm sure they are using that information for good."

Some people in this thread : "The government is spying on us and they are trying to control everything we do! Grab your tin foil hats fast to protect yourself!"

In reality this is nothing new. Information is a weapon and the government loves weapons against it's citizens. This is not something you should get up in arms about because what do they really have? Your porn records? Big deal. On the other hand. If I hide in the bushes spying on my neighbours having sex to document at what time they go at it. I get arrested. The government should not be allowed to spy on it's citizens without having to prove there is a suspicion to warrant such monitoring.

I'm actually more worried about what AntiSec was originally looking for rather than the fact the FBI has that information. I'm in Canada so it doesn't really affect me, however I can understand why people may or may not be upset. Still, I'm sort of glad this was the ONLY stuff they got, because god knows what else they had planned (AntiSec I mean)

Well, considering that these UDID's had lumps of major data, such as addresses, push tokens, and personal information (which may contain financial information), I don't think the "who the hell cares" attitude is right to have. You should care.

The way the story is presented, lets go under the idea that it is true - if this turns out to be a ruse, then none of this will matter. I expect this will either be investigated or shooed under the carpet.

First off, they are using a private companies information to keep tabs on people. This is *technically* illegal to do - the Patriot Act does give the FBI the power to spy of people, but there has to be a cause. And I don't think 'buying Apple products' labels you as a jihadist. If the government is using its power to spy on citizens, thats a VERY slippery slope. What stopping them from saying "alright. Now we get to bug your phones to listen to your calls. Or tap into the camera". If they're using it to track criminals or not doesn't matter - the second you say "Ill give up freedom for security", you cross into a dangerous area.

Second off, amassing personal information is a really bad idea. 12 Million people have had information compromised - and that's assuming that ONLY Apple is being monitored. What if this is happening with Android? Motorola? Samsung? Granted, I doubt they use the same process as Apple does, but its not out of the picture to say that the way they keep their user data stored isn't hackable.

Now, there is a counterpoint to this. Companies like Apple, and more importantly, any service provider over the internet HAS to store personal information. Its just something that has to be done to ensure speedy and accurate content - be it from GPS data, to purchases, etc. Some degree of information has to be held on to. This data, however, is usually minimalistic in nature, highly encrypted, and destroyed when the data ceases to be relevant. Private enterprises hold data in a different way than the government would - Apple doesn't store your UDID information in ONE spot. Its hosted over hundreds of different servers, each with their own encryption. Amassing it all onto a SINGLE laptop, that can be hacked using a Java exploit is complete madness.

I expect to see this either blow up or blow away. If it is true, I am dissapointed.

In other news, AntiSec just learned about the fucking Patriot Act!

Look, I'm not saying we live in an ideal world, or that in an ideal world the government would have all the freedom they do. But does that give anyone the right to call them out for it by committing a federal crime? As some have mentioned, AntiSec has only just proven that assholes like them can get this information whenever they want.

I'm not being unrealistic by saying there's no reason to care, I'm just saying that we don't need a group of excuse-riddled cyber criminals to tell us what we already know.

I'm always depressed by this kind of threads/news. But not because the actual news, but because of the huge number of people who are all so eager to give up part of their freedom.
America, the land of the not so free.

Ya know if our government was not an out of control monster i would be more against this.

The story that needs to be looked into however if the FBI had all this information where did they get it? Did apple hand over 12 million plus ids to the fbi to use however they wanted?

Did the FBI steal this info off apple servers?

Whatever happened to privacy? whatever happened to search and seizure laws, you would think the digital age is all about invasion of privacy, just who can do it better, pirates or government, and the pirates seem to do it much better IMO. It makes me no more comfortable to think that pirates have personal information about me than to think the federal government has it.

Just because you own an apple product does that give the federal government any right to assume all data belongs to them? Who made that decision? Did apple consumers have any say? What was the reason why the government had all this stuff?

And i thought that obama was so against the "patriot" act, facist dictator act it should have been called, and not only did that lying moron resign the thing he made it even more intrusive, and more guilty unto you prove your innocent legislation.

Jesus do you people like shiny things that much that you don't care about the possibly that a government enforcement agency could be using said shiny things to encroach on your privacy and freedom. Indoctrinated to a system of materialism, and its a damn shame.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

Happen to notice how he seemed upset about "outing" one FBI agent, but the violated privacy of 12,000,000 other people means nothing?
This is why it's a problem
Example: Twitter's currently fighting subpoenas for the personal information of users that are supposedly connected to the Occupy movement. Set aside what you feel about the movement itself & consider that at the same time, law abiding citizens are routinely arrested and/or assaulted for so much as taking a picture of a law enforcement agent.
Innocent people have to watch their backs & the government is without accountability. THAT is why people care

DVS BSTrD:
In other news, AntiSec just learned about the fucking Patriot Act!

Republiclican senators: WE WANT TO SPY ON THE AMERICAN PEOPLE! SMALL GOVERNMENT!

I think that the people taking sides here (Gov. vs. Privacy) are kind of missing the point. This sort of mass data collection is AGAINST THE LAW, and although the FBI and the talking heads that will pop up with their 1 cent will no doubt pull the "we can do whatever we want because something something national security something something make you safer" card; ask yourself a question. Did you or any of the 12m victims involved give the FBI permission to collect this data? What's that? YOU SAY YOU DIDN'T! OMG YOU SHOULD GO CALL UP YOUR REPRESENTATIVES AND COMPLAIN (by phone, not by mail) RIGHT NOW!

Seriously folks. You pay for these people. Go harass them, like right now.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

Fill in the blanks to complete this famous quote:

"He who sacrifices ........ for ........ deserves ........"

The most prominent of all the worlds democracies; the country that likes nothing better than to trumpet their endorsement of freedom and fairness on the world stage, is secretly spying on its own civilians, co-opting their own technology to do so, without legal legal justification and essentially treating everyone as guilty until proven innocent? I's say that's something to get very worried about indeed.

Yeah, if you have nothing to hide then this is of no practical consequence to you, but that's not the point. The point is how blatantly wrong this is in principle. When we take all these little steps along the way to becoming a Police State, when we sell out the very cornerstones of a nation for the sake of protecting it from the 'bad men' that are 'out there', then we've fallen on our own sword. We've destroyed the very thing that said bad men wanted gone in the first place.

This is, of course, not even starting on how easy it seems to be for this information to be stolen.

FBI had no need for that info in the first place. They deserve to be hacked and I will continue to laugh at them. Good job Antisec.

yuval152:

Unless someone is going on a killing spree or rape someone, they're fine.

What IF, AntiSec uses the info too steal a bunch of your money? What IF, the FBI is really trying too spy on every move you make and try some of the strong arming we saw in the 60s/70s?

Today, even if you give your credit card info to the criminals, you can get your credit card fixed. Someday soon, I think that if the banks can prove stupidity on your part, then they might not have too reimburse you.

Today, you are a strong supporter of (insert corp here) but (insert rivel here) does not like it. Rivel decides that you would buy from them if they put a virus on all rivel systems deleting everything.

I do not trust the Government. You know who I trust less? AntiSec and their buddies. Their vigilantism would be one thing, but releasing the data for anyone (including criminals) to access it. Dangerous and reckless.

Xan Krieger:
FBI had no need for that info in the first place. They deserve to be hacked and I will continue to laugh at them. Good job Antisec.

NO. AntiSec released the info, now any criminal has that data.

FBI did not need it. If AntiSec had not released it, I might have agreed. BUT NOW THE GANGS HAVE THAT DATA BECAUSE OF AntiSec. The gangs that are doing less violent crime because it is more profitable, and you do less jail if caught, for computer and ID theft. As far as I am concerned AntiSec is aiding and abiding.

Gilhelmi:

Xan Krieger:
FBI had no need for that info in the first place. They deserve to be hacked and I will continue to laugh at them. Good job Antisec.

NO. AntiSec released the info, now any criminal has that data.

FBI did not need it. If AntiSec had not released it, I might have agreed. BUT NOW THE GANGS HAVE THAT DATA BECAUSE OF AntiSec. The gangs that are doing less violent crime because it is more profitable, and you do less jail if caught, for computer and ID theft. As far as I am concerned AntiSec is aiding and abiding.

So it goes from one group of bad guys (the FBI) to another (gangs), it's all the same and we're screwed either way.

I love these hacker groups that go around showing up the FBI and suchlike. Its funny seeing an agency famed for its security and discretion infiltrated by some sad buggers in their moms basement. And Apple amusingly not having anything in their user agreements listing a government surveillance program.

Was this info from the time that Apple got in trouble with the SEC and the FBI investigated this some years back and as such Apple had to give all information in regards to the financials and product line in regards to the subpena they had?

Sounds like the US and China have a race about who reaches 1984 first.
Then again, time travel doesn't work that way, and people don't either.
but it's nothing new that the US government is obviously insane.

captcha: "chuck norris"
...which reminds me that the fucker *ahem* he took Romney's side. Well, all heroes die somewhen.
: D

Gilhelmi:

I do not trust the Government. You know who I trust less? AntiSec and their buddies. Their vigilantism would be one thing, but releasing the data for anyone (including criminals) to access it. Dangerous and reckless.

Download links to 1,000,001 of the stolen UDIDs, along with decryption instructions, are provided later in the post. "we decided a million would be enough to release. we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." the statement continues. "not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset."

I'm not saying you should trust them, I'm just saying you should read before you react.

Spoilers: The Federal Bureau of Information gathers and stores information. Shocker.

Also, the FBI is denying AntiSec's claim. http://www.wired.com/threatlevel/2012/09/fbi-says-laptop-wasnt-hacked-never-possessed-file-of-apple-device-ids/

...... So people have no problem with private corporations storing large chunks of their personal data, but they do have a problem with the government having information they could have just gotten off your tax return anyway?

smudgey:
...... So people have no problem with private corporations storing large chunks of their personal data, but they do have a problem with the government having information they could have just gotten off your tax return anyway?

Apparently. To stop the government from getting details about my address and phone number, I've taken to burning every phone book I can find. Wait, they have those online now? My god...

For the record, it's possible for the FBI to get UDIDs from sources other than Apple itself. The UDID of a device is accessible by any app running on your iPhone. It's part of the SDK that's exposed to developers:

http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html

So an app that you install on your phone can get the UDID off your phone, and then report that to a server somewhere. There's also plenty of personal information that users put on their iPhones, so it's possible that database of information is info that some app collected and sent "home", rather than data that the feds got directly from Apple.

If that's the case, it's an open question what app(s) did this. 12 million people didn't install the "FBI Share" iPhone app. Maybe the FBI bought it off some company, or got it off the black market, or have some traffic sniffers that try to pick up that information passing through the networks. There's still plenty to be concerned about here, and I hope we learn more.

Gilhelmi:

Xan Krieger:
FBI had no need for that info in the first place. They deserve to be hacked and I will continue to laugh at them. Good job Antisec.

NO. AntiSec released the info, now any criminal has that data.

FBI did not need it. If AntiSec had not released it, I might have agreed. BUT NOW THE GANGS HAVE THAT DATA BECAUSE OF AntiSec. The gangs that are doing less violent crime because it is more profitable, and you do less jail if caught, for computer and ID theft. As far as I am concerned AntiSec is aiding and abiding.

Did you even read the article? They chopped out all information that could cause harm and only released the IDs so people could see if they are being tracked.

No one can do anything with your ID if they don't have the rest of your credentials. Your incessant rage is blinding your ability to view and assess the situation.

This is why I'm glad to have an Android device. Yes, I'm aware of the 700% increase of malware article, I'm just not stupid enough to download and install a program I'm not certain is free of malware. I feel bad for the people whose information was stolen by the FBI, there is no excuse for such an invasion of privacy.

Lvl 64 Klutz:
Who. The hell. CARES!?

I'm tired of hearing all this "Boohoo! The government is spying on us!" BS when it doesn't actually mean anything. The FBI probably has access to them so they can more easily catch major criminals. Unless you're convinced the government is using them to brainwash us (and if you do, the government should be the least of your concerns) then I don't see how "outing" the FBI for this has accomplished anything but painted targets on the backs of anyone who participated in this.

You can't get much more naive than thinking you have complete privacy on any device with access to the internet.

History (and even recent events) tell us that everyone with a working brain should "care".

One need only look back ~25-30 years to the former Eastern Block and what happened with people speaking out against certain dictators still in power or Germany and the STASI.

Even today one needs only look over a few borders to the Iran or Syria to see how they employ spying technology to hunt down bloggers and activists using tools like Facebook or Twitter or certain brands of Hardware that are critical against the reigning regimes or are calling for/participating in protests or similar.

Not that the US, land of the free with some of their off-shore prisons and other antics aren't trying: http://www.democracynow.org/2012/4/20/exclusive_national_security_agency_whistleblower_william

The intelligence agencies of the past would have had wet dreams about this sort of surveillance.

Another great read about the "I've got nothing to hide" fallacy is this paper and the arguments therein: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here