Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,194
30,135



fbi.jpg


Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file found on an FBI laptop back in March.
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.

The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone") and Device Type (e.g. "iPhone"). MacRumors has been able to confirm that the UDIDs appear to be legitimate.

The source of the data is not entirely clear, though the type of data is typical for the kind of information an iOS app developer would collect to deliver push notifications to users. It seems an App developer or developers are the original likely source of the information, though no specific information is yet available. Right now there's no easy way to determine if your device's UDID was included in the list, beyond downloading the list yourself.

The actual implications of the leak, even if your UDID is found, aren't entirely clear. The UDIDs themselves are rather harmless in isolation. Apple has previously come under fire for the use of these globally identifying ids. The privacy risks, however, typically come from these ids being used across ad networks and apps to piece together a more complete picture of activity and interests of the user. But it was reported back in 2011 that by leveraging existing networks, information and even login access can be obtained from UDIDs. It's not yet clear if the released push tokens can be used in any manner.

Article Link: Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop
 

ChazUK

macrumors 603
Feb 3, 2008
5,393
25
Essex (UK)
to journalists: no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go.
(and there you ll get your desired pageviews number too) Until that happens,
this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

WAT? :confused:
 

Geckotek

macrumors G3
Jul 22, 2008
8,767
308
NYC
Why the hell does the FBI need that information? And why was the damn laptop not encrypted?
 

Bevz

macrumors 6502a
Oct 23, 2007
816
137
UK
Good grief! Do they just collect stuff like this "just for the hell of it"?
Im guessing they consider iphone users to be some kind of threat! Lol
 

hchung

macrumors 6502a
Oct 2, 2008
689
1
Why the hell does the FBI need that information? And why was the damn laptop not encrypted?

The laptop probably was encrypted, but encryption doesn't protect you from an exploit that occurs while your computer's running.

Why? Because when you're using the computer, the decryption keys are already there. (otherwise your computer wouldn't be running; can't boot an encrypted laptop without providing the keys)
 

MattInOz

macrumors 68030
Jan 19, 2006
2,760
0
Sydney
I thought the FBI used MacBookPro for laptops and secured them with their own very handy Security guide.

Why where they using a Dell if it couldn't be secured to the same standard?
 

ibnsina

macrumors newbie
Dec 8, 2011
7
0
Ncfta

http://www.ncfta.net/about-ncfta.aspx

"The NCFTA, a non-profit corporation, evolved from one of the nation’s first High Tech Task Forces and, since 1997, has established an expansive alliance between subject matter experts (SMEs) in the public and private sectors (more than 500 worldwide) with the goal of addressing complex and often internationally-spawned cyber crimes. These SMEs, from industry, academia and government, each bring specific talents and experiences to the partnership. Through a steady cycling of such cross-sector national and international resources, both embedded at the NCFTA and through initiative-specific intelligence channels, the NCFTA is well positioned to adapt and regularly reinvent itself to better address today’s evolving threat landscape."

Sure... whatever you say...:mad:
 

jian

macrumors regular
Dec 5, 2008
221
2
San Francisco
Sure I am not happy with how my information is collected, but I understand it, and that's the type of problem that I would just suck it up.
Think about this, those who complain about what does the govnt do with the info, what do you think? they gonna arrest you and sell you to Europe for slave? No, it serves the same function as community security cameras. You are not watched (not entirely true I know, sure), it is really the COMMUNITY that's being watched. There are over 1m UDIDs, do you really think they want to track you (as an individual?) I know if I work for the FBI, I wouldn't have time to do that...

oh well, that's my opinion and I hate talking about politics.

BTW, perhaps only iOS UDIDs are discovered, and Android and WM8 equivalent is still securely stored on another laptop. LOL
 

jctevere

macrumors 6502
Feb 7, 2009
277
26
I'm guessing that the hackers most likely have the personal information, even though the 1 million of 12 million they obtained had it stripped. They will most likely sell this information to telemarketers and/or various companies for a considerable amount of money. Pretty good leads too, since most iPhone/iPod owners are "qualified" as they are expensive phones and music devices.

At the worst, perhaps they could access your itunes account; but I doubt that. Depends on exactly what information the FBI had tied to those UDIDs. My guess is that since it was 12 million, which is less than 5% of all iOS devices sold, they were obtained for a specific reason - such as UDID's linked to suspicious activity and/or searches.

Personally, I wouldn't worry much about this. But it will be interesting to see exactly what implications there are, and the official story from both the FBI and Apple on why they had this information and how they might hope to prevent the hackers from obtaining future information.
 

Geckotek

macrumors G3
Jul 22, 2008
8,767
308
NYC
The laptop probably was encrypted, but encryption doesn't protect you from an exploit that occurs while your computer's running.

Why? Because when you're using the computer, the decryption keys are already there. (otherwise your computer wouldn't be running; can't boot an encrypted laptop without providing the keys)

Yeah, I know this. Didn't read the full article until after my post. :eek:
 

jav6454

macrumors Core
Nov 14, 2007
22,303
6,256
1 Geostationary Tower Plaza
Oh Lawdy....

Jokes aside, it's time to check and see if my device is in those 1M released... and then pray its their and not leave me hanging if it is in the other 11M still not released.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.