Hackers from AntiSec have leaked leaked 1,000,001 Apple Unique Device Identifies (UDIDs) that are allegedly taken from a hacked FBI laptop that held over 12 million Apple device IDs and personal information.
Hackers from AntiSec released a lengthy statement on why they initiated this hack and how the data was obtained. Here’s a tidbit of what they wrote:
[quote]During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of the with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.”[/quote]
If this leak is legitimate, it’s unclear how or why the FBI secured the Apple UDIDs, but AntiSec didn’t hesitate to share its own theory that the FBI is using data to track citizens : “‘Fucking FBI is using your device info for a tracking people project or some shit’ well at least it seems our best bet.”
AntiSec noted that the UDIDs had varying amounts of personal data, some only with basic personal information and others more detailed with full names and addresses. When the hackers released the one million UDIDs, it took out any identifying data but left the Apple Device ID, Apple Push Notification Service DevToken, Device Name and Device Type data so that users could “look if their devices are listed there or not.”
While some of the information provided in the leaked data are often available to iOS app developers as a requirement for Push Notifications, any private user data like phone numbers and addresses are usually blocked.
AntiSec noted that it will not provide any further statement on the matter until a strange request is fulfilled. That request? To have a Gawker staff writer dressed in a tutu and featured on the company’s homepage. Sounds like something right up Gawker’s alley.
Source: AntiSec via Hacker News
Image Credit: Security Blog
Comments are closed.