[ISN] AntiSec claims to have snatched 12M Apple device IDs from FBI

From: InfoSec News <alerts_at_private>
Date: Tue, 4 Sep 2012 05:20:30 -0500 (CDT)
http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/

By Steven Musil
CNET News
Security & Privacy
September 3, 2012

An online hacker group associated with Anonymous claims to have posted 1 
million Apple Unique Device Identifiers (UDIDs) by breaching FBI 
security.

UDIDs are the unique string of numbers that individually identifies each 
iOS device and formerly used by developers to track their app 
installations across Apple's user base.

In all, AntiSec claims to have obtained more than 12 million UDIDs, 
including user names, addresses, and notification tokens from a laptop 
used by an FBI agent. In a missive posted to Pastebin, the hacking group 
explains how it obtained the data from an FBI agent's laptop:

     During the second week of March 2012, a Dell Vostro notebook, used
     by Supervisor Special Agent Christopher K. Stangl from FBI
     Regional Cyber Action Team and New York FBI Office Evidence Response
     Team was breached using the AtomicReferenceArray vulnerability on
     Java, during the shell session some files were downloaded from his
     Desktop folder one of them with the name of
     "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232
     Apple iOS devices including Unique Device Identifiers (UDID), user
     names, name of device, type of device, Apple Push Notification
     Service tokens, zipcodes, cellphone numbers, addresses, etc. the
     personal details fields referring to people appears many times
     empty leaving the whole list incompleted on many parts. no other
     file on the same folder makes mention about this list or its
     purpose.

Although Apple has already said it would begin restricting developer 
access to the identifiers, the Pastebin post says the group posted the 
data out of suspicion the FBI was using the UDIDs for nefarious 
purposes, such has people tracking, as well as to protest the use of 
UDIDs in general.

[...]
Received on Tue Sep 04 2012 - 03:20:30 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 04 2012 - 03:21:15 PDT