September 04, 2012
AntiSec leaks 1,000,001 Apple UDIDs From A Hacked FBI Laptop

Hows this for starting the news cyle for the new school year with a bang? Ok, so what seems like has happened. FBI has a huge list of Apple iPhone UDID (unique phone identifiers) along with names, device types, and other personal identifiable information. FBI has this on a laptop. Hacker hacks into laptop and retrieves said information. Anonymous then leaks this information to the web.

Hacker news has the story: AntiSec leaks 1,000,001 Apple UDIDs, Device Names/Types, along with others.

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTAiOSdevices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Obviously a few questions come up. Why does the FBI have this information? Where did it come from? What (if any) connection does Apple have? Is it legit? Does this mean that the FBI is actively tracking users, or just gathering device information? Are these American citizens, non-Americans, or maybe just racially profiled iPhone users?

It’ll be interesting for sure.

Update: Marco links to more information including a potential cause for the leak.

Posted by Arcterex at September 04, 2012 10:08 AM