Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop [updated], page 1


Pages: <<  1    2  >>
ATS Members have flagged this thread 23 times
Topic started on 4-9-2012 @ 09:55 AM by Maxmars

Hackers leak 1M iOS device IDs supposedly taken from FBI agent's laptop



appleinsider

Hackers from AntiSec on Tuesday claim to have leaked 1,000,001 iPhone and iPad identifiers the group allegedly obtained from a hacked FBI laptop holding over 12 million such Apple device IDs and corresponding personal information.

From AntiSec's post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached ....
(visit the link for the full news article)


Related News Links:
pastebin
thenextweb

edit on 4-9-2012 by Maxmars because: (no reason given)
edit on 4-9-2012 by Maxmars because: (no reason given)
edit on 5-9-2012 by Maxmars because: (no reason given)



reply posted on 4-9-2012 @ 09:55 AM by Maxmars
I expect that the significance of these almost back-to-back security breaches will prompt some kind of official response... although it seems like Americans are far too enthralled by the political theater to pay any mind to this growing trend.

According to AntiSec, the unique device identifiers (UDID) of 12,367,232 Apple iPhones and iPads were discovered and lifted during the breach of an FBI agent's notebook, reports The Next Web. UDIDs are unique 40-character codes assigned to iDevices with cellular connectivity, their primary use being app registration and tracking by developers.


Now Apple will likely follow the standard Madison Avenue PR strategy of downplaying the matter, insisting that since they have previously issued statements about not using these identifiers. And the media will not report it past any specialized narrowly-channeled venues.

But the FBI was keeping track of how many identifiable devices? really? I wonder what the warrant with that list looked like? ... Oh wait.... no warrants needed since the agent may have signed it himself. And is anyone liable for the "leak?" - oh wait - no....

In closing, the reason that all government protected data ends up in corporate hands is....?

Here's the salient AntiSec post:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.


appleinsider
(visit the link for the full news article)
edit on 4-9-2012 by Maxmars because: (no reason given)



reply posted on 4-9-2012 @ 10:33 AM by Praetorius
reply to post by thisguyrighthere
TWELVE-plus million, actually - at least in just this one file. Anonymous was kind enough to only release one million.

I can see no good reason for an FBI agent to have this. Then again, I can see no good reason for various government entities to track ALL our communications and interaction, regardless of medium, all the time.

But I know they do, anyway.


reply posted on 4-9-2012 @ 12:42 PM by Maxmars
reply to post by dainoyfb


Well the named agent (poor fellow) has some serious 'splaining to do!

I can't help but wonder why - after Apple publicly announced it was rejecting applications that used the identifier codes (due to congressional inquiries about the disposition of personal information) the FBI would amass all those numbers? Perhaps they would represent a way of white-hat hacking into suspects devices; or at least tracking them....

... but that raises the question (as was so sharply noted above) when did the list of 'suspects' rise to 12 million and how is it that they are all Apple device users?


reply posted on 4-9-2012 @ 01:17 PM by eazyriderl_l
reply to post by bigfatfurrytexan


I might try backtrack linux, unless your talking mobile. I dont know much about this as i am just becoming involved in trying to secure my digital self. And the only way the cave will work is if you are the only one who knows where it is and no one is looking for you.


reply posted on 4-9-2012 @ 02:27 PM by azureskys
www.appleinsider.com...
Text
Apple recently began taking steps to block UDID app access amid increased scrutiny of privacy practices from both consumers and the government. In August 2011, the company warned developers that it would be ending UDID access with iOS 5, effectively ending an easy solution to OS-wide user tracking.





www.appleinsider.com...

As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.

A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.




reply posted on 4-9-2012 @ 05:15 PM by Sublimecraft
reply to post by Maxmars


The introduction of the Apple iphone was a vast experiment in individual tracking technology from the very start - this latest news only verifies what law enforcement has had at their disposal for years now.

Ask yourself - why does the iphone it have a built-in battery for instance - the answer may surprise most people:-

Even if a cell phone is completely turned off, law enforcement authorities can still listen in on the conversations that a suspect is having. All that is necessary is for the battery to still be in the cell phone.

According to CNET News, the FBI can remotely activate the microphone on your cell phone and listen to whatever you are saying.... The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. When you make a telephone call, it is never private. The reality is that the NSA has been monitoring all phone calls for years and years. According to USA Today, the NSA intends "to create a database of every call ever made"....

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.The American Dream............


Similar but limited tracking technology such as Spy Bubble allows for individuals to track their "cheating partners' every move" including remote downloads of SMS messages, emails and recorded conversations.

Being ex-law enforcement and still having access to individuals within the service, take the following story as personal testimony.

A friend whom is in the upper echelons of the legal game and I regularly meet to discuss topics of mutual interest. This individual will simply refuse to even utter a word unless both our phone(s) are at least 30m away - preferably housed within a sealed compartment. This individual is by no means a conspiracy minded individual but is ACUTELY aware of the remote tracking and microphone activation technology available - because this individual uses the same technology on others as deemed necessary and it does not matter if your phone is on or off or even if your battery is dead - as long as it is in the phone!

Just remember, that little chip in your passport, for instance, holds a vast amount of data, requires no power source and can be scanned from a distance - what then do you suppose your phone can hold by way of data - to be accessed remotely - and even if the battery is dead now remember that it was at one stage fully charged up!!!

Don't be fooled by the Government having your ID numbers on hand - that is a drop in the ocean compared to what they already have access to..................




edit on 4-9-2012 by Sublimecraft because: (no reason given)



reply posted on 4-9-2012 @ 06:06 PM by davespanners
reply to post by trekwebmaster


All those things confuse me too, lots of "normal" people have better security on their home machines then this fbi lap top apparently
I guess gross incompetence and complacency could account for it or do you think theres something else going on?
edit on 4-9-2012 by davespanners because: (no reason given)



reply posted on 4-9-2012 @ 06:50 PM by SilentNoise
reply to post by trekwebmaster

Since i deal with these types of people i can give you a few pointers.

The csv extension means it's more than likely from a database, whether it be mainframe, sql, oracle etc. So it's being stored somewhere and it's being updated with people's info.

The reason it exists at all means one of 2 things. He either needs access to the data in the field/offline or he was trying to do something with the data. Since it wasn't being referenced anywhere else I'm guessing it's the first reason.

I think it's required for all federal laptops to have encrypted hard drives, but that means nothing when he's already logged onto the operating system and you have access through security holes in software.
edit on 4-9-2012 by SilentNoise because: grammar



reply posted on 4-9-2012 @ 06:52 PM by randomname
reply to post by Praetorius


it is reason the internet was devised, facebook started up, twitter imagined and smart phones pushed over regular cell phones.

so its not hard to imagine when your perspective is that of the forces that try to rule the world and not the naive and ignorant consumer who has been conditioned to not question people whose motives are unclear.

edit on 4-9-2012 by randomname because: (no reason given)



reply posted on 4-9-2012 @ 08:48 PM by fictitious
reply to post by Maxmars


This is absolutely hilarious to me. So ironic and for a good purpose. We need more of is. We need to stand up and take back what's ours. Freedom. Liberty.


reply posted on 4-9-2012 @ 09:43 PM by trekwebmaster
reply to post by davespanners


Well we are all human too, but things like this do happen...unfortunately, you'd think this would be a positive example for support for "cloud" computing...sometime I think keeping up with security is a catch-22 situation...it changes so rapidly...
Pages: <<  1    2  >>    ^^TOP^^



Israel angered over IAEA vote on nuclear arsenal
  Posted 13 days ago with 79 member flags
Neil Armstrong dead at age 82 - report
  Posted 17 days ago with 63 member flags
Judge orders release of detained Marine veteran
  Posted 19 days ago with 58 member flags
Birds hold \'funerals\' for dead
  Posted 10 days ago with 55 member flags
TSA agents swarm Ron Paul\'s plane, demand explosives check
  Posted 11 days ago with 47 member flags
Mysterious Changes in Ocean Salt Spur NASA Expedition
  Posted 1 days ago with 36 member flags
Ga. Murder Case Uncovers Terror Plot by Soldiers
  Posted 15 days ago with 32 member flags