Hackers steal details of a MILLION Apple users… but why did the FBI have the information anyway?: Includes FBI’s response below in Post

Read Time:5 Minute, 31 Second

  • Questions  raised over why the FBI had the data, which is believed to include user names,  device names and phone numbers

  • Antisec  group claims to have over 12 million IDs – but has not released the most  personal data

By Mark Prigg

PUBLISHED:06:02 EST, 4  September 2012| UPDATED:13:42 EST, 4 September 2012

The FBI was today at the centre of a massive  privacy row after hackers claimed to have obtained details of over 12 million  Apple users from an agent’s laptop.

Hackers released more than a million Apple  device IDs obtained from the laptop of an FBI employee.

The AntiSec hacking group claims to have over  12 million IDs, known as Unique Device Identifiers, in total – as well as  personal information such as user names, device names, notification tokens, cell  phone numbers and addresses.

It has released a million of them online –  but has removed the most personal data.

Have claim to have obtained more than 12 million ID codes Apple uses to identify its gadgets, along with user names and password. The FBI was today facing major questions over why it held the data.Have claim to have obtained more than 12 million ID  codes Apple uses to identify its gadgets, along with user names and password.  The FBI was today facing major questions over why it held the data.

The hackers today issued a statement saying:  ‘During the second week of March 2012, a Dell Vostro notebook, used by  Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action  Team and New York FBI Office Evidence Response Team was breached using the  AtomicReferenceArray vulnerability on Java.

‘During the shell session some files were  downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS  devices including Unique Device Identifiers (UDID), user names, name of device,  type of device, Apple Push Notification Service tokens, zipcodes, cellphone  numbers, addresses, etc.

‘The personal details fields referring to  people appears many times empty leaving the whole list incompleted on many  parts.

‘No other file on the same folder makes  mention about this list or its purpose.

It is believed the group published the  numbers as it believes the FBI was using the details to track people.

However, before releasing the data, the group  removed most of the personal details.

Graham Cluley of computer security firm  Sophos believes the FBI now has serious questions to answer.

‘Hacktivists are out to embarrass  organisations, and it would appear the FBI were lax in storage of  data.

‘However, we have to be grateful they haven’t  published more personal information and held back data.

‘I’m not sure that there is much harm in the  data they have released in  isolation, but questions have to be asked as to why  the FBI had this  information in the first place, and what they were planning to  do with  it.’

The move comes as Apple is believed to be putting the finishing touches to a launch event for a new version of its iPhoneThe move comes as Apple is believed to be putting the  finishing touches to a launch event for a new version of its iPhone

The Antisec group has made the files freely  available online.

‘There you have 1,000,001 Apple Devices UDIDs  linking to their users and their APNS tokens,’ it said.

‘The original file contained around  12,000,000 devices. we decided a million would be enough to release.

‘We trimmed out other personal data as, full  names, cell numbers, addresses, zipcodes, etc.

‘Not all devices have the same amount of  personal data linked, some devices contained lot of info, others no more than  zipcodes or almost anything.

‘We left those main columns we consider  enough to help a significant amount of users to look if their devices are listed  there or not. the DevTokens are included for those mobile hackers who could  figure out some use from the dataset.’

The group also defended its decision to  release the data.

‘well we have learnt it seems quite clear  nobody pays attention if you just come and say ‘hey, FBI is using your device  details and info.

‘So without even being sure if the current  choice will guarantee that people will pay attention to this.

Read more: http://www.dailymail.co.uk/sciencetech/article-2198067/Hackers-post-details-MILLION-Apple-ID-codes-claim-taken-FBI.html#ixzz25ZJV4sfb

AntiSec hacking group did not obtained Apple IDs from federal laptop, says FBI

Group said it found over 12m Apple IDs on agent’s computer, but FBI says it has no knowledge of any data breach

in NewYork guardian.co.uk,             Wednesday 5 September 2012 03.25 EDT

An iPhone 4S

Hacking group AntiSec said it believed the FBI is using Apple IDs to track people. Photograph: Suzanne Plunkett/Reuters

The FBI has denied claims by a hacking group that says it obtained details of more than 12m Apple IDs from the laptop of a federal agent.

The group, called AntiSec, said it found 12.36m IDs on the laptop and was making some details public in order to draw attention the the FBI’s activities.

In a statement, the group predicted the FBI would deny the breach. “Seems quite clear nobody pays attention if you just come and say ‘Hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that,’ well sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed.”

The group said it believed the FBI was using the IDs to track people.

The FBI released a statement late on Monday, which said: “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

Apple did not return calls for comment.

According to the group the UDIDs (unique device IDs) were stored in a file named NCFTA_iOS_devices_intel.csv. NCFTA stands for National Cyber-Forensics & Training Alliance and is an alliance between businesses, academics and law enforcements aimed at cracking down on cybercrime.

Marco Arment, creator of the Instapaper app, said in a blogpost that the information could have come from an app and not necessarily from Apple.

“All of this information could have been collected from an app transmitting data to a server. For instance, this is exactly the information that an ad network would want to collect. And in order to get stats from 12 million devices, it would probably need to be from a set of popular, free apps … where you’d probably see ads,” he wrote


Categories: Health Technology News

Tags: , , , , , , ,

Average Rating

5 Star
4 Star
3 Star
2 Star
1 Star
%d bloggers like this: