September 04, 2012

Anonymous group leaks 1m Apple IDs from FBI laptop

In another brazen attack, the Anonymous-connected AntiSec hacking group has published one million Apple unique device identifier numbers, or UDIDs, which it claimed it lifted from a file on an FBI laptop.

UDIDs consist of a combination of unique numbers and letters, which allows Apple and app developers to identify or track devices that run on the iOS platform, like iPhones and iPads.

On Sunday, the hacktivists posted a message taking responsibility for the breach, saying they stole a list of more than 12 million Apple iOS devices, which included UDIDs and Apple Push Notification (APN) Service tokens, from the Dell Vostro notebook belonging to Special Agent Christopher Stangl.

In addition, the intruders said they removed personal information of users, including addresses, cell phone numbers, ZIP codes and other details. Anonymous said it “trimmed out” that information, and that the one million UDIDs and APNS tokens “would be enough to release.”

In the message, Anonymous said Stangl, ironically, works in the FBI's New York office as a cyber investigator. His laptop was raided in March thanks to a Java exploit, which allegedly led to the Apple UDID leak, the hackers said.

Anonymous said it exposed the information because the public should be suspicious as to why the FBI is maintaining a massive collection of private data that can be used to track people.

“Even in this case we will probably see their damage control teams going hard lobbying media with bull**** to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it,” the group wrote in a message, which was posted to document site Pastebin.

On Tuesday afternoon EST, the FBI emailed a statement to SCMagazine.com regarding the claims by Anonymous. The agency said that at present, there is no evidence that the FBI requested or received Apple UDIDs or that an agent's laptop was hacked.

“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the statement said. "At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

On the claimed leak, Anonymous said that considering Apple may be seeking an alternative to UDIDs, now was a suitable time to release the information. An Apple rep did not return an email seeking comment.
Page 1 of 2
Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.