dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3929
share rss forum feed


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14

1 million Ipad & Iphone records stolen from feds & posted

quote:
Hackers have dumped online the unique identification codes for one million Apple iPhones and iPads allegedly lifted from an FBI agent's laptop. The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices.

The 20-byte ID codes were, we're told, copied from a file extracted from the Dell notebook of a senior federal agent, who was tracking the activities of hacktivists in LulzSec, Anonymous and related groups.
quote:
The AntiSec activists behind this week's leak suggest the device info data was used as part of some FBI tracking project involving iOS devices, such as iPhones.
»www.theregister.co.uk/2012/09/04···op_hack/


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by fatness:

quote:
The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices.

I'm sure they have info from Android devices as well.

I wouldn't be surprised if they've written their own apps.

»Smartphone apps track users even when shut down

Money for nothing. Chicks Personal data for free.
(With apologies to Dire Straits)
--
Don't feed trolls--it only makes them grow!


mackey
Premium
join:2007-08-20
kudos:11
reply to fatness

They also included a nice little rant in addition to the numbers »pastebin.com/nfVT7b0Z

/M



fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to fatness

quote:
Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed “more than ever.” Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 million unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl’s own laptop.
quote:
The incident raises many questions, not only about the security of federal devices, but of why an agent might have (allegedly) been carrying a database of Apple UDIDs, which the hackers said also contained “user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.” of iPhone and iPad users. They claim to have stripped this information for publication.
»www.forbes.com/sites/parmyolson/···-claims/


FF4m3

@bhn.net

From your link:

If you own an Apple mobile device and are wondering if it got caught up in the UDID dump, TheNextWeb has set up a web tool that lets you type in your device number to check. They also promise to not store your identifier. Here’s how how you can look it up in iTunes.


mackey
Premium
join:2007-08-20
kudos:11

said by FF4m3 :

If you own an Apple mobile device and are wondering if it got caught up in the UDID dump, TheNextWeb has set up a web tool that lets you type in your device number to check. They also promise to not store your identifier.

While you're at it, you should probably check if your credit card is stolen too.

Remember,
quote:
UDIDs are unique to each iPhone and iPad, [so] having yours end up in the wrong hands is a concern.
So feel free to punch yours into some dude's unencrypted web form.



/M


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

1 recommendation

reply to fatness

OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data? Is Apple swapping bogus patent approvals for trackable user data or how closely is Apple in with the Fedz as 12 million devices sounds a little over the top? Are all 12 million devices in the US or are they world wide? So many questions about the the fedz, the data and Apple here (where else would someone get these from?).

Of course how do you validate that this information is real, as its no problem to generate a million random UDIDs that look legit and no doubt if they were totally random, in a million there are likely going to be at least a few which are by fluke real. Are the fedz going to owe up to this or deny it, and if they deny it, is that a real denial or just a cover denial?

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



mackey
Premium
join:2007-08-20
kudos:11

1 edit

said by Link Logger:

OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data? Is Apple swapping bogus patent approvals for trackable user data or how closely is Apple in with the Fedz as 12 million devices sounds a little over the top?

And THAT is the $1,000,001 question.

said by Link Logger:

Are all 12 million devices in the US or are they world wide?

As there are more then a few foreign names listed (UTF-8 and all) I suspect it's world wide.

Edit to add. After my post below I started looking for other phone numbers and found 050-4048xxx - Google returns a hit for the name and number for a guy in Israel.

/M


mackey
Premium
join:2007-08-20
kudos:11
reply to Link Logger

said by Link Logger:

Of course how do you validate that this information is real, as its no problem to generate a million random UDIDs that look legit and no doubt if they were totally random, in a million there are likely going to be at least a few which are by fluke real. Are the fedz going to owe up to this or deny it, and if they deny it, is that a real denial or just a cover denial?

Heh, I was flipping through the dump and noticed this:
quote:
Adan Axxxxxxxxx’s iPhone, call 3104194xxx if lost
(The x's are mine, the dump has the full name and number)
So yeah, shouldn't be too hard to verify this.

Edit to add: I just Google'd the number and although the first name is different, the last names match. So yeah, it's either an elaborate hoax or the dump's real.

/M


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to fatness

Just fishing for fun

»news.ycombinator.com/item?id=4473329



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to fatness

The buzz on Twitter is the FBI is going to release a statement shortly.



MagnusM
Premium
join:2001-07-07

2 recommendations

reply to fatness

So why does the FBI have access to millions of Apple IDs? And how did they get them? I'm thinking it would pretty much have to be Apple who handed it to them. Someone in Apple's PR department is probably sweating right now.
--
Mischel Internet Security - Developer of TrojanHunter (@mmischel on Twitter)



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to mackey

said by mackey:

As there are more then a few foreign names listed (UTF-8 and all) I suspect it's world wide.

Edit to add. After my post below I started looking for other phone numbers and found 050-4048xxx - Google returns a hit for the name and number for a guy in Israel.

/M

OK so why is the FBI tracking some dude in Israel?

This might be one of those moments when your really, really happy that you don't own an iOS device (or should that be a Fedz tracking device).

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


pcdebb
RIP lil hurricane
Premium
join:2000-12-03
Brandon, FL
kudos:5
reply to fatness

On the surface this sounds kinda scary

And I know someone on this site is gonna LOVE this!
--
| map your city |



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to fatness

I seem to remember a number of years ago when it was determined that Intel/Microsoft were starting to put some kind of unique identifier into PCs/chipsets that would be externally accessible... the cries of outrage from privacy-conscious users apparently ended that initiative, but not before the folks raising complaints were ridiculed by many observers for being over-reacting, tin-foil-hat privacy extremists. Today unique IDs are inherently included in a variety of handheld devices from inception, and - surprise, surprise - a comprehensive listing of such IDs (along with correlated user data) ends up in the hands of the Feds. If PCs had incorporated such IDs as earlier planned, one could bet their bottom dollar that every computer ID and associated user data would long ago have been in the possession of 3-letter Federal agencies.

And if the allegations are accurate about the data having been stolen from a compromised Fed computer, it demonstrates (yet again) that the Federal government is a lousy custodian of citizens' critical personal data. That data, being on an Internet-accessible laptop computer system and not on a limited-access, "isolated" system, shows the cavalier security attitude the Feds have about "other people's data".
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775



fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to Link Logger

said by Link Logger:

OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data?

I'd like to know that, and what degree of cooperation there was from Apple, and what the information was used for.

Given that the feds and Apple both closely resemble a small family business where honesty is a core value, I'm sure we'll find out in no time.

The sad thing is, we're more likely to find those things out from the hackers.
--
my pants are parched and thirsty


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by fatness:

Given that the feds and Apple both closely resemble a small family business where honesty is a core value, I'm sure we'll find out in no time.

I hope that was sarcasm.
--
Don't feed trolls--it only makes them grow!


norwegian
Premium
join:2005-02-15
Outback
reply to fatness

Why would you doubt something like this?

Whether this story is correct or not, we have personal electronic toys with geo-locating technologies, unique Identifier's wireless all bundled into 1 small package walking with us everywhere; I know a lot of you think that sort of thought is too "movie orientated", but is it. Those movies with fantastic gadgets are us now. Why is a standard phone coming out with wireless, geo-locating and unique identifiers all in one.

I've seen no general discussion anywhere about the implications as such, I know Epirb's have similar items for helping locate distress beacons, then why wouldn't there be a satellite using similar type methods for these incorporated in ipods, iphones or anything else similar.......crikey, stick to your computer rooms in your basement if you can not believe this possible, the outside world may scare you too much.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to siljaline

Statement on Alleged Compromise of FBI Laptop
Washington, D.C.
September 04, 2012

FBI National Press Office
(202) 324-3691
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

»www.fbi.gov/news/pressrel/press-···i-laptop
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Well when the gummint categorically denies something three times you know it's true

Sorta like waving your finger and saying

quote:
I did NOT have sex with THAT woman!

Technically true but not the full story...

--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to fatness

FinSpy Mobile: iOS and Apple UDID leak

»blog.crowdstrike.com/2012/09/fin···eak.html



Jet
Premium
join:2002-01-03
reply to fatness

Way to go hackers! Sometimes the Committees and Hearings don't get results. The NSA has been jerking the Senate and the EFF around for some time now on this very issue. It is good to see other avenues being exploited to prove the actions of the what seems untouchable NSA.

Jet

Expand your moderator at work


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Re: 1 million Ipad & Iphone records stolen from feds & posted

Here is the second finger..

On Twitter, the FBI was even more blunt:

Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

Of course, tinfoil-hatters will remind the world “they would say that, wouldn’t they?”, but it’s now over to AntiSec to back its claim.

Meanwhile, trawling the database of UUIDs, Cultofmac is making the extraordinary and probably unprovable claim that President Obama's UUID is among those on the list leaked by AntiSec.

That claim comes from a PasteHTML search on the UUIDs (which page, by the way, allows anyone to check if their UUID was leaked). Exactly how the search conclusively ties the named device to the Leader of the Free World isn't exactly clear to El Reg.

»www.theregister.co.uk/2012/09/04···_claims/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
reply to Name Game

Deny, Deny, Deny!



fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to fatness

quote:
The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”
quote:
But the FBI disputes this. The FBI did not say whether the NCFTA, which was allegedly referred to in the file name the hackers obtained, possessed the data.

NCFTA refers to the National Cyber Forensics and Training Alliance. The NCFTA is a non-profit that was founded in 1997 by FBI agent Dan Larkin as a conduit between private industry and law enforcement agencies to help them exchange data and cooperate on cases. The organization’s members include financial institutions, telecommunications firms, ISPs, and other private industries.

The NCFTA did not respond to a call seeking comment.
»www.wired.com/threatlevel/2012/0···ice-ids/
--
my pants are parched and thirsty


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Name Game

FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs

quote:
The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.

The FBI also said it did not possess a file containing the data the hackers said they stole.

In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
--
siljaline

Here at Mountain View Chocolate, we’re committed to transparency and choice


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

»Re: 1 million Ipad & Iphone records stolen from feds & posted

We already woke the boys up earlier and they gave a statement.

Expand your moderator at work