 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| 1 million Ipad & Iphone records stolen from feds & posted quote:
Hackers have dumped online the unique identification codes for one million Apple iPhones and iPads allegedly lifted from an FBI agent's laptop. The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices.
The 20-byte ID codes were, we're told, copied from a file extracted from the Dell notebook of a senior federal agent, who was tracking the activities of hacktivists in LulzSec, Anonymous and related groups.
quote:
The AntiSec activists behind this week's leak suggest the device info data was used as part of some FBI tracking project involving iOS devices, such as iPhones.
»www.theregister.co.uk/2012/09/04···op_hack/ |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| said by fatness: quote:
The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices.
I'm sure they have info from Android devices as well.
I wouldn't be surprised if they've written their own apps.
»Smartphone apps track users even when shut down
Money for nothing. Chicks Personal data for free.
(With apologies to Dire Straits)
--
Don't feed trolls--it only makes them grow! |
|
| reply to fatness
They also included a nice little rant in addition to the numbers »pastebin.com/nfVT7b0Z
/M |
|
fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 Host:
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| reply to fatness
quote:
Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed “more than ever.” Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 million unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl’s own laptop.
quote:
The incident raises many questions, not only about the security of federal devices, but of why an agent might have (allegedly) been carrying a database of Apple UDIDs, which the hackers said also contained “user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.” of iPhone and iPad users. They claim to have stripped this information for publication.
»www.forbes.com/sites/parmyolson/···-claims/ |
|
|
|
| From your link: said by fatness:http://www.forbes.com/sites/parmyolson/2012/09/04/fbi-agents-laptop-hacked-to-grab-12-million-apple-ids-anonymous-claims/
If you own an Apple mobile device and are wondering if it got caught up in the UDID dump, TheNextWeb has set up a web tool that lets you type in your device number to check. They also promise to not store your identifier. Here’s how how you can look it up in iTunes. |
|
| said by FF4m3 :If you own an Apple mobile device and are wondering if it got caught up in the UDID dump, TheNextWeb has set up a web tool that lets you type in your device number to check. They also promise to not store your identifier. While you're at it, you should probably check if your credit card is stolen too.
Remember, quote:
UDIDs are unique to each iPhone and iPad, [so] having yours end up in the wrong hands is a concern.
So feel free to punch yours into some dude's unencrypted web form.
/M |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to fatness
OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data? Is Apple swapping bogus patent approvals for trackable user data or how closely is Apple in with the Fedz as 12 million devices sounds a little over the top? Are all 12 million devices in the US or are they world wide? So many questions about the the fedz, the data and Apple here (where else would someone get these from?).
Of course how do you validate that this information is real, as its no problem to generate a million random UDIDs that look legit and no doubt if they were totally random, in a million there are likely going to be at least a few which are by fluke real. Are the fedz going to owe up to this or deny it, and if they deny it, is that a real denial or just a cover denial?
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
1 edit | said by Link Logger:OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data? Is Apple swapping bogus patent approvals for trackable user data or how closely is Apple in with the Fedz as 12 million devices sounds a little over the top? And THAT is the $1,000,001 question.
said by Link Logger:Are all 12 million devices in the US or are they world wide? As there are more then a few foreign names listed (UTF-8 and all) I suspect it's world wide.
Edit to add. After my post below I started looking for other phone numbers and found 050-4048xxx - Google returns a hit for the name and number for a guy in Israel.
/M |
|
| reply to Link Logger
said by Link Logger:Of course how do you validate that this information is real, as its no problem to generate a million random UDIDs that look legit and no doubt if they were totally random, in a million there are likely going to be at least a few which are by fluke real. Are the fedz going to owe up to this or deny it, and if they deny it, is that a real denial or just a cover denial? Heh, I was flipping through the dump and noticed this:
quote:
Adan Axxxxxxxxx’s iPhone, call 3104194xxx if lost
(The x's are mine, the dump has the full name and number)
So yeah, shouldn't be too hard to verify this.
Edit to add: I just Google'd the number and although the first name is different, the last names match. So yeah, it's either an elaborate hoax or the dump's real.
/M |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to fatness
Just fishing for fun 
»news.ycombinator.com/item?id=4473329 |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | reply to fatness
The buzz on Twitter is the FBI is going to release a statement shortly. |
|
| reply to fatness
So why does the FBI have access to millions of Apple IDs? And how did they get them? I'm thinking it would pretty much have to be Apple who handed it to them. Someone in Apple's PR department is probably sweating right now.
--
Mischel Internet Security - Developer of TrojanHunter (@mmischel on Twitter) |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to mackey
said by mackey:As there are more then a few foreign names listed (UTF-8 and all) I suspect it's world wide.
Edit to add. After my post below I started looking for other phone numbers and found 050-4048xxx - Google returns a hit for the name and number for a guy in Israel.
/M
OK so why is the FBI tracking some dude in Israel?
This might be one of those moments when your really, really happy that you don't own an iOS device (or should that be a Fedz tracking device).
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:5 | reply to fatness
On the surface this sounds kinda scary
And I know someone on this site is gonna LOVE this!
--
| map your city | |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
·Frontier Communi..
| reply to fatness
I seem to remember a number of years ago when it was determined that Intel/Microsoft were starting to put some kind of unique identifier into PCs/chipsets that would be externally accessible... the cries of outrage from privacy-conscious users apparently ended that initiative, but not before the folks raising complaints were ridiculed by many observers for being over-reacting, tin-foil-hat privacy extremists. Today unique IDs are inherently included in a variety of handheld devices from inception, and - surprise, surprise - a comprehensive listing of such IDs (along with correlated user data) ends up in the hands of the Feds. If PCs had incorporated such IDs as earlier planned, one could bet their bottom dollar that every computer ID and associated user data would long ago have been in the possession of 3-letter Federal agencies.
And if the allegations are accurate about the data having been stolen from a compromised Fed computer, it demonstrates (yet again) that the Federal government is a lousy custodian of citizens' critical personal data. That data, being on an Internet-accessible laptop computer system and not on a limited-access, "isolated" system, shows the cavalier security attitude the Feds have about "other people's data".
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775 |
|
fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 Host:
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| reply to Link Logger
said by Link Logger:OK so they used a really bad Java exploit to hack in (way to go Java, you suck) and nabbed a bunch of interesting data, but the question I'd like answered is how did the Fedz get all this data?
I'd like to know that, and what degree of cooperation there was from Apple, and what the information was used for.
Given that the feds and Apple both closely resemble a small family business where honesty is a core value, I'm sure we'll find out in no time.
The sad thing is, we're more likely to find those things out from the hackers.
--
my pants are parched and thirsty |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by fatness:Given that the feds and Apple both closely resemble a small family business where honesty is a core value, I'm sure we'll find out in no time.
I hope that was sarcasm.
--
Don't feed trolls--it only makes them grow! |
|
Reviews:
·WestNet Broadband
| reply to fatness
Why would you doubt something like this?
Whether this story is correct or not, we have personal electronic toys with geo-locating technologies, unique Identifier's wireless all bundled into 1 small package walking with us everywhere; I know a lot of you think that sort of thought is too "movie orientated", but is it. Those movies with fantastic gadgets are us now. Why is a standard phone coming out with wireless, geo-locating and unique identifiers all in one.
I've seen no general discussion anywhere about the implications as such, I know Epirb's have similar items for helping locate distress beacons, then why wouldn't there be a satellite using similar type methods for these incorporated in ipods, iphones or anything else similar.......crikey, stick to your computer rooms in your basement if you can not believe this possible, the outside world may scare you too much.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to siljaline
Statement on Alleged Compromise of FBI Laptop
Washington, D.C.
September 04, 2012
FBI National Press Office
(202) 324-3691
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| Well when the gummint categorically denies something three times you know it's true
Sorta like waving your finger and saying
quote:
I did NOT have sex with THAT woman!
Technically true but not the full story...
--
Don't feed trolls--it only makes them grow! |
|
