dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3971
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to fatness

Re: 1 million Ipad & Iphone records stolen from feds & posted

FinSpy Mobile: iOS and Apple UDID leak

»blog.crowdstrike.com/2012/09/fin···eak.html


Jet
Premium
join:2002-01-03
reply to fatness
Way to go hackers! Sometimes the Committees and Hearings don't get results. The NSA has been jerking the Senate and the EFF around for some time now on this very issue. It is good to see other avenues being exploited to prove the actions of the what seems untouchable NSA.

Jet
Expand your moderator at work


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Re: 1 million Ipad & Iphone records stolen from feds & posted

Here is the second finger..

On Twitter, the FBI was even more blunt:

Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

Of course, tinfoil-hatters will remind the world “they would say that, wouldn’t they?”, but it’s now over to AntiSec to back its claim.

Meanwhile, trawling the database of UUIDs, Cultofmac is making the extraordinary and probably unprovable claim that President Obama's UUID is among those on the list leaked by AntiSec.

That claim comes from a PasteHTML search on the UUIDs (which page, by the way, allows anyone to check if their UUID was leaked). Exactly how the search conclusively ties the named device to the Leader of the Free World isn't exactly clear to El Reg.

»www.theregister.co.uk/2012/09/04···_claims/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
reply to Name Game
Deny, Deny, Deny!


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to fatness
quote:
The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”
quote:
But the FBI disputes this. The FBI did not say whether the NCFTA, which was allegedly referred to in the file name the hackers obtained, possessed the data.

NCFTA refers to the National Cyber Forensics and Training Alliance. The NCFTA is a non-profit that was founded in 1997 by FBI agent Dan Larkin as a conduit between private industry and law enforcement agencies to help them exchange data and cooperate on cases. The organization’s members include financial institutions, telecommunications firms, ISPs, and other private industries.

The NCFTA did not respond to a call seeking comment.
»www.wired.com/threatlevel/2012/0···ice-ids/
--
my pants are parched and thirsty


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Name Game
FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs
quote:
The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.

The FBI also said it did not possess a file containing the data the hackers said they stole.

In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
--
siljaline

Here at Mountain View Chocolate, we’re committed to transparency and choice


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
»Re: 1 million Ipad & Iphone records stolen from feds & posted

We already woke the boys up earlier and they gave a statement.
Expand your moderator at work


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to KrK

Re: 1 million Ipad & Iphone records stolen from feds & posted

That makes three! It must be true!



--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to fatness
FBI, AntiSec Spar On Apple IDs
FBI denies laptop data breach, but some security experts believe agency may have suffered a phishing attack.

»www.informationweek.com/security···40006742
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 recommendations

Well the article on this site says it best for me.

»FBI Denies AntiSec Hack Ever Happened

quote:
Though Press Statement Chooses Words Carefully

Whether the data came from a official FBI computer or the computer of a contractor or other related agency working for the FBI is irrelevant IMO. Most of us know how this game is played.

As I said above

said by StuartMW:

Technically true but not the full story...

--
Don't feed trolls--it only makes them grow!


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
The real story is why is the FBI tracking the devices and for what purpose.

Notice they are remaining silent.

OZO
Premium
join:2003-01-17
kudos:2
said by KrK:

The real story is why is the FBI tracking the devices and for what purpose.

Exactly...
--
Keep it simple, it'll become complex by itself...


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to KrK
said by KrK:

The real story is why is the FBI tracking the devices and for what purpose.

Notice they are remaining silent.

I want to know who (Apple) gave them this data. Spot the Fed this year at Def Con could really easy, if they work for Apple, their a Fed, I win!!!

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
Expand your moderator at work

Floriana

join:2012-05-23
reply to mackey

Re: 1 million Ipad & Iphone records stolen from feds & posted

That's terrible.


Franklin

@175.41.31.x
reply to mackey
hopefully, I have never purchased item via my iPhone.


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to fatness
List is available in plain text:
ht tps://dl.dropbox.com/u/6494223/iphonelist.txt

Confirmations that the codes are real:
»twitter.com/roblemos/status/2430···23449344

»twitter.com/peterkruse/status/24···20717056
»translate.google.com/translate?h···F3634%2F


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
reply to Name Game
said by FBI article :

At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

Looks like carefully chosen wording. Having watched a few LEO interviews on TV and elsewhere, a suspect will say "there;s no proof I did it"

Apple issues its own carefully worded statement;

In a statement delivered to AllThings's John Paczkowski by Apple spokesperson Natalie Kerris, the company explained that it wasn’t the source of any UDIDs the FBI may have been stockpiling.


That still leaves Apple itself as a possible source, just not through the FBI;

»techcrunch.com/2012/09/05/apple-···-to-fbi/

Yet the stuff is out there.

*poof* it appears magically from no source.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
said by EGeezer:

*poof* it appears magically from no source.

Well really I hardly expect the FBI to issue a press statement.

"Our bad. You caught us. Yeah we've been hacking into iPhones for years. We promise not to do it again."

Oh and the NSA Bob should also issue a statement.

"Yeah we really do monitor all your electronic communications. Take it Bitches!"

Oh, and while I'm waiting for those two press releases I want my $5 (or whatever the going rate is) from the Tooth Fairy.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to fatness
Verify your Apple UDID Here.
My iPad came back clean.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to fatness
BTW, in case you don't read the news on this site.

»Feds: Mobile Phone Data 'Not Constitutionally Protected'
--
Don't feed trolls--it only makes them grow!


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream
said by StuartMW:

BTW, in case you don't read the news on this site.

»Feds: Mobile Phone Data 'Not Constitutionally Protected'

That is just their argument, not a verdict...
--
Returnil - 21st Century body armor for your PC


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
/sigh

You just can't get through to some people. I'm beginning to understand why Dude111 See Profile uses all caps.
--
Don't feed trolls--it only makes them grow!


scobbz
Premium
join:2007-10-02
San Diego, CA

1 recommendation

reply to fatness
Found my wife's iPhone in the list:

»blog.eset.com/2012/09/05/confusi···i-breach

Need to consider that this data could have been gathered by an app.

Scobbz @zcobb


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
reply to fatness
'698','07f440c0d00fc69f73ceebd3755db87a5','Snowy One's iPhone','iPhone'
Bastards!
I should have used an alias.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits
reply to scobbz
said by scobbz:

Found my wife's iPhone in the list:

»blog.eset.com/2012/09/05/confusi···i-breach

Need to consider that this data could have been gathered by an app.

Scobbz @zcobb

Good article and write up..thanks...I think you are getting closer to the truth.

Keep calm and get pwn3d
Another troubling aspect of what can be done with a massive pile of Apple UDIDs came from the security researchers at Crowdstrike - known for their recent breakthrough analysis of commercial surveillance software FinSpy (found in malware).
What Crowdstrike suggests is that (potentially) someone in a possession of large amounts of UDIDs would be able to compile malicious targeted code more easily.
The day of the UDID leak, Alex Radocea, senior engineer of Crowdstrike, made a stunning revelation:
(...) with the release of the alleged UDIDs today, if those do prove to be legitimate devices, there are now over one million targets which can be targeted using the FinSpy Ad-Hoc distribution mechanism coupled with an existing or new exploit/jailbreak.

»news.cnet.com/8301-13579_3-57507···go-away/

--
Gladiator Security Forum
»www.gladiator-antivirus.com/