dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3962
share rss forum feed


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to fatness

Re: 1 million Ipad & Iphone records stolen from feds & posted

List is available in plain text:
ht tps://dl.dropbox.com/u/6494223/iphonelist.txt

Confirmations that the codes are real:
»twitter.com/roblemos/status/2430···23449344

»twitter.com/peterkruse/status/24···20717056
»translate.google.com/translate?h···F3634%2F


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
reply to Name Game

said by FBI article :

At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

Looks like carefully chosen wording. Having watched a few LEO interviews on TV and elsewhere, a suspect will say "there;s no proof I did it"

Apple issues its own carefully worded statement;

In a statement delivered to AllThings's John Paczkowski by Apple spokesperson Natalie Kerris, the company explained that it wasn’t the source of any UDIDs the FBI may have been stockpiling.


That still leaves Apple itself as a possible source, just not through the FBI;

»techcrunch.com/2012/09/05/apple-···-to-fbi/

Yet the stuff is out there.

*poof* it appears magically from no source.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

said by EGeezer:

*poof* it appears magically from no source.

Well really I hardly expect the FBI to issue a press statement.

"Our bad. You caught us. Yeah we've been hacking into iPhones for years. We promise not to do it again."

Oh and the NSA Bob should also issue a statement.

"Yeah we really do monitor all your electronic communications. Take it Bitches!"

Oh, and while I'm waiting for those two press releases I want my $5 (or whatever the going rate is) from the Tooth Fairy.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to fatness

Verify your Apple UDID Here.
My iPad came back clean.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to fatness

BTW, in case you don't read the news on this site.

»Feds: Mobile Phone Data 'Not Constitutionally Protected'
--
Don't feed trolls--it only makes them grow!



coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream

said by StuartMW:

BTW, in case you don't read the news on this site.

»Feds: Mobile Phone Data 'Not Constitutionally Protected'

That is just their argument, not a verdict...
--
Returnil - 21st Century body armor for your PC


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

/sigh

You just can't get through to some people. I'm beginning to understand why Dude111 See Profile uses all caps.
--
Don't feed trolls--it only makes them grow!



scobbz
Premium
join:2007-10-02
San Diego, CA

1 recommendation

reply to fatness

Found my wife's iPhone in the list:

»blog.eset.com/2012/09/05/confusi···i-breach

Need to consider that this data could have been gathered by an app.

Scobbz @zcobb



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
reply to fatness

'698','07f440c0d00fc69f73ceebd3755db87a5','Snowy One's iPhone','iPhone'
Bastards!
I should have used an alias.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits
reply to scobbz

said by scobbz:

Found my wife's iPhone in the list:

»blog.eset.com/2012/09/05/confusi···i-breach

Need to consider that this data could have been gathered by an app.

Scobbz @zcobb

Good article and write up..thanks...I think you are getting closer to the truth.

Keep calm and get pwn3d
Another troubling aspect of what can be done with a massive pile of Apple UDIDs came from the security researchers at Crowdstrike - known for their recent breakthrough analysis of commercial surveillance software FinSpy (found in malware).
What Crowdstrike suggests is that (potentially) someone in a possession of large amounts of UDIDs would be able to compile malicious targeted code more easily.
The day of the UDID leak, Alex Radocea, senior engineer of Crowdstrike, made a stunning revelation:
(...) with the release of the alleged UDIDs today, if those do prove to be legitimate devices, there are now over one million targets which can be targeted using the FinSpy Ad-Hoc distribution mechanism coupled with an existing or new exploit/jailbreak.

»news.cnet.com/8301-13579_3-57507···go-away/

--
Gladiator Security Forum
»www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to Snowy

UDID's are randomly assigned, Snowy See Profile



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 edit
reply to Name Game

http://www.dslreports.com/forum/r27498955- post redacted.

Expand your moderator at work


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to fatness

Re: 1 million Ipad & Iphone records stolen from feds & posted

hmmm I don't think this file is going to be swept under the carpet as there is some interesting stuff in there which does make me wonder what the FBI would be doing with it, as it seems a tad out of their sphere. Again the question is where did this file come from originally, answer that and you have either some really cool info or something complete bust. There isn't much that is middle of the road for this file, its either going to be one extreme or the other.

Blake
Any iOS app developers here with Apps in the Apple store, as I have a question for you about this file.
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to fatness

The data was allegedly taken from FBI agent Christopher Stangl in March. Businessweek aso reported that a Java vulnerability enabled Anonymous to steal the IDs. The information remains unconfirmed and Ed Sullivan, Security Advisor at F-Secure, thinks Anonymous is making up claims that the data came from the FBI, added Businesweek. The FBI released a statement claiming that it found "no evidence" that "any FBI laptop was compromised or that the FBI either sought or obtained this data," CNN reported.

Read more at »www.mobilenapps.com/articles/410···alls.htm
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Riamen
Premium
join:2002-11-04
Calgary
reply to fatness

A publishing company called Blue Toad says they were the source of the stolen UDIDs.

»arstechnica.com/apple/2012/09/pu···the-fbi/



smunro622
Premium
join:2006-02-15
Madison Heights, MI
reply to fatness

i prefer the quote here "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials".... who are the appropriate officials?

and why was the file named in such a manner?



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to Riamen

said by Riamen:

A publishing company called Blue Toad says they were the source of the stolen UDIDs.

»arstechnica.com/apple/2012/09/pu···the-fbi/

As is too often the case, more questions get raised than answered.
quote:
A digital publishing company named BlueToad has come forward to take responsibility for the leak of a million iOS unique device identifiers (UDIDs) that were previously attributed to an alleged FBI laptop hack. In a number of interviews published Monday, BlueToad apologized to the public for the incident, explaining that hackers had broken into the company's systems in order to steal the file. The company says, however, that it had "nowhere near" the alleged 12 million UDIDs that hacking group AntiSec claims to have in its possession....
If, and it remains an "if", AntiSec is telling the truth that there are 12 million on their list and that it was indeed hacked from the FBI, it leaves the FBI to explain how their agent got it - particularly if only a fraction of the list actually does include the 1 million hacked from BlueToad. Is the FBI hacking apps developers (or others) to assemble that list? Did the FBI obtain a copy of information hacked by other Federal 3-letter agencies?
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

All Credit Card Pin Codes In The World Leaked
»pastebin.com/2qbRKh3R



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Name Game:

All Credit Card Pin Codes In The World Leaked

Ok, I fell for it and clicked on the link. In my defence I'm in low power mode this afternoon.
--
Don't feed trolls--it only makes them grow!


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14
reply to Riamen

said by Riamen:

A publishing company called Blue Toad says they were the source of the stolen UDIDs.

»arstechnica.com/apple/2012/09/pu···the-fbi/

Did anyone read the articles at the Blue Toad website? Many of them are about DoD.

»www.bluetoad.com/display_article.php?id=5354

More: »www.google.com/#hl=en&output=sea···&bih=698
--
my pants are parched and thirsty


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14

This is nice to know.

quote:
Blue Toad is a little-known privately held company, but its technology touches millions of users around the world. It provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month, DeHart said. He declined to discuss business partners, but said the list of clients includes household names.

DeHart said his firm would not be contacting individual consumers to notify them that their information had been compromised, instead leaving it up to individual publishers to contact readers as they see fit.
quote:
There is no way for users to check to see if their UDID information has been collected by Blue Toad, DeHart said.
»redtape.nbcnews.com/_news/2012/0···eek?lite
--
my pants are parched and thirsty


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to fatness

Since some people like "Peter Kruse tweeted that three of his devices were in the leaked data." and since anonymous claims they have 12million.
»twitter.com/AnonymousIRC/status/···82999296

Then Blue Toad said they don't have anywhere near that amount compromise...will be interesting to see if those who were on the list claim they did have stuff (apps) that came from Blue Toad..it was since 4Sept suggested by many Security people that most likely the information did come from an app developer.
»www.forbes.com/sites/parmyolson/···-claims/

and of course Anonymous could prove their case other ways but have not to date..much less come up with the 12 million.

there you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens. the original file contained around 12,000,000 devices. we decided a million would be enough to release. we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc. not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset.

file contains details to identify Apple devices. ordered by:

Apple Device UDID, Apple Push Notification Service DevToken, Device Name, Device Type.

--
Gladiator Security Forum
»www.gladiator-antivirus.com/