dslreports logo
 story category
AntiSec Hacks FBI, Nabs User iPhone/iPad Data
FBI Has Explaining to Do About Domestic Spying

Hacking group AntiSec has released a portion of what they're claiming is a list of 12 million Unique Device IDs, including (redacted by AntiSec) personal information such as user names, device names, notification tokens, cell phone numbers and addresses. More interesting perhaps is where the group claims they obtained this data from: a laptop belonging to New York FBI Special Agent Christopher K. Stangl.

Obviously left unmentioned is how the FBI came by this data and what exactly they were hoping to do with it. According to a statement posted by AntiSec, the laptop hacking took place in March using a Java vulnerability:
quote:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
According to the file name (NCFTA_iOS_devices_intel.csv), the data came from or was being used by the National Cyber-Forensics & Training Alliance, which says it "functions as a conduit between private industry and law enforcement." The Next Web has released a handy tool (which they claim is encrypted via SSL) allowing users to confirm whether their data was included in the collected information by entering their Apple UDID.
view:
topics flat nest 

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

1 recommendation

Metatron2008

Premium Member

I don't trust that 'handy tool'

In order to see if your UDID has been hacked, you must submit your UDID on a nonsecure form?

swintec
Premium Member
join:2003-12-19
Alfred, ME

swintec

Premium Member

Re: I don't trust that 'handy tool'

Well honestly, it appears just owning an apple device means you have given up security to begin with. What more is typing it on a form gonna do?

jseymour
join:2009-12-11
Waterford, MI

jseymour

Member

Re: I don't trust that 'handy tool'

said by swintec:

Well honestly, it appears just owning an apple "smart" device means you have given up security to begin with. What more is typing it on a form gonna do?

FIFY

This story is one of the reasons I've not been particularly anxious to own a "smart" device. IIRC, this is not the first such story we're heard--tho I do not recall if the others were government agencies that got the info.

Jim

inteller
Sociopaths always win.
join:2003-12-08
Tulsa, OK

inteller

Member

Re: I don't trust that 'handy tool'

yes but they are zeroed in on apple devices because lemmings have put them at the top of marketshare here in the united states of Amerika.
clone (banned)
join:2000-12-11
Portage, IN

clone (banned) to jseymour

Member

to jseymour
said by jseymour:

said by swintec:

Well honestly, it appears just owning an apple "smart" computing device means you have given up security to begin with. What more is typing it on a form gonna do?

FIFY

This story is one of the reasons I've not been particularly anxious to own a "smart" computing device. IIRC, this is not the first such story we're heard--tho I do not recall if the others were government agencies that got the info.

Jim

Every network-enabled computing device can be viewed as a security/privacy risk. Although internet connectivity is now practically compulsory, it makes sense to disable your data connection (wired or wireless) whenever it is not is use.

cork1958
Cork
Premium Member
join:2000-02-26

cork1958 to jseymour

Premium Member

to jseymour
said by jseymour:

said by swintec:

Well honestly, it appears just owning an apple "smart" device means you have given up security to begin with. What more is typing it on a form gonna do?

FIFY

This story is one of the reasons I've not been particularly anxious to own a "smart" device. IIRC, this is not the first such story we're heard--tho I do not recall if the others were government agencies that got the info.

Jim

Same here as far as not particularly anxious to own a "smart" device or any Google crap programs!!

Gotta love how secure our nations top agencies are though, huh, no matter how the hacker group got any info.

Eddy120876
join:2009-02-16
Bronx, NY

Eddy120876

Member

Re: I don't trust that 'handy tool'

The only thing that has me puzzle is the fact they got hack and instead of fighting back they are acting like nothing happen. Is this a trap they set? if so Antisec felt for it.
silbaco
Premium Member
join:2009-08-03
USA

silbaco to swintec

Premium Member

to swintec
I really don't see how Apple has any blame in this. From what we can tell, Apple didn't give away this information. Most likely a developer gave this information to the FBI, and it was the FBI who lost it and shouldn't have had it in the first place. Blaming Apple or iOS devices is stupid.

dib22
join:2002-01-27
Kansas City, MO

1 recommendation

dib22

Member

Re: I don't trust that 'handy tool'

said by silbaco:

I really don't see how Apple has any blame in this.

Perhaps not in this case, but Apple goes out of it's way to leak users information whenever they have a chance.

Sync Contacts? Cleartext

Sync Calendar? Cleartext

Order a free fart app on itunes? Send your physical address via email.

Send a crash report to apple from a mac or ios device? Cleartext

Applications on ios and macos phone home constantly, pegging you to an IP address.

For a company who is so proud of their security claim, they sure don't seem to understand how to encrypt anything.

Eddy120876
join:2009-02-16
Bronx, NY

Eddy120876

Member

Re: I don't trust that 'handy tool'

He has a point and gave his thought you and the other hand you turned into a troll. Look you don't like apple fine but to call him a lemming when you are another lemming is sad.

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

Re: I don't trust that 'handy tool'

said by Eddy120876:

He has a point and gave his thought you and the other hand you turned into a troll. Look you don't like apple fine but to call him a lemming when you are another lemming is sad.

I own several apple products thank you, in fact if you re-read you will see I agreed (with what little we know) in this case. I just took the opportunity to point out that apple should tighten up its security to help us maintain our privacy.

... and for what it's worth... I loved Lemmings.

Eddy120876
join:2009-02-16
Bronx, NY

Eddy120876

Member

Re: I don't trust that 'handy tool'

Well if you wanted to get your point across theres no need to denigrate or insult a fellow poster that didn't agree with you. instead just saying what you told me would had work out "I just took the opportunity to point out that apple should tighten up its security to help us maintain our privacy." that would be enough. the Lemming part is way over the top

ImbeckYon
@nuvox.net

ImbeckYon

Anon

Re: I don't trust that 'handy tool'

What the heck are you talking about?

Lemmings was brought up by a different poster altogether, and dib22's post you're complaining about has nothing insulting or abrasive in it, unless you are Apple's security chief. Lighten up.

Eddy120876
join:2009-02-16
Bronx, NY

Eddy120876

Member

Re: I don't trust that 'handy tool'

Im not talking about another poster Im talking about what you said. Thats why i told you had you said what you said the second time I would had agree with you. Im no apple worker what i hate is just blind rage from Fandroid. Look you don't like Apple fine thats your choice but to say some people are lemmings because they like apple all i can say "the kettle calling the tea pot black" why because people will pick and choose who to defend.

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

Re: I don't trust that 'handy tool'

said by Eddy120876:

Im not talking about another poster Im talking about what you said.

That anon post wasn't me... or are you referring to the anon poster?

Thats why i told you had you said what you said the second time I would had agree with you. Im no apple worker what i hate is just blind rage from Fandroid. Look you don't like Apple fine thats your choice but to say some people are lemmings because they like apple all i can say "the kettle calling the tea pot black" why because people will pick and choose who to defend.

The only Fanboi in this subthread is you
I try to point out apples security issues every chance I get... in hopes they will hear and change

I didn't say anything negative to the post I replied to... perhaps you have me confused with another subthread?

nightshade74
Yet another genxer
Premium Member
join:2004-11-06
Prattville, AL

nightshade74 to Metatron2008

Premium Member

to Metatron2008
Read through the link »pastebin.com/nfVT7b0Z
Download and decrypt the text w/ openssl per
the instructions... Grep through the text for your
UDID....

battleop
join:2005-09-28
00000

battleop to Metatron2008

Member

to Metatron2008
"If you are concerned about your security, please enter just part of your UDID."

It's even in bold...
rradina
join:2000-08-08
Chesterfield, MO

rradina

Member

Re: I don't trust that 'handy tool'

I don't know if there is any truth to it but I read it must be the first part of the UUID, not the middle or the end. Otherwise the site may report a false positive.

The folks here are techie enough that they should probably just download the list and check with their favorite grep-like tool of choice.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

FBI Has Explaining to Do? How about AntiSec

Let's put the blame where it mostly lies - with another lowlife hacking group.

rrw1313
Premium Member
join:2001-03-05
Taylor, PA

1 edit

rrw1313

Premium Member

Re: FBI Has Explaining to Do? How about AntiSec

I'm not sure who I distrust more. The group that's telling me the FBI keeps this info, or the FBI for having it without my knowledge. Why do they need it and what other info does the FBI have on me?

crazediamond
Maybe you shouldn't be so proud?
Premium Member
join:2002-01-19
Brooklyn, NY

crazediamond to FFH5

Premium Member

to FFH5
Right, it's antisec's fault that the FBI has this information.

Wait, what?

battleop
join:2005-09-28
00000

battleop

Member

Re: FBI Has Explaining to Do? How about AntiSec

AntiSec is any better by releasing it?
Skippy25
join:2000-09-13
Hazelwood, MO

Skippy25

Member

Re: FBI Has Explaining to Do? How about AntiSec

For exposing the abuses of our government? Sure, they are better.

See that is the thing about lying.

1.) It takes a lot more work to cover up the lie than it does to explain the truth and deal with it.
2.) The truth will always come out eventually. Then more lying trying to continue to justify it puts up back at #1.

There are very few things our government has to actually do in secret. There are even fewer things that need to remain a secret after they have been done. That even applies to our National Security and quest to save the children.

battleop
join:2005-09-28
00000

1 recommendation

battleop

Member

Re: FBI Has Explaining to Do? How about AntiSec

"For exposing the abuses of our government? Sure, they are better."

There may be 12 Million people who will disagree with you. AntiSec has no justification in releasing the contents of what they found.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList

Premium Member

Re: FBI Has Explaining to Do? How about AntiSec

They also have no obligation in protecting it.
Skippy25
join:2000-09-13
Hazelwood, MO

Skippy25 to battleop

Member

to battleop
There may also be 12 million people thanking them for exposing how they were being exploited by the FBI and the very government that they should be able to trust.

crazediamond
Maybe you shouldn't be so proud?
Premium Member
join:2002-01-19
Brooklyn, NY

crazediamond to battleop

Premium Member

to battleop
Look, Romney's big fan up there said the blame lies with antisec. Unless antisec put this data on the FBI laptop, the blame lies with the FBI.

Romney's big fan is trying the "hey look over there" defense. As someone else responded, apparently because he's a big fan of the Obama administration as well.

Jim Kirk
Premium Member
join:2005-12-09
49985

Jim Kirk

Premium Member

Re: FBI Has Explaining to Do? How about AntiSec

said by crazediamond:

Look, Romney's big fan up there said the blame lies with antisec. Unless antisec put this data on the FBI laptop, the blame lies with the FBI.

Romney's big fan is trying the "hey look over there" defense. As someone else responded, apparently because he's a big fan of the Obama administration as well.

Two sides, one coin.

cowboyro
Premium Member
join:2000-10-11
CT

1 recommendation

cowboyro to FFH5

Premium Member

to FFH5
said by FFH5:

Let's put the blame where it mostly lies - with another lowlife hacking group.

...for exposing the potentially illegal things a government is doing...
Sometimes people need to be shown in bold some things, or they won't believe it. Hell the vast majority of people thinks the Federal Reserve Bank is a government institution and wouldn't conceive otherwise...

LightS
Premium Member
join:2005-12-17
Greenville, TX

1 edit

1 recommendation

LightS to FFH5

Premium Member

to FFH5
No, the FBI has explaining to do, not them.

AntiSec has done quite a few impressive jobs. If you disagree with their point of view, and assuming you actually read through the articles linked...

To sum it up: The FBI, a government agency, had a computer that was exploited and found a large amount of apple devices.

My question isn't why did AntiSec they do what they did - who cares, they do what they want to do...

Chicago_DSL6
join:2003-08-04
South Elgin, IL

Chicago_DSL6

Member

Re: FBI Has Explaining to Do? How about AntiSec

said by LightS:

No, the FBI has explaining to do, not them.

AntiSec has done quite a few impressive jobs. If you disagree with their point of view, and assuming you actually read through the articles linked...

To sum it up: The FBI, a government agency, had a computer that was exploited and found a large amount of apple devices.

My question isn't why did they do what they did - who cares, they do what they want to do...

I am sure there is some risk involved by the FBI to answer the question "why".

Taking the tinfoil hat off, 12 million isn't every iPhone in the world, or the US.

»www.learn-cocos2d.com/20 ··· support/

Granted, who knows how legit the above link is for sales statistics, but we all know that the interwebs never lies. But seriously, 12 million in iPhones, iPads, and iPods from god knows when is probably not every single iOS device in the US. Article is FUD.

LightS
Premium Member
join:2005-12-17
Greenville, TX

LightS

Premium Member

Re: FBI Has Explaining to Do? How about AntiSec

Sorry - I edited my post, I omitted a word by accident.

Although, I agree there's no way that's every apple device. however, I don't like the fact that they have it...

pnh102
Reptiles Are Cuddly And Pretty
Premium Member
join:2002-05-02
Mount Airy, MD

pnh102 to FFH5

Premium Member

to FFH5
said by FFH5:

Let's put the blame where it mostly lies - with another lowlife hacking group.

I disagree. It is our duty as citizens to keep the government honest.

This incident would never have happened if the FBI had not had this information. I demand to know why a government agency has this information, without my consent, and without any probable cause.

And yes, any time it is an incident involving government, I always presume the government guilty until it proves that it is not, because 99% of the time, it is.

••••••

vpoko
Premium Member
join:2003-07-03
Boston, MA

vpoko to FFH5

Premium Member

to FFH5
Wow, there you are again defending the Obama administration. You must really love the guy.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

FBI says AntiSec full of it and they got nothing from an FBI laptop or any other FBI sources:
»allthingsd.com/20120904/ ··· numbers/
quote:
The FBI statement:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

So where did that document come from really? The ball is now in AntiSec’s court.

•••
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to FFH5

Premium Member

to FFH5
Why do people not agree they both have things to explain?

The FBI for losing the information in the first place, And Antisec for pushing it to the public.

But the FBI does deserve a greater volume of shame, First off what have we learned about sensitive data on laptops allowed for personal use?

Also for the love of god, the desktop folder? What if this laptop had a problem and had to be imaged? what if this was not illegal spying data but vital case data? First thing I teach anybody using a computer is never store things to the desktop, if that is not backed up that gets nuked when the OS is restored or the drive is imaged.
SunnyD
join:2009-03-20
Madison, AL

SunnyD

Member

#1 rule I have when it comes to the Internet...

If you're online, you have no privacy. Period.

But basically in this day and age, as soon as you're born, you have no privacy.
axus
join:2001-06-18
Washington, DC

axus

Member

Re: #1 rule I have when it comes to the Internet...

With some small effort (VPN + Tor) and discipline, you can have privacy. Then it takes a large effort to break the privacy, that only government can perform at big cost.

But, what we want is a system where it takes no effort to have privacy . Anonymity should be the rule, with identification only for commerce and attribution.
old_wiz_60
join:2005-06-03
Bedford, MA

1 recommendation

old_wiz_60

Member

So what is the FBI

doing with this info? Do they seriously think there are 12 MILLION terrorists in the U.S.?

The FBI and the other federal spooks (CIA/TSA/ICE) don't pay much attention to federal laws or the Constitution - they firmly believe they are above the law and proceed on that.

The FBI is part of the DOJ, which is well staffed and heavily influenced by lawyers from the entertainment industry, so the FBI could be looking for people who steal music or videos via UDIDs.
jpboss
join:2003-09-13
Conyers, GA

jpboss

Member

Another reason Apple has decremented UDID from iOS.

This is another reason Apple has decremented UDID from iOS. Hopefully they will remove it's access from Apps very soon. As others have stated, most likely a popular App dev. slipped them this list of devices' UDID, etc.
axus
join:2001-06-18
Washington, DC

axus

Member

Re: Another reason Apple has decremented UDID from iOS.

Think of the company with the worst record and highest disregard for privacy.
MyDogHsFleas
Premium Member
join:2007-08-15
Austin, TX

MyDogHsFleas to jpboss

Premium Member

to jpboss
I think you meant "deprecated".

Snakeoil
Ignore Button. The coward's feature.
Premium Member
join:2000-08-05
united state

Snakeoil

Premium Member

Don't companies allow the government free access?

I thought companies like Apple, Microsoft gave back door access to the fed. So if the fed wanted to snoop you, they could any time wanted to. I also recall hearing encryption companies and the like also give the fed back door access.

Or is that just an urban legend?

fonzbear2000
Premium Member
join:2005-08-09
Saint Paul, MN

fonzbear2000

Premium Member

I'm fine with AntiSec exposing the FBI like this, however...

What I don't like is them releasing the PRIVATE Apple data to the public. Why can't they just say that they, themselves have the data. There's no need to show the rest of the world all of that PRIVATE data.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

Re: I'm fine with AntiSec exposing the FBI like this, however...

said by fonzbear2000:

Why can't they just say that they, themselves have the data. There's no need to show the rest of the world all of that PRIVATE data.

Because no one would believe them if they didn't post it. Pics or it didn't happen. Heck, even with posting it people were doubting it was real at first.

/M

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

LOL at people applauding antisec...

Anonymous does this only when they find targets that have known vurnerabilities. They aren't real hackers, and they aren't your friends. If they could, they'd hack and release on pastebin all of your credit cards, your ss, etc, and then do a PR campaign about how they are 'for the people'.
lcnoble
join:2006-11-11
Nancy, KY

1 recommendation

lcnoble

Member

Training, Training, and more Training, and some more!

12,367,232, that is a lot of training!

What was/or what can, the FBI really do with this specfic information?

Eddy120876
join:2009-02-16
Bronx, NY

Eddy120876

Member

The problem is

that nobody in antisec is willing to safe guard your info once they collected. I have a feeling we will see those ss and credit card numbers being sold over the net so they can cover their cost. Sad when we have to side with no one. FBI some hate because they are seem as above the law but if you forgot about the patriot act you know they are just doing their job. Antisec well they don't follow any law enforcement or are your friend so I wonder how would they behave now.