could this be related to the previous apple hack investigation? On Tue, Sep 4, 2012 at 8:51 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > Not sure how much of this is true, but the FBI does have a history of > violations against US citizens. > > http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/ > > Hackers associated with Anonymous claim to have swiped more than 12 > million Apple iPhone and iPad device identifiers from an FBI computer. > > Someone using the banner of AntiSec — a 14-month-old joint operation > of Anonymous and LulzSec — posted a document to Pastebin on Monday > that contained links to around a million Apple unique device > identifiers (UDIDs). The anonymous poster said the release was > intended to highlight the FBI's alleged tracking of Apple customers. > > "We never liked the concept of UDIDs since the beginning indeed," the > post read. "Really bad decision from Apple. Fishy thingie." > > Every iOS device has a UDID. The number was put in place so developers > and mobile advertising networks could track user behaviour. However, > over the last year Apple has been phasing out apps' access to UDIDs, > as the numbers were sometimes being transmitted to third parties > without users' consent. > > According to the post, which was linked to from a well-known Anonymous > Twitter account, the hackers got into the Dell laptop of FBI special > agent Christopher Stangl during the second week of March this year. > Stangl works at the FBI's New York field office, and has been a > prominent face in the agency's cybersecurity recruitment efforts. > > AntiSec said the hack, which apparently exploited a Java > vulnerability, yielded a CSV file containing "a list of 12,367,232 > Apple iOS devices including Unique Device Identifiers (UDID), user > names, name of device, type of device, Apple Push Notification Service > [APNS] tokens, zipcodes, cellphone numbers, addresses, etc". > > 1,000,001 released > > The hackers said they were publishing 1,000,001 of the UDIDs and APNS > tokens as that was "enough to release". They stressed that they had > stripped out the other personal data held in the file, noting that not > all the listed devices have the same amount of personal data linked. > > "We have learnt it seems quite clear nobody pays attention if you just > come and say 'hey, [the] FBI is using your device details and info and > who... knows [why they are] experimenting with that'," the document > read. "We could have released mail and a very small extract of the > data. Some people would eventually pick up the issue but well, let's > be honest, that will be ephemeral... Eventually, looking at the > massive number of devices concerned, someone should care about it." > > The hackers added that it was "the right moment" to release the data > as Apple was currently looking for alternatives to the UDID system. > > "In this case it's too late for those concerned owners on the list," > the document read. "We always thought it was a really bad idea. That > hardware coded IDs for devices concept should be eradicated from any > device on the market in the future." > > The document, which is written in slightly broken English, has near > its end an insult about US presidential candidate Mitt Romney, written > in German. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list.
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
