AntiSec breaches FBI laptop, grabs 12 million Apple iOS UDIDs

By Lee Kaelin on September 4, 2012, 9:59 AM

The Federal Bureau of Investigation is in the spotlight after Anonymous and LulzSec co-op AntiSec revealed it breached their security and extracted 12,367,232 Unique Device Identifiers (UDID) for Apple iOS devices from one of their agent’s laptops, raising concerns as to whether the federal agency is tracking users of Apple devices.

Update (9.5): The FBI is disputing these claims, having release an official statement assuring they have no information about a breach or that they possess this kind of data.

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

The rest of the original story is below:

To prove their claims Anonymous published the download links to one million and one UDID’s on Pastebin, along with the statement: “we have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, [the] FBI is using your device details and info and who... knows [why they are] experimenting with that’ [...] We could have released mail and a very small extract of the data. Some people would eventually pick up the issue but well, let’s be honest, that will be ephemeral... Eventually, looking at the massive number of devices concerned, someone should care about it.”

While the hacktivists trimmed out most of the personal information, the original unedited data contains the device ID and type, the name of the device, Push Notification tokens, and other personally identifiable details such as the owner's name, address, zip code, phone numbers and Apple username.  

AntiSec got access to the files via the “AtomicReferenceArray” Java exploit on the Dell Vostro laptop used by Supervisor Special Agent Christopher K. Stangl of the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team. The hackers claim the UDID content was in a large database file named “NCFTA_iOS_devices_intel.csv” saved in the user's desktop folder.

No other content on the laptop provided further evidence of its use, although the hackers suggest it could be enough basic information needed to start a tracking project. The filename is curious as well as it appears it could have come from the National Cyber-Forensics & Training Alliance, an organization that functions as an intermediary and data manager between the private industry and law enforcement agencies to “identify, mitigate and neutralize cyber crime.”

While it isn’t unusual for developers to have access to some of the data the UDID holds on each device, they don’t normally get access to the personally identifiable information it contains. AntiSec maintains they released the details purely to highlight the FBI’s alleged tracking of Apple customers.




User Comments: 27

Got something to say? Post a comment
Guest said:

Wow, is Apple giving out UUIDs to the FBI? How else did they get 12 millions of them?

2 people like this | inventix1136 said:

Hate saying it but if you are dealing with an American company, assume that they are giving your private information to FBI and other organizations freely and without a warrant since all it takes is one national security letter. Some volunteer even without the national security letters...

The amount of spying that U.S. does on it's own citizens makes the former KGB and former East Germany's STASI seem like amateurs, and the big difference is that in Russia and East Germany, people did not voluntarily give information, nor did the general population support the spying.

So the question to be asked, if we have the largest percentage of population in prison, the most police officers, and we spy more on our own people than most other countries combined, are we still the land of the free?

Tygerstrike said:

Really?? The FBI cares who has a Iphone? I thought all those conspiracy nuts were just that...nutz. I guess there is some truth to it all. Correct me if I am wrong, but doesnt the FBI having that information give then access to your phone? If I remember correctly you need all that info to remote access your device.

Oh and if Apple gave out that information, no amount of lawsuits that Apple files will save its sorry azz. The ppl and sheepl will rise up and tear that Apple apart right down to its core.

Neojt said:

Nah the iSheepsc wont do anything but find a good excuse for the beaviour. "Its not a its a feature" !

Nothing happend even after ppl learned that Apple was tracking all of its iphone and collecting data. But oh when google sniffs a unsecure WiFi while driving around NOW THATS a crime ..... so lame

3DCGMODELER 3DCGMODELER said:

Opsss some one leave there laptop out and unsecured at a Coffee shop at luch again??

Guest said:

I have a question. I am just starting to learn about IPv6, doesn't the last 24 bits of an IPv6 packet--the modified EUI-64--contain some of this information as packets are being sent from a users pc? I know it is going to be a lot easier for them (fbi, riaa, mpaa) to identify people when IPv6 is fully implemented just because of the the EUI-64. Sorry if I am misinformed, but like I said I am just learning about it now.

Guest said:

@Tygerstrike

I do find it adorable how you think it is all just a conspiracy from some whackos. In truth, it is real and I am glad AntiSec has come out with this information and I encourage them to do more to bring the truth forward.

The United States government has been bought, corporate America runs the show now and they don't give 2 S** about your rights. It's all about money and control.

As far as your "sheeple" term, it is outdated slang and you are no different than they are.

The general public is unaware of this website, this will not likely make headline news. The average joe ***** American will continue buying Apple's garbage or anything else mainstream while being completely unaware of the real truth.

Guest said:

Where are the civil liberties ? WTF he is doing these information and how they obtain these user information?

Sad day Who lives in EARTH and have a communication device. I dont think anybody in the world can be private anymore.

MilwaukeeMike said:

"So the question to be asked, if we have the largest percentage of population in prison, the most police officers, and we spy more on our own people than most other countries combined, are we still the land of the free?"

You whine a lot, but forget that for all this 'spying' we still have more freedoms than any place else on earth. Go to England and you'll see bananas thrown at black soccer players (and it's tolerated) go to France and you'll see laws prohibiting muslim women from covering their faces. Tell someone in Africa, the middle east, or anywhere in Asia that you're not free because you bought an iphone and your name is now on a list of people that own iPhones and they'd be so shocked they wouldn't even know how to respond.

We live in a country where if a cop knocks on your door you dont' even have to answer it if you don't want to. You guys complain about a list of names... you should be thankful for your 1st world problems.

Guest said:

"We live in a country where if a cop knocks on your door you dont' even have to answer it if you don't want to."

But the second you open the door, they put their foot in and don't leave even as you yell and cuss at them to get out. With or without a warrant. It's still their word over yours unless you have... MONEY.

spydercanopus spydercanopus said:

The FBI can remotely turn on your iPhone mic, camera, gps, etc.. even when it's turn off. Just google your way down the rabbit hole. Alex Jones can help you climb down it.

Guest said:

@MilwaukeeMike

"Go to England and you'll see bananas thrown at black soccer players (and it's tolerated)"

This incident happened at the Euro 2012 match Italy vs Croatia, hosted in Poland. Try looking at a map to see what part of "England" that is in, might take you a while.

It wasn't "tolerated" by anyone there, and would be no more tolerated in the UK, they would throw the person out, if caught.

No matter how you look at it, the FBI keeping a list of people with iPhones for no apparent reason is not acceptable. Kudos to AntiSec for bringing this to our attention, somebody needs to make sure that governments worldwide remain transparent, not just Americas.

Guest said:

"We live in a country where if a cop knocks on your door you dont' even have to answer it if you don't want to.

But the second you open the door, they put their foot in and don't leave even as you yell and cuss at them to get out. With or without a warrant. It's still their word over yours unless you have... MONEY."

This is absolute bosh. If you yell and cuss at officers going about their business, you deserve all you get. And their word over yours.... what, over you yelling & cussing? Grow up.

Guest said:

@inventix1136

With the KGB and STASI, you would have been dead 50 years ago!

Alexmx said:

"So the question to be asked, if we have the largest percentage of population in prison, the most police officers, and we spy more on our own people than most other countries combined, are we still the land of the free?"

You whine a lot, but forget that for all this 'spying' we still have more freedoms than any place else on earth. Go to England and you'll see bananas thrown at black soccer players (and it's tolerated) go to France and you'll see laws prohibiting muslim women from covering their faces. Tell someone in Africa, the middle east, or anywhere in Asia that you're not free because you bought an iphone and your name is now on a list of people that own iPhones and they'd be so shocked they wouldn't even know how to respond.

We live in a country where if a cop knocks on your door you dont' even have to answer it if you don't want to. You guys complain about a list of names... you should be thankful for your 1st world problems.

LOL, the irony... go to arizona and get pulled over because you look hispanic. Go to the airport and get your flight denied because your name is John Doe. Go to school but you first have to go through security scanner and a possible pat down, but hey! it is for your own sake =)

yep! that's your "freedom" right there!

MilwaukeeMike said:

@inventix1136

With the KGB and STASI, you would have been dead 50 years ago!

Exactly! You guys are scared of a list of names, but forget that the FBI doesn't actually DO anything. Do any of you watch the news? We don't have a problem in this country with the govt spying on us or arresting us for dissention. We have a problem with people walking into a movie theater or a temple and shooing the place up! Talk to someone from Aurora CO (movie theater shooting) or from Oak Creek WI (Sikh temple shooting) and ask them how they feel.

The people of Oak Creek want to know how a depressed unemployed Nazi was able to acquire a bunch of guns without anyone noticing and yet you guys are convinced we're all being watched. yeah... right.

Tygerstrike said:

@ 3rd guest poster

And I find it adorable that you dont even have the sack to sign up. Maybe the coloquialism is old news where you from but not where Im from. Second when you hear all the nutjobs I have to listen to. Everything from Aliens are implanting devices into our children to how the president wants to give America to Africa, you tend to dismiss the crazy ramblings to just that, crazy. Still doesnt change the fact that Apple had to give this information to the govt for them to have it. It also means that they have their hands and fingers in the cellphone carriers database. Both are an issue to me. Not that im doing anything wrong, just that it concerns me that they are keeping that information. If a bunch of hackers who do this for the people can get this information, whats to stop others from doing it as well.

TekGun TekGun said:

I'm not sure what to laugh at first , the FBI getting owned by AntiSec, Apple users getting owned by the FBI, or MilwaukeeMikes blinkered world view.

Darkshadoe Darkshadoe said:

I saw an update to this story somewhere. The FBI is denying this happened and are denying that they were collecting those Apple ID numbers. Might be worth an update Lee.

MilwaukeeMike said:

I saw an update to this story somewhere. The FBI is denying this happened and are denying that they were collecting those Apple ID numbers. Might be worth an update Lee.

'Never let the truth get in the way of a good piece of propaganda."

And you're right Alexmx... it's not truly free. But it's the best the human race has ever had and it's getting better all the time. Right now the most powerful man (Duh) and woman (Oprah - based on influence and earnings) in the country are African American. More women graduate college than men and states are starting to approve gay marriage. But hey, at least we can complain about iPhone lists.

Know the best way to stop those random pull overs and security checks? Have a cop with a camera follow everyone all the time. Think of how little crime there would if everyone was always watched. Lol, the irony, right? (I'm joking of course)

n5rmj n5rmj said:

So far, I have not seen any confirmed matches mentioned anywhere. I have checked several iOS devices and I have not found a match in the published list. This could be a hoax or a propoganda move by Antisec.

Uvindu said:

Just wondering, if the leaked UDID's are for real, then can't people use those UDID's to enable Non iPhone 4S users to use Siri on their Jailbroken devices. Curently they require UDID's from an existing iPhone 4S to use Siri with Apple servers (which kinda defeats the point) but if there are 1 million out there then some maybe from iPhone 4S's and can't they take those UDID's and enable Siri?

Sunny87 said:

Nah the iSheepsc wont do anything but find a good excuse for the beaviour. "Its not a its a feature" !

Nothing happend even after ppl learned that Apple was tracking all of its iphone and collecting data. But oh when google sniffs a unsecure WiFi while driving around NOW THATS a crime ..... so lame

Actually what google did was a crime because it's stealing bandwidth from others who are actually paying for it, if people actually read what they were doing when setting up new devices or mobile accounts/apps/software act about 90% of companies now collect anonymous data about you including Microsoft and Android apps, it's not illegal because you said "yes I agree" when supposedly reading the ToS agreement so technically you were told, but google went out of their way to actually steal bandwidth from unsecured WiFi connections.

Guest said:

Well apple may have little to do with any of this. They may just be victims. All these lawsuits may be a cohersive force to cow apple and bend it's will to the government. They did the same thing with Microsoft. That is how the government works. The target gets a whole bunch off lawsuits filed against and get too involved in suits and drowns in cases. And this is to get them to a point where they are approachable to hand over proprietary core os functions to a team of engineers that can tailor a method of tracking or also to engineer a registry structure like Microsoft where they use your own hard drive to store information about you. They use your own hard drive against you. Than you are encouraged to buy bigger hard drives because you can never have enough space. They need more space to store stuff about you. Where you been what you done. Everything data about you. The registry of windows stores everything about you. What devices you ever connected to your windows machine. What websites you ever visit on your computer. This is why I used to install windows every 6 months. This is the main reason a windows machine gets sluggish after a while for the registry gets huge. They talk about spyware. The windows registry is the spyware. You don't need anything else but that to know everything about any user ever used that machine. It seems to me that the Mac world is headed down the same road. And quicker then Microsoft. That is why the government allows Apple to be so anti competitive and no antitrust lawsuit has been filed since Apple seems to cooperate more. But then again they are not as big as Microsoft was. 85 to just a misly 5 bills. That is a whole lot of more Bills to mess with. The government I guess got smarter and started fitting Apple in their back pocket before they got huge and out of near bankruptcy. I really can't blame Apple they just like any other entity are trying to survive the assault. What I blame is people who vote these as h oes in office. Oh wait we don't vote FBI they are just recruiting in jails. The hackers they catch. To bad they don't learn that a hacker that gets caught ummm they are not as good as the Anon hackers that never get caught.

Guest said:

You know an unsecured wireless is as needy as your girlfriend that you just broke up with out in public space advertising on its own just looking to communicate with anything. So you talking to it is not stealing its just charitable behavior.

Guest said:

Apple freely gave these numbers to the FBI in exchange for a recent favorable "jury decision" by the American court system.

Guest said:

To undermine and humiliate (Antisec)

The point was to punish Apple and anyway you look at it this hurts Apple.

ryanb2145 said:

This is absolute bosh. If you yell and cuss at officers going about their business, you deserve all you get. And their word over yours.... what, over you yelling & cussing? Grow up.

So what your saying is if they walk in without a warrant simply because I open my front door to them, without them having probable cause, I deserve to have my privacy invaded? I hope you don't live in America.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.