Hackers Snatched 12M Apple Device IDs from FBI?

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
And the countdown until the FBI starts rounding up hackers begins in 3...2...1.

"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Click to expand...
 
it is curious why the FBI would have such a list

and his laptop was hacked via the java exploit, awesome
 
I thought the hackers were Anonymous? But yea, what purpose would this one individual FBI be doing with a whole bunch of UDIDs? That does raise a lot of security questions that I'm sure both the FBI and Apple have to answer for. Aren't UDID's used for app sort purchases?
 
Even though it says it has more than 12 million UDIDs, AntiSec says it settled on posting only 1 million, trimming out personal information such as full names, cell numbers, and addresses.
Click to expand...

Maybe they're just claiming to have trimmed it, but in reality that's all the list was in the first place.
 
Ashbringer said:
I thought the hackers were Anonymous? But yea, what purpose would this one individual FBI be doing with a whole bunch of UDIDs? That does raise a lot of security questions that I'm sure both the FBI and Apple have to answer for. Aren't UDID's used for app sort purchases?
Click to expand...

Seriously, I laugh it up when people like the comments here say "Well I wasn't expecting this..." our government is fucking retarded, how is this surprising?

You know all those dickwads at work that you find yourself asking "How the hell did he get a promotion?" or "Why the hell would they hire that dumb bitch?!"... Yeah, you act like that doesn't go on within our government :rolleyes:
 
night_2004 said:
When will companies learn to collect only the data absolutely required for their business to function?
Click to expand...

Which has fuck-all to do with the FBI running around laptops full of sensitive information on citizens?
 
kattana said:
it is curious why the FBI would have such a list

and his laptop was hacked via the java exploit, awesome
Click to expand...

i'm going to say apple and the FBI have some explaining to do. I am going to blame apple for such a list even existing. Apple just keeps fracking itself in the bum... burning all the good will it racked up over the years.
 
maxius said:
i'm going to say apple and the FBI have some explaining to do. I am going to blame apple for such a list even existing. Apple just keeps fracking itself in the bum... burning all the good will it racked up over the years.
Click to expand...

Yeah, it's funny that the company that brought us the big brother commercial is now becoming big brother.
 
maxius said:
i'm going to say apple and the FBI have some explaining to do. I am going to blame apple for such a list even existing. Apple just keeps fracking itself in the bum... burning all the good will it racked up over the years.
Click to expand...

Apple and its bum have nothing at all to do with harvesting natural gas. :(

Or are you talking about flatulance with respect to burning? :confused:
 
I'm more concerned with the FBI having such a list, and just how big it was, than the fact that it was stolen. Our gov't and the corporations that capitulate in this kind of information gathering on citizens needs a serious kick in the nuts. It's wrong on so many levels.
 
night_2004 said:
When will companies learn to collect only the data absolutely required for their business to function?
Click to expand...

It's the FBI, they gather as much information as they can, even the useless information...Although I find it amusing that it was a fairly high ranking official they nabbed the information from.

If your going to keep highly sensitive data, that could potentially screw you or undercover/black ops over, put it on a system that isn't portable, and isolated from the internal network as well as the outside world, I'm not IT security qualified yet, but that is one of the most obvious and primary rules for this kind of data.
 
I would think it goes without saying that one does not install Java on a machine that stores sensitive data....
 
Cyraxx said:
Seriously, I laugh it up when people like the comments here say "Well I wasn't expecting this..." our government is fucking retarded, how is this surprising?

You know all those dickwads at work that you find yourself asking "How the hell did he get a promotion?" or "Why the hell would they hire that dumb bitch?!"... Yeah, you act like that doesn't go on within our government :rolleyes:
Click to expand...

I worked for 2 years in a federal government 'contractor' capacity and even had the pleasure of attending their annual benefit conference. I can say with 100% certainty that you are pretty much spot on.
 
I'll ask the same thing already asked - Why does the FBI have such a list?
 
nbc news said:
Hacker counterintelligence
The Pastebin post claims that the UDIDs were stolen thanks to an Anonymous hack into the laptop of FBI agent Christopher Stangl, a member of a New York-based cybercrime task force.


Stangl has spoken publicly on matters of cybersecurity, appearing in February 2011 on a panel discussion on cybercrime attended by SecurityNewsDaily. Two years earlier, he starred in a FBI recruitment video posted on Facebook.

Stangl was also among 44 American and European law-enforcement personnel copied on an email, sent in January 2012, inviting recipients to join a conference call to discuss efforts against the hacktivist groups Anonymous and LulzSec.

Anonymous intercepted the email and used it to eavesdrop on and record the conference call, which they then posted online in February 2012.

According to yesterday's Pastebin post, hackers used a then-new Java exploit to get into Stangl's machine.

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java," the posting states. "During the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts."

"No other file on the same folder makes mention about this list or its purpose," adds the writer of the Pastebin post.

"CSV" is the Windows filetype associated with a list of comma-separated values, which separate database entries with a comma and can be read by Microsoft Excel and many other applications.

"NFCTA" may refer to the National Cyber-Forensics & Training Alliance, a Pittsburgh-based non-profit organization that, in its own words, "functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cybercrime."

Advertise | AdChoices
It is not clear why an FBI agent would have a database of 12.4 million iOS device UDIDs on his laptop, nor why the NFCTA would have provided them to him.
Click to expand...

Source: http://www.nbcnews.com/technology/technolog/hackers-leak-1-million-apple-device-ids-977988
 
I can't and won't reveal specific details but once I was sitting on a curb outside my work, and my car keys fell out of my pocket when I was waiting to get picked up.

Someone from a "unnamed" government agency down the street gave me a call. He told me he had my keys to my car. I couldn't meet him, but he could meet me and hand them back. He told me the spot.

To give you an idea, I don't have my fingerprints on file (never been fingerprinted), and my keys had no identifiable information other than the key imprint which would be specific to my car....

That was about 8 years ago folks.
 
wtiger said:
I'm more concerned with the FBI having such a list, and just how big it was, than the fact that it was stolen. Our gov't and the corporations that capitulate in this kind of information gathering on citizens needs a serious kick in the nuts. It's wrong on so many levels.
Click to expand...
Don't worry...taking away individual privacy is just to preserve the freedom of, as Sean Hannity puts it, the greatest country God ever created.
 
My phone's UDID is thankfully not there.

Why does the FBI have this list again?
 
techrat said:
If you read the text, it's a 1mil truncation of the original 12+mil list.



You guys are asking the wrong question.

WHY DID APPLE GIVE THEM THE LIST IN THE FIRST PLACE?
Click to expand...

Oh look, Mr. conspiracy theorist.
 
Its probably best not to do any serious speculation about if or why such a thing exists.

I'm totally going with it being current and former WoW players. They're unstable people and if they own iPhones with WoW apps on them, then they're probably a danger to society.
 
Biggrich76 said:
Cyraxx said:
Seriously, I laugh it up when people like the comments here say "Well I wasn't expecting this..." our government is fucking retarded, how is this surprising?

You know all those dickwads at work that you find yourself asking "How the hell did he get a promotion?" or "Why the hell would they hire that dumb bitch?!"... Yeah, you act like that doesn't go on within our government :rolleyes:
Click to expand...
I worked for 2 years in a federal government 'contractor' capacity and even had the pleasure of attending their annual benefit conference. I can say with 100% certainty that you are pretty much spot on.
Click to expand...

I would like to 3rd this motion.
 
It makes me laugh that the only thing most people react to is the fact that the list was hacked.

What I want to know is WHY did the FBI have the list in the first place, WHAT are they using it for, and WHO gave it to them?

Those are the questions people should be asking.
 
SkribbelKat said:
For it's part, Apple is saying it didn't furnish a list to the FBI:

http://news.cnet.com/8301-13579_3-5...-not-give-fbi-or-any-organization-device-ids/

Also on C|Net...Farmville 2 looms large on the horizon.
http://news.cnet.com/8301-1023_3-57...resuscitate-virtual-farming-with-farmville-2/
Click to expand...
CNet said:
Thanks to Flash 11, FarmVille 2 features faster actions -- instead of clicking on each individual plot of crop, users can now drag the mouse cursor over an entire area to plant or water seeds.
Click to expand...
I can't wait!!!!
 
You must log in or register to reply here.
Back
Top