A hacktivist group associated with Anonymous claims it has lifted over 12 million Apple Unique Device Identifiers (UDIDs) from an FBI computer and released 1 million of them as an archive. The leaked data includes names, phone numbers and addresses.
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,” boasts the hacking group.
AntiSec’s archive lists 1,000,001 profiles including user names, devices names, cell phone numbers and addresses. The data was originally picked from Apple iOS devices, namely iPhones, iPads and iPods.
Anonymous and Co. enjoy interfering with the US Federal Investigative Bureau; several arrests in their ranks have only boosted the hactivists’ efforts to that end. The group has even been reported to have eavesdropped on the FBI’s anti-Anonymous meeting.
The group’s cause is to attract users’ attention to the possibility the FBI might be breaking into computers to track them. Exposing hundreds of personal IDs, AntiSec says they seek to make a wider and lingering impression.
“We have learnt it seems quite clear nobody pays attention if you just come and say ‘Hey, FBI is using your device details and info’,” the group posted.
Web discussions following the leak immediately took on a degree of astonishment mingled with anger.
“What’s the FBI doing with over 12 million iPhone user details? Mass tracking & surveillance? Are there no more limits?” Kim Dotcom, a co-founder of the Megaupload resource, told his Twitter followers.
Not all of the stolen data was exposed, though, the group says. In the message describing the results of the original lift, AntiSec provides a much longer list of personal details.
“During the shell session some files were downloaded from [Stangl’s] Desktop folder; one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices, including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cell phone numbers, addresses, etc.”
On the other hand, experts point out that the stolen data would make a valuable gain for spammers and “phishers”. The exposed users may fall victims of a targeted campaign and receive fraud links in emails designed to look as if they come from Apple. Public profiles and even credit card details may get stolen as a result. Web teams, such as The Next Web, responded almost immediately with tools to check if a device has been affected by the leak.
The FBI has since denied the claim made by the hactivist group, that a leak took place. It also rejected the accusation that it accessed 12 million Apple IDs.
In a statement the FBI said they were “aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
Meanwhile, reports emerge that Special Agent Christopher K. Stangl, whose laptop was reportedly hacked by AntiSec, once made a promotional appearance in an ad encouraging hackers to get involved with the FBI. In a 2009 video titled “Wanted by the FBI: Cyber Security Experts”, Strangl calls on “individuals with computer science backgrounds” to join the agency as a part of the cyber squad or cyber crime investigators.