- dotTech - http://dottech.org -
12 million iPhone and iPad device IDs allegedly stolen from the FBI by hackers, FBI denies it all
Posted By Ashraf On September 4, 2012 @ 11:00 PM In iOS | 4 Comments
Hackers calling themselves AntiSec (aka LulzSec, Anonymous, etc.) have published online one million iPhone  and iPad  unique device identifiers (UDIDs). They claim to have another eleven million stashed away and say they stole the information from the FBI.
According to their online declaration , the hackers stole a file named “NCFTA_iOS_devices_intel.csv” from FBI Supervisor Special Agent Christopher K. Stangl’s computer. They claim to have remotely access Special Agent Stangl’s machine in March 2012 by exploiting AtomicReferenceArray, a Java  vulnerability that was discovered last year and patched by Oracle  in February 2012.
AntiSec claim “NCFTA_iOS_devices_intel.csv” contains a list of 12,367,232 UDIDs, with some UDIDs having accompanying information such as full names, addresses, and cell phone numbers. AntiSec says they removed all information aside from UDIDs for the one million they have published online so far, so as to protect the privacy of the device owners.
The FBI, for its part, has come out and denied the allegations, first on Twitter…
Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE.
…then through an official public statement:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
However, there are independent confirmations that at least some of the UDIDs AntiSec leaked online are real. Rob Lemos (a journalist) and Peter Kruse (“eCrime specialist”) both say their device UDIDs appear in the list. So, then, the question is where exactly did the UDIDs come from?
It could be that the FBI is indeed collecting this information (why, we don’t know) and they are too embarrassed to admit they were hacked, hence the public denial. On the other hand, AntiSec could have attained this information from some other source (where, we don’t know) and just want to throw some egg on the FBI’s face by falsifying the truth. Sadly we likely won’t ever know the truth unless one side confesses.
Ignoring the truth for a second, let’s ponder on the two possible scenarios.
I’m not sure which scenario is better.
[via ArsTechnica ]
Article printed from dotTech: http://dottech.org
URL to article: http://dottech.org/78739/12-million-iphone-and-ipad-device-ids-allegedly-stolen-from-the-fbi-by-hackers-fbi-denies-it-all/
URLs in this post:
 Image: http://dottech.org/wp-content/uploads/2012/09/2012-09-04_212558.png
 iPhone: http://dottech.org/tag/iphone
 iPad: http://dottech.org/tag/ipad
 online declaration: http://pastebin.com/nfVT7b0Z
 Java: http://dottech.org/tag/java
 Oracle: http://dottech.org/tag/oracle
 Apple: http://dottech.org/tag/apple
 ArsTechnica: http://arstechnica.com/security/2012/09/1-million-ios-device-ids-leaked-after-alleged-fbi-laptop-hack/
© 2008-2012 dotTech.org | All content is the property of its rightful owner.