September 4, 2012
1 Million Apple UDIDs Stolen From FBI Dell Computer
Michael Harper for redOrbit.com — Your Universe Online
Using a vulnerability in Java, a government laptop was hacked earlier this year and a file was lifted which is said to have contained nearly 12 million UDIDs. This breach could be quite serious, as UDIDs contain intensely personal information, such as device names, phone numbers and addresses, user names and zip codes.
AntiSec has said they´ve decided to only release 1 million of these unique identifiers, enough of the IDs to make their point. In a verbose manifesto, the hacking group Anonymous – which claims AntiSec as an extension or partner – gives links to sites where these UDIDs can be found, as well as instructions on how to hack into the file and gain access to this personal information.
Though this situation is incredibly dangerous, the hackers have said they´ve stripped out personal data such as cell numbers, full names and zip codes.
In their lengthy and wandering post, the hacking group has said some UDIDs contained a wealth of personal information, while some contained not much more than a zip code.
According to the group, the file containing some 12 million Apple UDIDs was stolen from a Dell Vostro notebook during the second week of March 2012. The computer was being used by a Special Agent Supervisor from the FBI's Regional Cyber Action Team.
Using the AtomicReferenceArray vulnerability on Java, the .csv file was downloaded from the Agent´s desktop folder and, according to the hacking group, no other file or folder was found which explained why the FBI needed to have this information. Now, the hackers are more or less holding themselves and any further interviews for ransom, and the terms of which are more than odd.
“To journalists: no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop.”
Anonymous takes plenty of time explaining their motives behind this attack, claiming their actions are both an attack against the FBI and a way to shed light on their actions.
According to this post, these hackers have taken great umbrage with the NSA´s General Keith Alexander´s appearance at this year´s Defcon in Las Vegas. Here, Alexander asked for the help of the hacking and security community to join the NSA and other government agencies to help protect the United States against cyber attacks.
A similar call was put out at an earlier conference just days before, Black Hat, by former FBI executive assistant director Shawn Henry.
“I implore all of you to be committed to your cause, because the stakes are too high. And I believe our failure to step up is a failure to society,” said Henry.
“Our failure to do so means people are going to get hurt and people are going to die.”
“Well... We got the message,” write the hackers, speaking of Alexander´s attempts to recruit them for “future cyberwars.”
“We decided we'd help out Internet security by auditing FBI first. We all know by now they make Internet insecure on purpose to help their bottom line. But it's a shitty job, especially since they decided to hunt us down and jail our friends.”
The Next Web has created a tool to determine if your UDID for your iPad, iPhone or iPod Touch has been released as a part of this leak. So far, no comment has been released by Apple or the FBI concerning this breach and leak.