EPT During the second week of March 2012, a Dell Vostro notebook, used by
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. Source
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. Source
Antisec has leaked 1,000,001 of these Apple Unique Device Identifiers online from a file an FBI agent had on his Desktop. Obviously this is a blatant disregard for privacy by the FBI, but the question is how did they get this information? People at hackernews postulate the FBI got the database from an App developer. They also guess, "the NCFTA in 'NCFTA_iOS_devices_intel.csv' looks like it stands for the National Cyber-Forensics & Training Alliance, which "functions as a conduit between private industry and law enforcement." (http://www.ncfta.net/)"
Antisec goes on to say,
"We have learnt it seems quite clear nobody pays attention if you just come and say 'hey, [the] FBI is using your device details and info and who... knows [why they are] experimenting with that'," the document read. "We could have released mail and a very small extract of the data. Some people would eventually pick up the issue but well, let's be honest, that will be ephemeral... Eventually, looking at the massive number of devices concerned, someone should care about it."
What's everyones thoughts on this? Conspiracy theorists don't go too nuts. Yes, it's a obvious privacy breach, but the US Gov't aren't Reptilian Humanoids who can transform.
Interesting facts
Top device names:
42797 'iPhone'
5191 'iPod touch'
3136 '“Administrator”的 iPad'
2202 '“Administrator”的 iPhone'
1534 'Owner’s iPad'
1453 ' iPhone'
1309 'Administrator’s iPad'
1196 'Administrator’s iPhone'
1141 'PdaTX.Net'
1058 'John’s iPad'
166 devices are named “Titanic” or “The Titanic” because of the “Titanic is syncing” joke.
42797 'iPhone'
5191 'iPod touch'
3136 '“Administrator”的 iPad'
2202 '“Administrator”的 iPhone'
1534 'Owner’s iPad'
1453 ' iPhone'
1309 'Administrator’s iPad'
1196 'Administrator’s iPhone'
1141 'PdaTX.Net'
1058 'John’s iPad'
166 devices are named “Titanic” or “The Titanic” because of the “Titanic is syncing” joke.
Links
How to find out your UDID
Has your iPhone been compromised?Check here
List of all 1 Mil UDIDs and an alternate link to check
If you want to lookup your UDID but are afraid to expose it, use partial search here
Forbes article
ZdNet Article
Cnet Article
Gizmodo article
Video of FBI Agent Chris Stangl
Did they get Obama's iPad?Some say yes
Download Links for IDs
http://www.mediafire.com/download.php?vkyeta7zytgqyhi http://freakshare.com/files/6gw0653b/Rxdzz.txt.html http://u32.extabit.com/go/28du69vxbo4ix/?upld=1 http://d01.megashares.com/dl/22GofmH/Rxdzz.txt http://minus.com/l3Q9eDctVSXW3 https://minus.com/mFEx56uOa http://uploadany.com/?d=50452CCA1 http://www.ziddu.com/download/20266246/Rxdzz.txt.html http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html
Edit:"What makes UDIDs important?"
They identify your own Apple devic as its a unique ID. The bigger part is the 12 million "user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses" the FBI collected along with UDIDs. Antisec released the UDIDs to gain attention to this collection of information and not the other stuff due to personal information.
