JanSt

Anonymous released more than 1 million Apple Unique Device Identifiers

Hacking group Anonymous claims to have released a set of more than 1 million Apple Unique Device Identifiers (UDIDs) obtained from breaching the FBI.

The group indicated that the action was part of is AntiSec (Anti Security) campaign to steal and leak classified government and company information to expose security flaws.

I guess a "lulz" would be in/approriate? The IDs were allegedly taken from just one agent's laptop (password was password, I assume).
Anonymous are campaigning against government surveillance of its law-abiding citizens (guilty until proven innocent is the new motto, I'm told).

It's worth noting that "Anonymous" also leaked the Stratfor emails last year - only: they didn't. It seems. The Stratfor hack was apparently a job organised by Mr Monsegur - a hacker arrested and 'turned' by the FBI (his screen name was "Sabu")

Either way: Bad news for 12 million Apple ID holders -
Anonymous claims to have garnered over 12 million UDIDs, as well as associated personal information such as user names, device names, mobile phone numbers and addresses, according to US reports.

Via ComputerWeekly

Add a comment
19 comments

JanSt / MOD  Sep. 4, 2012 at 11:55

CHANGE your passwords frequently, folks. And there's no harm in using fake addresses. Register a prepay credit card, and throw it away after cutting it up. Then ONLY use iTunes vouchers. And don't sync your p*rn and Anarchists Handbook PDF to the cloud ;)

matt101101 / MOD  Sep. 4, 2012 at 12:31

And don't sync your p*rn and Anarchists Handbook PDF to the cloud
Ahh, that's where I've been going wrong all these years.

matt101101 / MOD  Sep. 4, 2012 at 12:34

guilty until proven innocent is the new motto, I'm told
Section 44 of the Terrorism Act 2000

I'll leave it at that and hope your curiosity and Google do the rest for you.

Pondlife  Sep. 4, 2012 at 12:35

More important than changing frequently is don't use the same password for everything.
It doesn't need a credit card to register. But it also doesn't say they have those anyway.

JanSt / MOD  Sep. 4, 2012 at 12:59

Well, pondlife, you're right. But if they have iTunes ID's and passwords, it's the safe assumption...

Pondlife  Sep. 4, 2012 at 13:13

It doesn't mention passwords either...

Treab  Sep. 4, 2012 at 13:32

guilty until proven innocent is the new motto, I'm told
Section 44 of the Terrorism Act 2000

I'll leave it at that and hope your curiosity and Google do the rest for you.


its repealed anyway ;)

JanSt / MOD  Sep. 4, 2012 at 13:35

pondlife, I'm on a phone now, so no link, but some articles mention passwords, too. Either way - it's a mission involving a lot of people... It IS safe to assume the worst.

JanSt / MOD  Sep. 4, 2012 at 13:38

Matt, yep, repealed or not... The mood is just right. Just as Tomlinson and Harford...

JanSt / MOD  Sep. 4, 2012 at 13:39

... Or O'Dwyer and McKinnon.

Pondlife  Sep. 4, 2012 at 13:41

Ah fair enough. Mission?

matt101101 / MOD  Sep. 4, 2012 at 13:49

guilty until proven innocent is the new motto, I'm told
Section 44 of the Terrorism Act 2000

I'll leave it at that and hope your curiosity and Google do the rest for you.


its repealed anyway ;)

The fact it was passed in the first place and it took a decade of it being abused by god-complex police officers for it to be declared illegal (which only happened thanks to EU intervention), is what's so worrying.

Also, it wasn't some knee-jerk reaction to a large terrorist attack which caused the act to be written, 7/7 was in 2005 and 9/11 (or 11/9, as the rest of world would have called it) was in 2001. Both events took place after The Terrorism Act 2000 was already in place, including, the now illegal, Section 44. It was a planned and calculated restriction of people's freedom in the UK under the guise of the yet to be named "War on Terror".

Treab  Sep. 4, 2012 at 13:53

agreed it's partially necessary but horrible as well...

still no where near as bad as the patriot act...

JanSt / MOD  Sep. 4, 2012 at 13:57

With matt on this one. Also: not many people want to acknowledge this: the groundwork
for the Patriot Act was done under Clinton and Reno. Various US law orgs and civil
rights groups called Waco and Ruby Ridge the trial runs...

matt101101 / MOD  Sep. 4, 2012 at 13:59

still no where near as bad as the patriot act...
True, I' not well versed in said Act, but I know it's extremely controversial.

agreed it's partially necessary but horrible as well...
Section 44 was NEVER necessary. Groundless stop and search turns even the most civilised state into a Police controlled fear-pit in which every citizen in guilty unless the Police say otherwise.

Pondlife  Sep. 4, 2012 at 21:43

App with connection to fbi suspected...

There is some speculation that an app developer, not Apple, released the dataset of 12 million device IDs to the FBI. Marco Arment of Instapaper writes on his blog that, “all of this information could have been collected from an app transmitting data to a server… This is exactly the information that an ad network would want to collect. Apple and the carriers probably weren’t involved at all.” He adds that the “popular and free AllClear ID app, related to NCFTA, is a likely culprit,” given the name of the dataset stolen by hackers (see below).

The NCFTA, or National Cyber Forensics and Training Alliance, is a non-profit partner with the FBI whose legal arrangement with the government allows it to hand over information to the FBI. Forbes privacy writer Kashmir Hill writes that NCFTA is not allowed to share names or addresses of people affiliated with the scheme. AllClear ID a free iOS app that aims to protect a user’s identity from fraud; it could not be reached for comment at the time of writing.

The inclusion of “Push Notification Tokens” in the data leak is another reason to believe the data came from an app developer. Apple’s Push Notification Service can decrypt these token using a key, according to its site for developers. This means that if an app developer (or developers) leaked the data, Apple could potentially identify them.


The agent said to be involved. Ooops

In a video posted to Facebook in 2009 (and which will likely be getting a lot more views in the coming days), Stangl is shown wearing a dark suit and tie, speaking to the camera, and calling for “cyber security experts” to join the FBI.
“Hello. My name is special agent Chris Stangl of the New York city field office of the FBI,” he says. “Today more than ever we need individuals with computer-science backgrounds to join the FBI. From a special agent that investigates cyber crime, or the computer scientist that is embedded in the cyber squad that analyzes malware.”


http://www.forbes.com/sites/parmyolson/2012/09/04/fbi-agents-laptop-hacked-to-grab-12-million-apple-ids-anonymous-claims/

JanSt / MOD  Sep. 5, 2012 at 21:18

So: Apple today said they didn't give the FBI any UDIDs, and the FEDs say Anonymous was talking LULZ... "we didn't haz those files"... Odd, odd, odd...
2 considerations:
a) the FBI facilitated the Stratfor hack (partly) and provided the infrastructure to "leak" the emails to WikiLeaks... so: can we trust them this time around?
b) Anonymous tellz lies... the campaign is intended to stir the public. To make them aware of corrupt media and an intrusive Big Brother...

Pondlife  Sep. 5, 2012 at 21:34

As the above says, Apple wouldn't need to give the fbi the user ids. Can see why the fbi wouldn't want to admit it but also that it could be inaccurate...

JanSt / MOD  Sep. 5, 2012 at 22:35

As the above says, Apple wouldn't need to give the fbi the user ids. Can see why the fbi wouldn't want to admit it but also that it could be inaccurate...

Exactly. And hey, Sabu still works for them ;) No doubt.... The whole thing could be a false-flag.

Email:

You don't need an account to comment. Just enter your email address. We'll keep it private.

Comment: