Update: According to Computerworld, the FBI’s national press office denied in a brief statement that the 1 million unique Apple UDIDs posted by AntiSec on Monday had come from its computers. “At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data,” the agency said.
Members of the AntiSec operation got their hands on an FBI’s laptop and were able to hack the machine through Java vulnerability. Among the downloaded files was a list called NCFTA_iOS_devices_intel.csv containing over 12 million unique device identifiers (UDID) with personally-identifiable information.
The information contained by the list belongs to all iPhone, iPod touch, and iPad users. AntiSec released 1 milion of the UDIDs without cell numbers and addresses and a statement detailing the hack. Apparently, the ripped machine was the Dell Vostro of an FBI operative.
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”
AntiSec aimed with the publication of the 1 million identifiers only to draw users’ attention towards the fact that FBI is tracking U.S. citizens with mobile data, and it will not release other information unless:
“to journalists: no more interviews to anyone till Adrian Chen get featured in
the front page of Gawker, a whole day, with a huge picture of him dressing a
ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith
Alexander. go, go, go.
(and there you ll get your desired pageviews number too) Until that happens,
this whole statement will be the only thing getting out
directly from us. So no tutu, no sources.”