• United States



Did AntiSec snag Apple UDID list from FBI laptop via Java 0day exploit?

Sep 04, 20126 mins
AppleCybercrimeData and Information Security

Is the FBI tracking 12,367,232 Apple device users? AntiSec hackers who were unhappy about NSA Chief Gen. Keith Alexander recruiting at DefCon said, 'We decided we'd help out Internet security by auditing FBI first.' The end result was a leaked list of 1,000,001 Apple unique device IDs. President Obama's iPad is allegedly included on the list.

Is the FBI tracking 12,367,232 Apple device users? It is, according to AntiSec hackers who allegedly snagged the Apple device ID list from an FBI computer and then dumped the redacted digital dirt on one million to prove it. Some black hat hackers were unhappy after NSA Chief General Keith Alexander spoke at Def Con, recruiting hackers for future cyberwars and attempting to “seduce” hackers to improve Internet security. AntiSec hackers said, “We decided we’d help out Internet security by auditing FBI first.”

The list of over 12 million unique Apple device identifiers (UDID) allegedly came from FBI Agent Stangl’s notebook computer, back around the time LulzSec / Anonymous eavesdropped and recorded an FBI and Scotland Yard conference call conversation. The PasteBin post states:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Here are some portions of the AntiSec statement:

Errata Security dived into how the FBI might have been owned: “It’s not Chinese uber APT hackers,” but instead “mindless monkeys following a script.” Hacking into the FBI laptop may have been as easy as exploiting a Java zero-day that the Microsoft Malware Protection Center warned was floating around in March.

Microsoft recently warned that more malware is more frequently abusing Java issues. Oracle finally issued a security alert and released a Java patch to block the most recent zero-day exploits. That however was not soon enough for The Register’s Trevor Pott to avoid a total IT nightmare. He wrote, “Thanks ever so much Java, for that biz-wide rootkit infection.” He explained how to remove the highly sophisticated Zeroaccess rootkit and other nasty malware “friends” downloaded by Sirefef. It’s a good read, but be forewarned that it might give you an empathy headache. Some security professionals do not blame Oracle as much as they blame users and IT admins for lax security measures, claiming “as many as a third of Java users do not patch regularly.”

If you have not yet patched, then you might be careful about opening the new Microsoft Service Agreement email because “Important Changes to Microsoft Services Agreement and Communication Preferences” has a nasty phishing twin. According to the SANS Internet Storm Center, “The evil version of this email will subject victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant.” Microsoft Answers admits the evil twin uses the same template, but advises:

If you received an email regarding the Microsoft Services Agreement update and you’re reading your email through the Hotmail or web UI, the legitimate email should have a Green shield that indicates the message is from a Trusted Sender. If the email does not have a Green shield, you can mark the email as a Phishing scam. Do not click through the links in the email if you are not sure it is safe.

Now back to the AntiSec leak and lingering, sickening questions…such as why in the world the FBI would even have this information at all, nevertheless stored on an FBI Agent’s laptop? Does Apple hand over its user database? Did the leaked list originate from an Apple app developer? Did the FBI have a warrant to obtain the digital dirt on 12 million iPad, iPhone and other iOS users? Are 12 million people being tracked or potentially considered “you might be a terrorist if” suspicious? Or is any FBI involvement a lie? FBI involvement opens a plethora of privacy and surveillance questions. The Privacy Blog noted, “While 12 million is a big number, it is a tiny fraction of the over 400 million iOS devices sold to date. Still, that would represent a shockingly wide dragnet if these are all being monitored in some way by law enforcement.”

The Cult of Mac reported that this PasteHTML claims that President Obama’s iPad UDID is on the list of leaked Apple device identifiers. Holy cow, surely the President is above being considered suspicious! Perhaps it’s for security purposes? Here’s a link to AntiSec Pastebin statement, which says where you can download the leaked list. Otherwise, if you are concerned your Apple device may be listed, The Next Web has setup an easy tool so you can check.

**Update** The FBI tweeted that “We never had info in question” and the alleged hack is “Bottom Line: TOTALLY FALSE.” Then according to the official FBI statement, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

Like this? Here’s more posts:
  • Rise of the AI Overlord: Machines monitor, automatically detect suspicious behavior
  • Anonymizer tied to company selling TrapWire surveillance to governments
  • Owned in 60 seconds with ZackAttack: From network guest to Windows Domain Admin
  • Emerging technology: Cool or creepy innovation?
  • Microsoft raises privacy issues with tweaked TOS to share data across the cloud
  • Unblinking surveillance stare: Army’s 7-story flying football field-sized blimp
  • Virtual avatar CBP agent Elvis screens travelers for lies at the border
  • Citizen Lab discovers mobile malware: FinFisher spyware variants target smartphones
  • Leak Police have gone crazy: Danger Room under fire for leaking imaginary weapon
  • Microsoft & NYPD launch an all-seeing Big Brother crime & terrorism prevention system
  • WikiLeaks dumps Stratfor email dirt on TrapWire, a CIA-connected global spying system
  • Stealthy Wi-Fi Spy Sees You Through Walls Thanks to Your Wireless Router
  • Massive Leak: Project HellFire Hackers Dump 1 Million Accounts from 100 Sites

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.