Hackers leak million iOS records pinched from FBI laptop

Records are real, but did it come from the FBI?

AntiSec has published a file they claim contains one million iOS ‘unique device identifiers’ (UDIDs) allegedly lifted from an FBI agent’s Dell laptop this March.

The hackers released portions of the file on Thursday but claim the original, said to be named “NCFTA_iOS_devices_intel.csv”, contained over 12 million UDIDs -- a 40 digit number that’s used for mobile advertising analytics.

The file allegedly from the FBI laptop is also said to contain user names, name of the device, device type, Apple Push Notification Service (APNS) tokens, post codes, mobile numbers, and another partially completed column containing personal details of people on the list.

The released version was “trimmed” of all details but the UDIDs, names attached to the device and APNS tokens, according to AntiSec.

Danish security researcher Peter Kruse says that the UDIDs are real, having cross checked his name against the iPhone and iPad UDIDs on the list. This does not, however, mean the file necessarily came from the FBI.

The hackers claimed to have used a Java flaw to acquire the file, which according to Errata Security researcher Robert Graham, fits the description of a zero day that was being exploited at the time Antisec claims it pulled off the heist.

“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his desktop folder, one of them with the name of 'NCFTA_iOS_devices_intel.csv'...” AntiSec states on the release notes containing a link to the edited file.

Stangl was one of 40 officers in a trans-Atlantic conference call that was leaked at the time of the hunt for LulzSec.

The name of the “NCFTA” could suggest a possible connection to the “National Cyber Forensics and Training Alliance”, an industry and law enforcement information sharing initiative that was established by an FBI agent in 1997.

Whatever the source of the file, Aldo Cortesi, a security consultant from New Zealand who has interrogated how app developers mis-use UDIDs, has called the leak “a privacy disaster”.

coder and security consultant Aldo Cortesi showed widespread misuse of UDIDs in amongst gaming apps, including that some game networks had linked UDIDs to Facebook profiles, meaning that they were no longer anonymous device identifiers.

“When speaking to people about this, I've often been asked "What's the worst that can happen?". My response was always that the worst case scenario would be if a large database of UDIDs leaked... and here we are,” wrote Cortesi.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts