12 Million Apple UDIDs, Phone #'s, & User Info Stolen From FBI Laptop; Released By Hacker

[Heist]

The real question here is WTF was the FBI doing with the private records of 12 Million iPhone users without a warrant or the owners consent!
Apple & the US Government shall be required to answer this question and do so immediately!




Hacker group Antisec has released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices tonight. The records reportedly came from a file found on an FBI laptop back in March.


During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.




The file that was found was said to contain over 12 million device records, including Apple UDIDs, usernames, push notification tokens, and in some instances, names, cell phone numbers, addresses and zip codes.

The group released 1 million of these records but stripped most personal information. The final release includes Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. "Arnold's iPhone") and Device Type (e.g. "iPhone"). MacRumors has been able to confirm that the UDIDs appear to be legitimate.

The source of the data is not entirely clear, though the type of data is typical for the kind of information an iOS app developer would collect to deliver push notifications to users. It seems an App developer or developers are the original likely source of the information, though no specific information is yet available. Right now there's no easy way to determine if your device's UDID was included in the list, beyond downloading the list yourself.

The actual implications of the leak, even if your UDID is found, aren't entirely clear. The UDIDs themselves are rather harmless in isolation. Apple has previously come under fire for the use of these globally identifying ids. The privacy risks, however, typically come from these ids being used across ad networks and apps to piece together a more complete picture of activity and interests of the user. But it was reported back in 2011 that by leveraging existing networks, information and even login access can be obtained from UDIDs. It's not yet clear if the released push tokens can be used in any manner.

Article Link: Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop

http://www.macrumors.com/2012/09/04/...om-fbi-laptop/

[BlackRoseSymphony]

If anyone wants to check if their UDID was compromised and was leaked, you can check here:

Here's how to check if your Apple device UDID has been compromised by the AntiSec Leak

[basicreece]

Fucking ridiculous!!
Do the governments not have enough information on us?
I hope all 12 million sue

[multipazz]

the article states that the "likely" origin of the data is from an app developer

so how many apps have had over 12 million downloads

I would point my finger at skype as the source

[BlackRoseSymphony]

Quote:

Originally Posted by basicreece

Fucking ridiculous!!
Do the governments not have enough information on us?
I hope all 12 million sue

They're never gonna stop, at least not until they have every piece of information about us that's feasible to acquire.

---------- EDIT ----------

Quote:

Originally Posted by multipazz

the article states that the "likely" origin of the data is from an app developer

so how many apps have had over 12 million downloads

I would point my finger at skype as the source

That would make sense. The new version (which I refuse to update to) requires you to update your contacts and other personal device information to Skype's servers, or else you cannot use their app.

[Heist]

If Skype turned out to be the culprit, Microsoft, who owns Skype, is going to have a anvil sized class-action lawsuit dropped on their head.

Under no circumstances should that level of information (personal phone numbers, contacts, etc.) be willingly shared with any government institution unless accompanied with a very limited and tightly defined subpoena record.

---------- EDIT ----------

Quote:

Originally Posted by BlackRoseSymphony

That would make sense. The new version (which I refuse to update to) requires you to update your contacts and other personal device information to Skype's servers, or else you cannot use their app.

I just noticed this!

I upgraded Skype earlier last week but didn't use it. I logged on to confirm what you wrote and precisely as you stated, it asked me to confirm that I wanted to store my contacts on Skype's "Secure" server.

I declined, and the program immediately logged me out and boot me back to log-in screen.

Why does Skype need access to my contact list and for what purpose? More to the point why do they want me to store my private device contacts on THEIR server?


Does anyone know how to downgrade? I want to go back to the previous version of Skype before they started instituted this absolutely bogus policy.

---------- EDIT ----------

Second update:
The Skype issue may not be as nefarious as earlier thought.
They said they are only asking to store your Skype contacts on their servers, which they already do.

Help for Skype: Why am I being asked to accept that my contacts are stored securely by Skype after updating Skype on my iPhone or iPad?
If you updated Skype on your iPhone or iPad and are signing in for the first time since the update, you will receive an alert asking you to store your contacts on our network.

This alert is there to make sure you’re aware of how we store your contacts. Nothing has changed in how Skype stores your information. We save your contacts on our secure servers so that you can access the same Skype contacts on any device that has a version of Skype installed. To continue using Skype as you always have done, simply accept the alert.

Remember, this only concerns your Skype contacts, not the contacts in your iOS address book.

[viphan]

Quote:

Originally Posted by Heist

If Skype turned out to be the culprit, Microsoft, who owns Skype, is going to have a anvil sized class-action lawsuit dropped on their head.

Under no circumstances should that level of information (personal phone numbers, contacts, etc.) be willingly shared with any government institution unless accompanied with a very limited and tightly defined subpoena record.

---------- EDIT ----------



I just noticed this!

I upgraded Skype earlier last week but didn't use it. I logged on to confirm what you wrote and precisely as you stated, it asked me to confirm that I wanted to store my contacts on Skype's "Secure" server.

I declined, and the program immediately logged me out and boot me back to log-in screen.

Why does Skype need access to my contact list and for what purpose? More to the point why do they want me to store my private device contacts on THEIR server?


Does anyone know how to downgrade? I want to go back to the previous version of Skype before they started instituted this absolutely bogus policy.

---------- EDIT ----------

Second update:
The Skype issue may not be as nefarious as earlier thought.
They said they are only asking to store your Skype contacts on their servers, which they already do.

Help for Skype: Why am I being asked to accept that my contacts are stored securely by Skype after updating Skype on my iPhone or iPad?
If you updated Skype on your iPhone or iPad and are signing in for the first time since the update, you will receive an alert asking you to store your contacts on our network.

This alert is there to make sure you’re aware of how we store your contacts. Nothing has changed in how Skype stores your information. We save your contacts on our secure servers so that you can access the same Skype contacts on any device that has a version of Skype installed. To continue using Skype as you always have done, simply accept the alert.

Remember, this only concerns your Skype contacts, not the contacts in your iOS address book.

That is why I refused to upgrade and changed the CFBundle to the latest version in iFile..

[multipazz]

there must only be a hand full of devs with 12 million downloads

angry birds
skype
.....

I will be easy for someone to find the original source of this leak

[73ullet]

Checked mine nope, and I use the newest version of Skype.

[BlackRoseSymphony]

Quote:

Originally Posted by 73ullet

Checked mine nope, and I use the newest version of Skype.

I checked mine, too. Mine wasn't compromised, and I'm not using the newest version.

I think it's safe to say that we can throw Skype out of the equation for this.

[multipazz]

but the list you are checking...

is that the full 12 million

or

just the 1 million that has been leaked to the public

[BlackRoseSymphony]

Quote:

Originally Posted by multipazz

but the list you are checking...

is that the full 12 million

or

just the 1 million that has been leaked to the public

The leaked 1 million. I'm not saying for sure that I'm in the clear, but as of now I am.

[Heist]

Quote:

Originally Posted by viphan

That is why I refused to upgrade and changed the CFBundle to the latest version in iFile..

What are the steps involved?

[BlackRoseSymphony]

Quote:

Originally Posted by Heist

What are the steps involved?

I'd like to know this, as well.

[multipazz]

so if we are checking only against a fraction of the list

we are not able to eliminate any dev

only with the full list can you find the source

[kingof9x]

Quote:

Originally Posted by Heist

What are the steps involved?

Quote:

Originally Posted by BlackRoseSymphony

I'd like to know this, as well.

open ifile and navigate to var/mobile/applications and find the folder that contains the skype app if you have names turned on in the ifile settings it will be easier to find the skype folder

then open the skype.app folder and find the info.plist

then scroll down to the CFBundleVersion string and change the version number listed to the most current version of the app.

now when your app phones home it will tell the server you are running the current version of the app

[King Kaos]

i use the latest skype and my UDID is not compromise but IT DOES NOT MEAN i am not safe.

microsoft, apple, even linux, facebook, google all are part of the CIA/NSA club.

military contracts own shares in microsoft and in return microsoft provides motherboards and chipsets to the defense department.
CIA/NSA uses backtrack linux for hacking and creating virus's
senators, presidents, kings etc etc all use MACS


freedom isnt free anymore and ever since the patriot act, we are all considered terrorist.

[l8ter]

So nothing new here to me .

Iam praying this for months already .

There is no anonymity for you and me . I don't even bother to check if iam affected by that leak iam awared that my datas are stored already somewhere else and by people i would never leave to them if i had a chance to prevent it .And you should get familiar with this idea too.No vpn , no hiding attempt works.If you hide your data stream you are an target of special interrest and further investigation worth.

Uhhh the threat to take microsoft to Justice court is as same as irrelevant to microsoft as if goofyphone wants to take apple to court .

I bet Bill is already scared as fuck about the sue.

[multipazz]

l8ter.. I am sure you are right !!!

I always thought sue was a little girl

[l8ter]

You know what i mean and tryen to say .