Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AntiSec obtained 12 Mil Apple device record by hacking FBI agent's laptop
09-05-2012, 02:13 PM,
#1
AntiSec obtained 12 Mil Apple device record by hacking FBI agent's laptop
September 4, 2012, 12:53 pm
Hackers Claim to Have 12 Million Apple Device Records
By NICOLE PERLROTH

8:00 p.m. | Updated Hackers released a file that they said contained a million identification numbers for Apple mobile devices, claiming that they had obtained it by hacking into the computer of an F.B.I. agent. The F.B.I. said it had no evidence that this was true.

The hacking group, known as AntiSec - a subset of the loose hacking collective known as Anonymous - posted copies of the file on Sunday and claimed to have a total of 12 million numbers for iPhone, iPad and iPod Touch devices, along with some phone numbers and other personal data on their owners. They said their goal in releasing a slice of the data was to prove that the F.B.I. used device information to track people.

While the leaked identification numbers appeared to be real, security experts said the release posed little risk. They said that without more information on the devices' owners - like e-mail addresses or date of birth - it would be hard for someone to use the numbers to do harm.

And the actual source of the file was not clear. The F.B.I. said in a statement that "at this time there is no evidence indicating that an F.B.I. laptop was compromised or that the F.B.I. either sought or obtained this data."

The F.B.I. has been a frequent target of so-called hacktivists, hackers who attack for political causes rather than for profit. In February, Anonymous hackers intercepted a call between the bureau and Scotland Yard. But the frequency of such attacks tapered off after several members of Anonymous and a spinoff group, LulzSec, were arrested in March.

Apple's unique device identifiers - known as U.D.I.D.'s - are 40-character strings of letters and numbers assigned to Apple devices. Last year, Aldo Cortesi, a New Zealand security researcher, demonstrated how in some cases U.D.I.D.'s could be used in combination with other data to connect devices to their owners' online user names, e-mail addresses, locations and even Facebook profiles.

"A U.D.I.D. is just a jumble of digits," said Jim Fenton, the chief security officer of OneID. "It is only powerful when it is aggregated with other information."

Security experts said the identification numbers appeared legitimate, and one number in the file matched that of a New York Times employee's iPad. "The structure and format of the data indicates this is a real breach," said Rob Rachwald, director of security at Imperva, a computer security firm. An Apple spokesman did not respond to requests for comment.

The hackers released only U.D.I.D.'s, a separate Apple-specific identifier and the device names that owners give their devices, like "Lori's iPad." Only a few identifiers were tied to e-mail addresses, apparently because the device's owner chose to use an e-mail address when naming it.

Apple stopped letting app developers take advantage of device identifiers last year, to make it harder for marketers to track its customers as they moved from app to app.

The hackers claimed to have obtained the file from the computer of Christopher K. Stangl, a supervisory agent of the F.B.I.'s Cyber Action Team. In 2009, Mr. Stangl appeared in a Facebook promotional video titled "Wanted by the FBI: Cyber Security Experts" that encouraged hackers to get involved with the F.B.I.

He was also one of 44 law enforcement agents invited to participate in the F.B.I.-Scotland Yard conference call that hackers intercepted.

But security experts said the file could have come from a number of places.

"There are a million ways this could have happened," said Marcus Carey, a researcher at Rapid7. "Apple could have been breached. AT&T could have been breached. A video game maker could have been breached. The F.B.I. could have obtained the file while doing forensics on another data breach."

In their statement, the hackers said they would not grant any interviews about the breach until a reporter for Gawker, Adrian Chen, posed for his employer's site, for a full day, in a ballet tutu with a shoe on his head.

On Tuesday evening, Mr. Chen complied. "There's me in a tutu," he wrote in a blog post with accompanying photos. "Get used to it because it's going to be up until around 6:30 p.m. tomorrow."
[Image: conspiracy_theory.jpg]
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Record Your Police Encounters to the Cloud CharliePrime 0 521 05-05-2014, 03:53 PM
Last Post: CharliePrime
  Apple accused of $74bn US tax evasion mexika 1 614 05-22-2013, 06:02 AM
Last Post: fujiinn
  Apple earnings surge on blow-out iPhone sales yeti 2 590 01-25-2012, 11:37 AM
Last Post: Hans Olo
Photo Microsoft vs. Apple Infographic Details Rivalry from Inception to Global Domination FastTadpole 0 720 06-24-2011, 04:44 AM
Last Post: FastTadpole
  Apple support company sues customer for complaining drummer 0 849 01-03-2011, 01:38 AM
Last Post: drummer
Information Banks Attempt to Censor Academic Publication that Details SmartCard Chip and PIN Exploit Device FastTadpole 1 1,755 12-28-2010, 01:41 PM
Last Post: ragamuffin
  Veil Lifts Slightly on Appleā€™s Secret Plan to Control the Universe h3rm35 0 571 03-10-2010, 09:50 PM
Last Post: h3rm35
  Hacking human gullibility with social penetration-We don't need no stinking exploits h3rm35 0 659 03-05-2010, 11:25 PM
Last Post: h3rm35
  Everything you ever wanted to know about Xbox hacking - Cracking gameplay laid bare h3rm35 0 1,391 02-23-2010, 03:07 AM
Last Post: h3rm35
  Passive or Non Intrusive Hacking brainphreak 3 2,066 11-15-2009, 07:17 AM
Last Post: brainphreak

Forum Jump:


Users browsing this thread: 1 Guest(s)