Anonymous Leaks 1 Million Apple Device IDs
After members of LulzSec were taken down by the FBI, Anonymous fought back with #FFF (F*ck FBI Friday). The campaign would see attacks launched against the FBI and its affiliates every Friday. This went on for a while until Anonymous either lost interest or moved on to something else. The group seems to have started up #FFF again, but the FBI isn’t the only group involved this time.
The AntiSec branch of Anonymous posted a lengthy note on Pastebin yesterday detailing their latest exploit. It involves a lot of FBI baiting and the claim that they hacked a notebook owned by an FBI operative. Here’s the story:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
So, what did Anonymous do with the 12 million device IDs they allegedly obtained from an FBI agent? They published 1 million of them online to draw attention to what they see as warrantless tracking of US citizens by the FBI. They make it very clear that they aren’t in the business of compromising the security of regular users. They redacted all of the personal information from the alleged FBI document and only posted the device IDs.
Anonymous is also hoping their actions make Apple reconsider using device IDs with their iOS devices. They feel that it makes tracking people far too easy and they want to see an iPhone that makes it harder for Federal Agents to track.
Even with the removal of personal data, there’s still quite a bit of information contained in the dump. The Apple device IDs are joined by Apple’s Push Notification Service Tokens, Device Name and Device Type. Chances are that you’re one of the million that had your device ID leaked. The Next Web has set up a handy little Web site where you can check to see if your device ID is on the list.
We’ve reached out to Apple for comment and we’ll update this story if they get back to us.