Feeds

back to article Hackers leak '1 MILLION records' on Apple fanbois from FEDS

Hackers have dumped online the unique identification codes for one million Apple iPhones and iPads allegedly lifted from an FBI agent's laptop. The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices. The 20-byte ID codes were, we're told, copied from a file extracted from the Dell …

COMMENTS

This topic is closed for new posts.

Page:

Trollface

oh noes!

so big brother IS watching.

Now on to something that's actually new please!

4
7

Re: oh noes!

Thanks for your input, Dan.

My question is, since all that has been released is apparently a simple list of IDs, why do we trust that these talented hackers didn't just invent the whole story?

Anyone with basic IT skills could generate a list of strings which fit a known format in a matter of seconds - how do we know they didn't do just that?

1
9
Pint

Re: oh noes!

What's more plausible- 1) The FBI is snooping on iOS Devices for some nefarious undisclosed reason or, 2) Some hackers made up this story for exactly what reason? Publicity? Attention? Ego? Doubtful. The FBI also is well known to have used a program named "Carnivore" to sniff this type of information off PC's. That they are paying this much attention to the entranced Koolaid drinkers of iOS, shouldn't surprise anyone.

2
2
Silver badge
Linux

Re: oh noes!

The first scenario sounds the most plausible.

2
1

Re: oh noes!

If you don't believe that a significant number of these kids are motivated by publicity and attention-seeking, then you clearly haven't been paying much attention yourself these last few months.

Still, it's more troubling that you appear to accept whatever you read on the internet without the slightest shred of critical thought or evaluation. This world must be a very confusing place for you to live in.

1
5
Anonymous Coward

But the bigger question is WHY.

>"by themselves they pose only a minimal privacy risk"

But why on earth should the FBI have a list of all those users in the first place? What the hell was going on there?

10
1

Re: But the bigger question is WHY.

Indeed. I was going to note that it covers roughly three percent of the US population, but I have a tough time believing that the list would only have iDevices owned by US residents in it.

3
0
Silver badge
Gimp

Re: But the bigger question is WHY.

But why on earth should the FBI have a list of all those users in the first place? What the hell was going on there?

Maybe it was an epidemiological study into outbreaks of fanboiism.

17
2
Holmes

Re: But the bigger question is WHY.

The data they've been gathering looks very much like it's being gathered by an app. So, have 12m people downloaded the FBI tracking app? Or is there an app out there that's basically a trojan for the FBI, or is a major (seeing as they have 12m downloads!) developer working with them or infiltrated by them?

Finding out which app was involved could be interesting ;)

7
0
Anonymous Coward

Game is afoot

Odds are, when the FBI had their DNS servers up in place of the large cluster of "DNS Changer" servers, they took advantage of the situation to gather information from anybody pointing to them.

0
0
Anonymous Coward

Re: But the bigger question is WHY.

IOS is the tracking app.

1
1
Anonymous Coward

Re: But the bigger question is WHY.

Because they might be communists, of course, silly!

4
0
Pint

Re: But the bigger question is WHY.

Or perhaps it is the type of free wheeling approach to civil liberties that Facebook is famous for?

0
0
Devil

Re: But the bigger question is WHY.

Remember that the stasi, the east german secret police, used to break into the homes of people they didn't like and steal their dirty underware and created an enormous collection of "smell samples" of people in case they ever needed to give hunting dogs a sent to track people.

This is no different.

6
0
Anonymous Coward

Re: But the bigger question is WHY.

Maybe this data had been sourced from the National Cyber-Forensics & Training Alliance (hence the filename) to assist current investigations, maybe investigations into LulzSec, Anonymous and others perhaps?

Maybe this data release is simply a smokescreen or diversionary tactic for those involved? Who knows? I don't.

0
0
Megaphone

Re: But the bigger question is WHY.

Apparently the leak comes from the popular AllClearID app, who work with the FBI and the NCFTA in particular.

Perhaps surprisingly it's an identity protection app...

0
0
Anonymous Coward

Re: But the bigger question is WHY.

Well with nearly 1% of the US population already incarcerated, there can really be only one explanation:

It's time to drive those numbers UP!!!.

Of course, we'll have to stuff all file-sharers and hacktivists into the same cells as drug users but they should get along just fine. Or maybe we can build some more prisons...... its the only way we will ever successfully compete with Chinese manufacturers again-

Whoops!! My UDID just popped up on that list.... gotta go.... it's time to buy a new iphone.

Anonymously...... I'm afraid

0
0
Anonymous Coward

No, it couldn't be DNSChanger

Odds are, when the FBI had their DNS servers up in place of the large cluster of "DNS Changer" servers, they took advantage of the situation to gather information from anybody pointing to them.

DNSChanger only infected Windows and Mac OS/X systems. Therefore the only systems pointing to the FBI's replacement DNS servers were infected Windows and Mac OS/X systems. Therefore this could not have been used as a mechanism to gain information about Apple portable iOS-powered devices.

0
0
Anonymous Coward

Amateurs

>Feds are walking around with data on at least 12 million iOS devices.

Drop in the ocean compared to Flurry tracking data from iOS devices - and I'm guessing you can't buy access to the Fed's data.

Flurry claims 1.4 billion app session reports or 1.5 terabytes of data [that's per day BTW].

0
0
Anonymous Coward

Usual Windoze FAIL

Seriously, not even the FBI can secure it?

2
14
Anonymous Coward

Re: Usual Windoze FAIL

I get that people don't like to read articles but "vulnerability in Java" is in the second paragraph.

20
2

This post has been deleted by its author

Silver badge
Devil

Re: Usual Windoze FAIL

http://pentestlab.wordpress.com/2012/03/30/java-exploit-attack-cve-2012-0507/

0
0

Re: Usual Windoze FAIL

I'm intrigued that the laptop may have had some kind of direct access to the outside world, making this attack much more likely. I'd have thought the Feds would have forced all network traffic to go back to base via a VPN. Sloppy security for a hgh profile outfit, Unless it was the bloke's personal laptop in which case he shold be fired instantly if not prosecuted.

3
0
Anonymous Coward

Everything Everywhere

Are we really surprised? The NSA allegedly collect everything that Americans do online, but they get round it by not looking at it without a warrant.

1
0
Silver badge

Anon....

Fanbois????

I like to think not

0
0

Where did the feds get the UDIDs? Are cell phone companies giving that info to them?

0
1
Anonymous Coward

Sounds like some game network sold it to them. Maybe OpenFeint, who were found to be de-anonymizing data last year.

Cell companies don't use UDIDs, they use IMEI which completely unrelated.

0
0

Ahh. Well thanks for the educational tip :)

0
0
Anonymous Coward

Interesting...

It's interesting that people jump to the conclusion that the Feds must be monitoring people, in a case about the alleged hacking of an Agent's laptop, where that agent was working on a case investigating the activities of Anonymous/Lulz Sec. My first thought was, the "black hat" hackers may well be the same people that are being investigated and have got wind of that, they then released a file which they'd obtained (and had subsequently been obtained by the FBI, from them) and left Internet conspiracists to jump to the conclusion that the feds are watching everyone, not investigating a bunch of Internet vigilantes, who've got your ID for who knows what.

1
2
Bronze badge
FAIL

Re: Interesting...

Did you hurt your brain coming up with that one?

1
1
Anonymous Coward

Re: Interesting...

But he has a very sound point, why "jump to the conclusion that the feds are watching everyone?"

It's far more likely the file was sourced from the NCFTA (judging by the filename). Of course, most of this story and thus most of the comments here currently hinge on the words of miscreants, vagabonds and thieves. I for one would be hesitant to take anything LulzSec, Anon or similar groups say at face value.

1
0
Anonymous Coward

Re: Interesting...

Otoh consider the history of the FBI, c. J. Eager Beaver. The question is: can a horse change it's spots mid-stream?

3
0
Silver badge
Black Helicopters

It would be nice for the hackers to publish a website where you could look up a UDID and see if it's on the list. They don't need to publish any further details, just a "you're on the list"or "you.re not on the list"

Funny how there are lists you want to be on and lists you don't want to be on...

2
0
Anonymous Coward

I don't want to be on any list.

maybe I'm paranoid?

1
0
Bronze badge
FAIL

Just by putting your I'd into such a site would mean you were on the list.

1
0
Silver badge
Trollface

Re: I don't want to be on any list.

Can I have your state pension then?

0
0
Bronze badge

Could this just be a release coincidentalnto apple trying to destroy competition? It could be to embarrass mac ios ithing fans or raise their hackles or even to to slow the release of the iphone 5. Or, to embarrass apple before the next trial - after all, it could be argued, if apple cannot innove security they way they enerv, um, innovate products, then why do they get to win a payent on an inherently trojaned phone? Sure, such a release could happen to SAMSUNG and pthers, but, this may force apple to delay product launch in October if millions of cloying fans and hundreds of thousands of DOD, government, and key business people demand better privacy.

Which beggs the question: google, wtf are you going to do about our android security? We can buy a Linux disc and by default our desktops and laptops are rooted. But, our phones? Oh, hell no! You and the advertisers cannot sleep knowing we could blachole adverts if android by default were pre rooted prior to sale. So, you force us without the skills or patience or money to pay soneone to be at risk and just trust you. Hell, twice, here in shanghai, my google chat stream had malformed urls injected between me and a friend in SK. I should not HAVE to have a VPN if i choose not to, but i should not have to tear out my fucking hair because on my own i cannot root my droid devices, cannot find cheap, capable firewalls and IDS tools, and cannot peoperly near-forensically collect info from my device (not the LAN/WAN) to prosecute the fucktards insinuating in my private messages or chat. Thanks a lot, google. What is really scary isnthat it is NOT necessary for me to CLICK the link since transparent overlays and underlays can be clickable ANYWHERE ON THE PAGE!

I won’t be surprised if such a disclosure happens to android devices in the near term....

2
4
Bronze badge

Optional, in fact...

google, you should be busy embedding VPN tools in ALL of your products to enable people to enjoy secure, privileged communications. You can still submit to a valid subpoena by a valid court, but leaving us exposed by default is laughingly anti "Do No Harm", if you ask me.

1
4
Anonymous Coward

Re: Optional, in fact...

Even if they do (my AT&T issued android phone does in fact have a VPN app installed by default), you've got the problem that every g*damn IT department on the planet has a different, non-interoperating (by design, because "security by obscurity" is always best) proprietary VPN solution foisted on them by the modern version of the snake-oil salesman: the enterprise IT security vendor/consultancy. To really get where you want (and we should be), the swamp that is enterprise IT would first need to be drained and the crap that became visible dredged out. Not likely, leastways in our lifetimes.

2
0
Pint

The iPhone 5 needs to be slowed. Apple is a bigger satan than Google. One must wonder why the FBI is more interested in iOS use than Android, or Blackberry, especially considering BB's more secure nature, but then again, BB10 isn't due for release until first quarter of 2013.

0
0

Still trying to unload that RIM stock, are we?

0
0
Bronze badge

Fair play.

Apple playing fair obviously charged the feds a big fat fee.

1
1
Anonymous Coward

Feds saving files on the desktop?

NCFTA_iOS_devices_intel.csv was found on the desktop, they say. So how did they effectively target him with the AtomicReferenceArray weakness, get the file and confirm that it was his file?

I'm having a look at the file now. It's that or a coffee break

0
0
Big Brother

@Velv

should they ask you for your name and credit card number on this site too?

0
0
Meh

.. and people think I'm paranoid for not giving Google my passport...

Apparently some people think that I'm being unreasonable for not sending Google a photocopy of my passport, document which in the long term is far far worse than your credit card in the wrong hands.

http://furbian.blogspot.co.uk/2012/06/my-google-walletplaycheckoutwhatever.html

Oddly enough, Amazon, Apple, Sony (PSN), Xbox Live are just some people I do have paid accounts with, and do not want a copy of my passport.

1
0
Anonymous Coward

Re: .. and people think I'm paranoid for not giving Google my passport...

Yeah. "Google's Plan for Total World Information Dominance".

Step 1: Create database containing images of all customer passports.

Step 2: Lease data gathered in Step 1 to U.S. and other interested national governments.

Step 3: Provide access to same data provided to governments in Step 2 to major banks and Fortune 500 corporations on a subscription basis.

Step 4: Create new product allowing customers to opt out of information sharing already done in steps 2 and 3 with no guarantee of effectiveness.

Step 5: Persuade governments referred to in Step 2 above to declare themselves allies of the Eastasia by refusing to renew their subscriptions to our data.

Sounds like a "really neat plan", doesn't it?

Now if we could just get a declaration that every bit of info about you is your own personal property, and then impose a minimum statutory transaction fee on every scrap of that data shared with third parties, say 5 cents a field, payable to the subject of the data, then maybe we might slow that train down (a data rights enforcing ASCAP or BMI for mere mortals?). Anything short of that isn't likely to have much of an impact.

0
0
Anonymous Coward

Re: .. and people think I'm paranoid for not giving Google my passport...

The irony of hosting your gripe on Blogspot.... LOL

0
0
Silver badge

Re: .. and people think I'm paranoid for not giving Google my passport...

Re: "Now if we could just get a declaration that every bit of info about you is your own personal property, and then impose a minimum statutory transaction fee on every scrap of that data shared with third parties, say 5 cents a field, payable to the subject of the data, then maybe we might slow that train down (a data rights enforcing ASCAP or BMI for mere mortals?). Anything short of that isn't likely to have much of an impact."

Exactly right. If legislators actually acted in our interests, something like this would go directly into law. I worked on a system for a while that would allow subjects of data to both give and revoke access whenever it pleased them on an element by element basis. It is possible to build a system that allows limited temporary access for legitimate purposes that expires upon use. Of course, such a system requires strong encryption and many roadblocks exist to prevent you from getting it.

0
0

Page:

This topic is closed for new posts.