The FBI Was Tracking Over 1M+ Apple IDs, And AntiSec Just Leaked Them

The FBI Was Tracking Over 1M+ Apple IDs, And AntiSec Just Leaked Them

Earlier in this year, Apple shut down the unique device identifier or UDID as a valid way for developers to try to track users of their apps.

You have to wonder if they felt a storm coming, as today, the hacking group AntiSec has released more than 12 million UDIDs that they managed to recover from an infilitrated FBI laptop. And your device ID — along with everything you did with the iPhone, iPod touch or iPad associated with it — might just be one of them.

In a detailed but rambling announcement on Pastebin first posted on YCombinator, AntiSec described how they got the UDIDs:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Why did the FBI have a file with over one million UDIDs and associated details? AntiSec is the first to admit they have no idea, although they strongly insist the FBI was using the information to track American citizens.

AntiSec has released just a million of the UDIDs online, but they have stripped out all personal data like “full names, cell numbers, addresses, zipcodes, etc.” If you know your device’s UDID, that should be sufficient to find out whether or not the FBI was tracking you.

Gizmodo points out that the “NCFTA_iOS_Devices” reference in the filename of the leaked UDIDs could stand for the National Cyber-Forensics & Training Alliance, which “functions as a conduit between private industry and law enforcement.” Which may mean that Apple was very much complicit in supplying these UDIDs to the FBI.

Update: The Next Web has put together a handy little tool to see if your UDID was being tracked. Mine weren’t.

Related
  • cjschu

    Fuck the suits. A Scientist for President!

  • SamqSimson

    what Emma replied I am alarmed that you able to profit $4811 in 4 weeks on the internet. have you read this site(Click on menu Home more information) http://goo.gl/c3I8k

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his girlfriend and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , |