AntiSec, a faction of the hacktivist collective Anonymous, has released one million identity numbers for Apple devices, claiming they were taken in a hack of the FBI and represent evidence that the bureau is spying on citizens.
International Business Times reports AntiSec stating in its release of these Unique Device Identifiers (UDIDs) that the database includes information like zip codes, cellphone numbers and addresses. AntiSec only released the UDIDs, not this more personal information associated with the identifier.
AntiSec also threatens having information for 11 million more UDIDs. It states that it only released one million of these as it felt that would “be enough” to get users’ attention.
Hacker News describes how the information was allegedly retrieved:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.
Gizmodo points out this file could stand for the National Cyber-Forensic & Training Alliance, which is “a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cyber crime.”
Commenters on the Hacker News thread discuss the potential for this information being gleaned from the database of an app developer. CNET reports app developers previously had access to Apple UDIDs, but the company has been beginning to restrict access to this information.
In addition to wanting to draw attention to information the FBI allegedly had, AntiSec states the leak was also to show users the “bad decision” by Apple to use UDIDs due to vulnerabilities such as this. One commenter on Hacker News said that “a large UDID database leaking would be a privacy catastrophe.”
At least one commenter in Hacker News claims to have found their own UDID in the list and now wonders why as a citizen in the U.K. the FBI would allegedly have the number.
Gizmodo notes the odd request by AntiSec, which is before granting interviews it wants Gawker to post a non-photoshopped picture of Adrian Chen wearing a “ballet tutu and shoe on the head.” This request, Gizmodo states, “[gives] you some sense of the type of people who have access to all your vital data.”
The tech site The Next Web has created a tool for you to see if your Apple ID was among the 1 million leaked. Check it out here.
Update: The FBI has responded to say none of its computers were compromised in this attack (via SlashGear):
“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
Featured image via Shutterstock.com.