[Nevasleep]

Originally Posted by Xater:

That's what I wanted to ask as well. This should just be US devices right?

I doubt it, and it shouldn't be if they want it to be effective, whatever they use the information for.

[Mr Swine]

Originally Posted by Nevasleep:

I doubt it, and it shouldn't be if they want it to be effective, whatever they use the information for.

Wouldn't it be illegal for the FBI to have information on people that live outside of the US?

[Derrick01]

I'm assuming itunes doesn't have anything like this UDID shit right? That's the only Apple stuff I have. I don't remember having to sign up or anything, though I do remember them trying to get me to.

[Joni]

How do I find my UDID? Or does the iPod Nano 2005 not have that? I'm an iPhone noob.

[Jexhius]

There's a fair amount of charming naivety in this thread. Of course your government is going to use ever resource at it's disposal to monitor it's citizens. Most governments have been doing this kind of thing for quite sometime.

What is shocking about this is the (unverified) claim about how poorly secured the data in question way.

[gcubed]

did anyone come out and confirm this story yet? I mean, not to distrust hackers and all...

[Izick]

Originally Posted by The_Inquisitor:

I'm pretty sure it's tied to the device not your account.

Well, the only Apple device I have that would use an Apple ID is my Macbook Air, which I got like a week ago.

[Interfectum]

Originally Posted by Izick:

Well, the only Apple device I have that would use an Apple ID is my Macbook Air, which I got like a week ago.

Dude you're gonna get hacked. Accept it. Hide the kids and the wife.

[Nemo]

Originally Posted by Mr Swine:

Wouldn't it be illegal for the FBI to have information on people that live outside of the US?

LOL

[Rebel Leader]

Originally Posted by Interfectum:

Dude you're gonna get hacked. Accept it. Hide the kids and the wife.

They're hacking everybody out here

[Des0lar]

I'm shocked at how many people here are shocked that the FBI has such a file.

[iceatcs]

Download and printed. I'm saved.

[Izick]

Originally Posted by Interfectum:

Dude you're gonna get hacked. Accept it. Hide the kids and the wife.

Thanks for the help buddy. Anyone with any actual useful advice or information?

[giga]

This post was from about a year ago when Apple deprecated UDIDs in iOS 5. They're basically a unique serial number for every iOS device. Read it: http://corte.si/posts/security/udid-must-die/index.html

I'm not sure where the personal information in the file came from. No personal information can be obtained when a developer retrieves a device's UDID. I'm assuming that came from third parties (FBI, app developers, ad networks) attaching the information to the UDIDs.

Quote:

A UDID is a "Unique Device Identifier" - you can think of it as a serial number burned permanently into every iPhone, iPad and iPod Touch. Any installed app can access the UDID without requiring the user's knowledge or consent. We know that UDIDs are very widely used - in a sample of 94 apps I tested, 74% silently sent the UDID to one or more servers on the Internet, often without encryption. This means that UDIDs are not secret values - if you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information. One example is Flurry, a mobile analytics firm used by 15% of apps I tested, which can monitor application startup, shutdown, scores achieved, and a host of other application-specific events, all linked to the user's UDID. I recently showed that it was possible to use OpenFeint, a large mobile social gaming network, to de-anonymize UDIDs, linking them to usernames, email addresses, GPS locations, and even Facebook profiles. This post looks at the way UDIDs are used in the broader social gaming ecosystem. The work is based on a simple question: what happens if we swap our UDID for another while communicating with the network? There are a number of ways to do this - in my case I used mitmproxy, an intercepting HTTP/S proxy I developed which lets me re-write the traffic leaving a device on the fly. In most cases this was a simple matter of replacing one string with another, but two networks (Scoreloop and Crystal) prevented UDID substitution using cryptography. Unfortunately, both networks relied on the secrecy of key material distributed in the application binaries to every device. I have verified that it is possible to reverse engineer the application binaries to extract the key material and circumvent the cryptographic protection. The outcome of this experiment shows that social gaming networks systematically misuse UDIDs, resulting in serious privacy breaches for their users. All the networks I tested allowed UDIDs to be linked to potentially identifying user information, ranging from usernames to email addresses, friends lists and private messages. Furthermore, 5 of the 7 networks allow an attacker to log in as a user using only their UDID, giving the attacker complete control of the user's account. Two networks had further problems that compromised a user's Facebook and Twitter accounts - Crystal lets an attacker take control of a user accounts by leaking API keys, while Scoreloop partially discloses users' friends lists, even if they are private.

Originally Posted by Derrick01:

I'm assuming itunes doesn't have anything like this UDID shit right? That's the only Apple stuff I have. I don't remember having to sign up or anything, though I do remember them trying to get me to.

Correct.

Originally Posted by Joni:

How do I find my UDID? Or does the iPod Nano 2005 not have that? I'm an iPhone noob.

It does not.

Originally Posted by Izick:

Well, the only Apple device I have that would use an Apple ID is my Macbook Air, which I got like a week ago.

Only iOS devices.

Originally Posted by Mr Swine:

Wouldn't it be illegal for the FBI to have information on people that live outside of the US?

lol

[Izick]

So I don't need to sweat it? Thanks giga.

[calder]

For what it's worth I have an old Canadian iPhone4 that I use as an MP3 player and it's UDID was not on the list per the dazzlepod link. The phone would be almost about 1.5 years old.

[Joni]

Thanks Giga. Finally a hack where I don't need to change passwords.

[chickdigger802]

yeah, no reason to go panicking now. list is only 1/14 of the total list so even if ain't on this...

but looks like i've been right all along :P

They always watching you.

There is a reason why smartphone battery life are shit!

*tinfoil hat*

[jorma]

Originally Posted by giga:

I'm not sure where the personal information in the file came from. No personal information can be obtained when a developer retrieves a device's UDID. I'm assuming that came from third parties (FBI, app developers, ad networks) attaching the information to the UDIDs.

I'd like to suggest, judging by the filename, that this is what they do at the National Cyber-Forensics & Training Alliance

Quote:

The NCFTA functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cyber crime. In an effort to streamline intelligence exchange, the NCFTA will often organize SME interaction into threat-specific initiatives. Once a significant online scheme is realized and a stakeholder consensus defined, an initiative is developed wherein the NCFTA manages the collection and sharing of intelligence with the affected parties, industry partners, appropriate law enforcement, and other SMEs.

[Phoenix]

Originally Posted by MarkMclovin:

Mother of God.

If you have changed your phone, your UDID has changed as well. The UDID is NOT like YOUR social security number - that remains with you for life. The UDID is like the devices social security number.

[MetatronM]

Originally Posted by Mr Swine:

Wouldn't it be illegal for the FBI to have information on people that live outside of the US?

Apple is an American company, so I'm pretty sure the FBI's position would be that any and all business Apple conducts would be well within its jurisdiction. The FBI also participates in plenty of international investigations.

I wouldn't assume this would be restricted by nationality at all.

[Fiction]

Are there any news stories on this yet? Or is everyone not touching it?

Edit: Found one

http://gizmodo.com/5940183/antisec-l...ing-fbi-breach

[Zeppelin]

So, it seems Apple is feeding the FBI with information via this NCTFA then? Interesting but not all that surprising.

[Wario64]

Check to see if yours got leaked here:

http://pastehtml.com/udid

[ElectricBlanketFire]

So is this going to get mainstream attention?

[realraptor]

Originally Posted by ElectricBlanketFire:

So is this going to get mainstream attention?

The September event will.

[The Albatross]

Originally Posted by Mr Swine:

Wouldn't it be illegal for the FBI to have information on people that live outside of the US?

No.

[WeAreStarStuff]

The most amazing thing about all of this to me, is the amount of people amazed at the fact that the FBI would have this....

[Pimpwerx]

Originally Posted by WeAreStarStuff:

The most amazing thing about all of this to me, is the amount of people amazed at the fact that the FBI would have this....

I think amazed that one laptop has 12 million devices on it...unsecured. That's quite troubling. PEACE.

[FairyD]

Originally Posted by JAVK:

Heres an example from the iphonelist.txt file:

I'm outraged!

It took me a week to figure out how to wrap quotes around fields for a csv file.

[robertsan21]

This is great news that FBI got hacked, Apple is a fucking rotten egg for sure.

Doing the US bidding.

hopefully this will cause a shit stir regarding internet anonymity and all those fucking efforts to be able to monitor download information, people etc over the web that the MPAA seems so keen to be able for the government to do, hope this will make those plans burn a slow paintful death.

[ElectricBlanketFire]

I love the standard "hacker" art FoxNews uses:

[VegaNine]

Originally Posted by ElectricBlanketFire:

I love the standard "hacker" art FoxNews uses:

"Fucking webcam."

[StopMakingSense]

Originally Posted by @FBIPressOffice:

Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

.

[Buddha Beam]

Originally Posted by ElectricBlanketFire:

I love the standard "hacker" art FoxNews uses:

Silly Fox News. Everybody knows a real hacker would be using gloves AND a ski mask.

Originally Posted by StopMakingSense:

Originally Posted by @FBIPressOffice: Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

Is it sad that my first reaction to this is "what a load of bullshit"?

[nodle]

This is nothing new. Why do you think your phone has a camera and a mic? You even think turning it off is safe? They can still see and listen. The only real way is to remove the battery. Oh wait you can't on alot of the newer phones. I wonder why...

[OG Kush]

Originally Posted by ElectricBlanketFire:

So is this going to get mainstream attention?

Its on the frong page of AL Jazeera

[equap]

why are people freaking out about this? big deal.

[ReBurn]

The FBI probably loves the reaction gifs I save to my iPad.

[Queeg]

For anyone interested in some of what the FBI's been doing A talk by Susan Herman President of the ACLU

[A Pretty Panda]

Quote:

UDID

I did?

[The Power Of Snap]

Good thing i use private browsing.












:)

[Alphahawk]

So wait from what I understand it the passwords didn't get leaked. but is that because the hackers didn't get them or they just didn't release them?

[hirokazu]

I just call all my iOS devices the name of the device, LOL. What other potentially identifying info do they have?

[Trouble]

FBI is claiming it wasn't their computer that was broken into. Take that as you will.

Quote:

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

http://gizmodo.com/5940183/antisec-l...ing-fbi-breach
See update 3

[dkeane]

Originally Posted by Trouble:

FBI is claiming it wasn't their computer that was broken into. Take that as you will. http://gizmodo.com/5940183/antisec-l...ing-fbi-breach See update 3

They're not saying it wasn't their computer. They're saying there isn't any evidence that it was from they're computer.

[gcubed]

I find it a little strange that a fully detailed(and somewhat ridiculous) story from a hacking organization calling out someone who has butted heads with them in the past is taken at face value.

[Quick]

These are just US iPhones, right?

[Curtisaur]

The sheer carelessness and reckless disregard that comes with lazy complacency will never cease to amaze me I guess.

[PezDispenser]

I believe it's false, because if it was true, the FBI would totally admit it and own their mistake, they're cool like that.