[JAVK]

This is some serious shit:

http://pastebin.com/nfVT7b0Z

Here is a quote from the Pastebin:

Code:

  During the second week of March 2012, a Dell Vostro notebook, used by
  Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
  Team and New York FBI Office Evidence Response Team was breached using the
  AtomicReferenceArray vulnerability on Java, during the shell session some files
  were downloaded from his Desktop folder one of them with the name of
  "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
  devices including Unique Device Identifiers (UDID), user names, name of device,
  type of device, Apple Push Notification Service tokens, zipcodes, cellphone
  numbers, addresses, etc.

Another quote:

Code:

there you have. 1,000,001 Apple Devices UDIDs linking to their users and their 
APNS tokens.
the original file contained around 12,000,000 devices. we decided a million would be 
enough to release.
we trimmed out other personal data as, full names, cell numbers, addresses, 
zipcodes, etc.
not all devices have the same amount of personal data linked. some devices 
contained lot of info.
others no more than zipcodes or almost anything. we left those main columns we 
consider enough to help a significant amount of users to look if their devices 
are listed there or not. the DevTokens are included for those mobile hackers 
who could figure out some use from the dataset.

[quadriplegicjon]

What does this mean, in english?

[Bboy AJ]

I am that 1. Fuuuu

[The_Inquisitor]

Does this mean someone could maliciously send out push notifications to your phone?

I honestly have no clue what this means either.

[rozay]

Holy shit

[coldvein]

good thing i write everything on paper

[Salacious Crumb]

Why does the FBI have that info in the first place?

Shady shit.

[SRG01]

So, wait. The question I have is why on earth does the FBI have this list in the first place?

[Tabris]

The shocking part isn't that this was hacked, but the fact that this information was in a CSV file and not an encrypted database that needs authentication to view and request only access (record the search for the specific iOS device information) for auditing purposes.

Hell, my work has better security than that over sensitive information and we have less than 50 people.

[JAVK]

AntiSec says that they have removed the details from the UDIDs, and are only releasing 1 million of the 12 million UDIDs. But the more scary thing is that a FBI officer had this information stored on his laptop.

Over 12 million Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

There is information in the Pastebin which tells you how to download the actual file. I don't want to post it in this thread incase of ban.

[RukusProvider]

Well done hackers. Shame on FBi.

[rozay]

Originally Posted by SRG01:

So, wait. The question I have is why on earth does the FBI have this list in the first place?

Better throw away your smartphone and put your tinfoil hat on!

[badcrumble]

Glad this happened before I picked up my iPhone 5.

[Nevasleep]

Originally Posted by Salacious Crumb:

Why does the FBI have that info in the first place? Shady shit.

Yes, hopefully some tech websites will start asking questions.

[RukusProvider]

Originally Posted by Salacious Crumb:

Why does the FBI have that info in the first place? Shady shit.

http://en.wikipedia.org/wiki/Carnivore_(software)

FBI has been keeping an eye on things for decades. You really think there is no one watching?

[Fiction]

So, at this point, there is no way to tell if you are on the 12m database, and really nothing you can do security wise? This isn't as simple as changing a password.

[Atilac]

How can I check if my account is compromised?

[Izick]

Wait, so this went down in March? Just made an Apple ID like last Saturday.

[The_Inquisitor]

Originally Posted by Izick:

Wait, so this went down in March? Just made an Apple ID like last Saturday.

I'm pretty sure it's tied to the device not your account.

[Pimpwerx]

Originally Posted by SRG01:

So, wait. The question I have is why on earth does the FBI have this list in the first place?

Yeah...I'd like to know the answer to this too. PEACE.

[industrian]

Originally Posted by JAVK:

AntiSec says that they have removed the details from the UDIDs, and are only releasing 1 million of the 12 million UDIDs. But the more scary thing is that a FBI officer had this information stored on his laptop.

The even scarier thing being how easy this FBI officer allowed his shit to be compromised.

[rozay]

Originally Posted by Fiction:

So, at this point, there is no way to tell if you are on the 12m database, and really nothing you can do security wise? This isn't as simple as changing a password.

UDIDs are device specific.

[Balphon]

Anonymous really needs to hire a PR consultant.

[Devolution]

Quote:

downloaded from his Desktop folder

I bet he hides his porn better than this.

[coldvein]

wait, the FBI is tracking your smartphones? i never would have brought that up in a drunken conspiracy conversation like an hour ago. never.

[lexi]

In a CSV file, on his Desktop. Really? The FBI?

Hackers don't even need to be intelligent with incompetence like that.

[chickdigger802]

Originally Posted by SRG01:

So, wait. The question I have is why on earth does the FBI have this list in the first place?

cuz it's their job?

Why have this on someone's laptop though :/

[Mecha_Infantry]

Originally Posted by Salacious Crumb:

Why does the FBI have that info in the first place? Shady shit.

This is the question.....some shit makes me question the great leaders; Apple

[Dynamite Shikoku]

What does this mean? Have to change apple id or something?

[Devolution]

Originally Posted by Mecha_Infantry:

This is the question.....some shit makes me question the great leaders; Apple

To learn the musical preferences of terrorists.

[Timedog]

Originally Posted by Salacious Crumb:

Why does the FBI have that info in the first place? Shady shit.

This reply took WAY too many posts.

What is the significance of the Apple Push part, since I have no idea what Push notifications are.

[Fiction]

Originally Posted by Dynamite Shikoku:

What does this mean? Have to change apple id or something?

From what I am understanding, there's not really anything you can do.

[jambo]

Originally Posted by RukusProvider:

http://en.wikipedia.org/wiki/Carnivore_(software) FBI has been keeping an eye on things for decades. You really think there is no one watching?

But who watches the watchmen?

[xclaw]

Quite the pastebin. Interesting times.

[Trouble]

I'm really really trying hard to be surprised by the FBI having that data, but I'm not.

[rozay]

It's scary to think what a shitstorm this could've been had they released the personal information in the file.

[2 Slice Toaster]

I've tried reading through the link; have they substantiated the origin of this data through any means aside from providing a detailed backstory?

[Number45]

Does anyone know if anything malicious can actually be done with this information?

EDIT: Or is it "just" identity theft opportunities?

[numble]

Originally Posted by Fiction:

From what I am understanding, there's not really anything you can do.

Your UDID is guaranteed to not be in the list that AntiSec has if you use a device bought after they got the database.

[lexi]

Originally Posted by Number45:

Does anyone know if anything malicious can actually be done with this information?

Nothing too bad. It's more intended to alert people on how fucked up the FBI is than it is to actually inconvenience / steal info ala the PSN hack.

[Phoenix]

Originally Posted by The_Inquisitor:

Does this mean someone could maliciously send out push notifications to your phone? I honestly have no clue what this means either.

Push and potentially receive.

[FantasticMrFoxdie]

Gaddayuuum.

We live in an interesting/scary time.

[JAVK]

Originally Posted by Number45:

Does anyone know if anything malicious can actually be done with this information? EDIT: Or is it "just" identity theft opportunities?

They have only released the UDIDs and the name of the device, like Jeff's iPad.

But the information Antisec does have include names, addresses, etc.

[Wario64]

What a fuck up

[Fiction]

Originally Posted by numble:

Your UDID is guaranteed to not be in the list that AntiSec has if you use a device bought after they got the database.

I can't remember exactly when I got my iPad, but I think it was after March. So maybe. I am more interested in the possible repercussions.

[reilo]

Originally Posted by Timedog:

What is the significance of the Apple Push part, since I have no idea what Push notifications are.

Push Alerts are alerts sent to your phone using an internet service if you are subscribed to it via an app.

For example, you can set device-based notifications that are stored on your phone via an app like reminding you of a to-do item that you created via such an app. Or, you can receive a push notification via your app that the app provider sent you, ie, Facebook letting you know that someone replied to a post you were subscribed to.

[lexi]

Originally Posted by Fiction:

I can't remember exactly when I got my iPad, but I think it was after March. So maybe. I am more interested in the possible repercussions.

For the FBI, nothing. For the people revealing how fucked up the FBI's security is, maybe 30 years in prison.

[jokkir]

That's... a lot.

[JAVK]

Heres an example from the iphonelist.txt file:

[Fiction]

Originally Posted by lexi:

For the FBI, nothing. For the people revealing how fucked up the FBI's security is, maybe 30 years in prison.

I am also not really keen on AntiSec having my (and a ton of other peoples) personal information. Awesome of them not to release it, but it only takes one bad apple...