{"id":813,"date":"2012-09-06T01:37:10","date_gmt":"2012-09-06T07:37:10","guid":{"rendered":"http:\/\/ubune.com\/blog\/?p=813"},"modified":"2012-09-05T07:37:50","modified_gmt":"2012-09-05T13:37:50","slug":"hackers-claim-to-have-obtained-12-million-apple-ids-from-fbi","status":"publish","type":"post","link":"http:\/\/ubune.com\/blog\/2012\/09\/06\/hackers-claim-to-have-obtained-12-million-apple-ids-from-fbi\/","title":{"rendered":"Hackers claim to have obtained 12 million Apple IDs from FBI"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/www.japantoday.com\/images\/size\/x\/2012\/09\/photo_1346768005188-1-0.jpg\" alt=\"\" \/><\/p>\n<p>A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking, but the FBI said it never had the data.<\/p>\n<p>The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers on Monday purported to be part of a larger group of 12 million obtained from an FBI laptop.<\/p>\n<p>The FBI initially had no comment on the reports, but later in the day issued a statement which cast doubt on the purported data breach, saying it never had the data in question.<\/p>\n<p>\u201cThe FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device identifiers) was exposed,\u201d the US Federal Bureau of Investigation said in a statement.<\/p>\n<p>\u201cAt this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.\u201d<\/p>\n<p>A tweet from the FBI press office said: \u201cWe never had info in question. Bottom Line: TOTALLY FALSE.\u201d<\/p>\n<p>Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, said on Twitter that the leak \u201cis real\u201d and that he confirmed three of his own devices in the leaked data.<\/p>\n<p>\u201cAlso notice that they claim to have full name, addresses, phone numbers etc\u2026 Big ouch!\u201d he tweeted.<\/p>\n<p>Apple did not immediately respond to a request for comment.<\/p>\n<p>The fact that some user data was breached prompted a flurry of comments, some suggesting that the government or Apple was implicated in a vast invasion of user privacy.<\/p>\n<p>Aldo Cortesi, a security consultant living in New Zealand, called the incident \u201ca privacy catastrophe.\u201d<\/p>\n<p>\u201cThe vulnerabilities ranged from de-anonymization, to takeover of the user\u2019s gaming social network account, to the ability to completely take over the user\u2019s Facebook and Twitter accounts,\u201d he said on a blog posting.<\/p>\n<p>One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs).<\/p>\n<p>Johannes Ullrich of the SANS Internet Storm Center said it was difficult to verify the report.<\/p>\n<p>\u201cThere is nothing else in the file that would implicate the FBI. So this data may very well come from another source. But it is not clear who would have a file like this,\u201d he told AFP.<\/p>\n<p>Ullrich said it is unclear why the FBI, if the report were true, would have the data.<\/p>\n<p>\u201cThe size of the file\u2026 would imply a widespread, not a targeted tracking operation, or the file was just kept in case any of the users in the file needs to be tracked,\u201d he said.<\/p>\n<p>\u201cThe significance of this breach very much hinges on the source, which as far as I know, hasn\u2019t been authenticated yet. The data is, however, real based on some of the reports that people do find their own UDID in the file.\u201d<\/p>\n<p>In the posting, AntiSec said the original file \u201ccontained around 12,000,000 devices\u201d and that \u201cwe decided a million would be enough to release.\u201d<\/p>\n<p>The group said it \u201ctrimmed out other personal data such as full names, cell numbers, addresses, zipcodes, etc.\u201d<\/p>\n<p>It said it posted the information to draw attention to Apple\u2019s practices, which allow users to be tracked.<\/p>\n<p>\u201cWe never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple,\u201d it said.<\/p>\n<p>It added \u201cwe have learnt it seems quite clear nobody pays attention if you just come and say \u2018hey, FBI is using your device details\u2026\u2019 FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME S\u2014-.\u201d<\/p>\n<p>The document posted on the website pastebin indicated that the data was obtained in March from the computer of an FBI Cyber Action supervisor through a \u201cvulnerability\u201d in the computer.<\/p>\n<p>Eric Hemmendinger, a security expert with Tata Communications, said that if an FBI computer from a cybersecurity investigator was hacked, it would be \u201ca pretty embarrassing scenario.\u201d<\/p>\n<p>Hemmendinger said the FBI\u2019s possession of the data would be surprising, but that it should not be a surprise that Apple and its rivals would have detailed information on its users.<\/p>\n<p>\u201cThis is yet another indicator that when you start to participate in social networking and applications that Apple and (Google\u2019s) Android have propagated, you are the asset that\u2019s being leveraged and monetized,\u201d he said.<\/p>\n<p>\u201cIt\u2019s yet another reminder that when you join the social network world, your footprints are not private.\u201d <\/p>\n<p>Photo: AFP<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking, but the FBI said it never had the data. The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/posts\/813"}],"collection":[{"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/comments?post=813"}],"version-history":[{"count":1,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/posts\/813\/revisions"}],"predecessor-version":[{"id":814,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/posts\/813\/revisions\/814"}],"wp:attachment":[{"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/media?parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/categories?post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ubune.com\/blog\/wp-json\/wp\/v2\/tags?post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}