- Questions raised over why the FBI had the data, which is believed to include user names, device names and phone numbers
- Antisec group claims to have over 12 million IDs - but has not released the most personal data
By Mark Prigg
PUBLISHED: 06:02 EST, 4 September 2012 | UPDATED: 07:05 EST, 4 September 2012
Hackers claim to have released more than a million Apple device IDs obtained from the laptop of an FBI employee.
The AntiSec hacking group claims to have over 12 million IDs, known as Unique Device Identifiers, as well as personal information such as user names, device names, notification tokens, cell phone numbers and addresses.
It has released a million of them online - but has removed the most personal data.
Have claim to have obtained more than 12 million ID codes Apple uses to identify its gadgets, along with user names and password. The FBI was today facing major questions over why it held the data.
The hackers today issued a statement saying: 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java.
'During the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.
'The personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.
'No other file on the same folder makes mention about this list or its purpose.
It is believed the group published the numbers as it believes the FBI was using the details to track people.
However, before releasing the data, the group removed most of the personal details.
Graham Cluley of computer security firm Sophos believes the FBI now has serious questions to answer.
'Hacktivists are out to embarrass organisations, and it would appear the FBI were lax in storage of data.
'However, we have to be grateful they haven't published more personal information and held back data.
'I'm not sure that there is much harm in the data they have released in isolation, but questions have to be asked as to why the FBI had this information in the first place, and what they were planning to do with it.'
The move comes as Apple is believed to be putting the finishing touches to a launch event for a new version of its iPhone
The Antisec group has made the files freely available online.
'There you have 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens,' it said.
'The original file contained around 12,000,000 devices. we decided a million would be enough to release.
'We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc.
'Not all devices have the same amount of personal data linked, some devices contained lot of info, others no more than zipcodes or almost anything.
'We left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset.'
The group also defended its decision to release the data.
'well we have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info.
'So without even being sure if the current choice will guarantee that people
will pay attention to this.'
About Article Author