Anonymous Leaks 1M Apple Device UDIDs

Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim." Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"

So is apple...

[santax]

Going to explain why they gave all the UID of their devices to the FBI?

udid

[watice]

UDID's aren't allowed to be used by apple anymore. Well maybe not disallowed but strongly discouraged, & depreciated in ios5, as far as I can tell.

Only USA Apple ID's or others

[Anonymous Coward]

Was the leak only for USA ID numbers, or are we talking major criminal action in foreign countries here?

It's always tempting to think the USA is the world police, but Apple do not have immunity from foreign courts if they've been handing over data like that.

Re:Let's ignore...

[RMingin]

Ok, yes yes, the crazy mugger (cracker) was clearly in the wrong. That does leave the question of why an unconnected, shady character (the FBI) was walking around with everyone's paychecks (Apple info for which the FBI has no clearly demonstrated need).

Nobody is declaring Anonymous innocent, but why the HELL does the FBI need a list of UDIDs? Are they tracking TERRISTS via their iPhones now, or is it more likely that the FBI just likes reading your mail, watching you in the shower, and knowing all your passwords?

So which application?

[nweaver]

It sounds like this is a dump of data from an application vendor to the FBI: Apps have (in the past) used UUID for identification, and the push-notification tokens also suggest application, not apple, as the source.

So which application is responsible?

Everything is in place for Big Brother to step in

[dna_(c)(tm)(r)]

Review the permissions of the app. It can read and write contact information and it can take pictures and video, access phone state and identity, determine your location and record audio. At any time. Anybody actually read 1984? But at least Android tells you about it.

Re:So is apple...

[Sique]

Regulation does imply a more powerful goverment. If someone runs afoul the regulation, the government steps in and hands out punitive fees, prison time or exclusion from government contracts. This amounts to actively reign into formerly autonomous business processes or personal decisions.
Each regulation gives the government more power. Before the regulation, the government had no right to interfere. Regulation gives the right to the government. And each additional regulation forces the government to actively administer the regulation, and thus to add governmental jobs.
There is no point in regulation if there is no one to enforce it.

Solved question

[gmuslera]

I suppose that anonymous getting access to FBI computers (and making it public) answers the old question of who watches the watchers.

Re:So which application?

[Anubis IV]

The current theory (as mentioned by Marco Arment [marco.org]) is that it may be from AllClear ID's iOS app, given that AllClear officially joined the NCFTA [greensheet.com] in the second week of March. Since the leaked file's name had NCFTA in it, it's pretty clear that it came from the NCFTA, and it would make sense that AllClear would have started providing some data prior to when they actually announced they had joined, so that may explain (but certainly not justify) why someone had something like that on their desktop on the week of the attack.

If AllClear is indeed the source, that would be some rather delightful irony, given that they would be directly responsible for causing more damage to their customers than they will ever likely prevent.

Also, if AllClear sounds familiar, it may be because they were the the company providing a year of free identity theft protection to Sony customers after the hacks last year that compromised millions of PSN accounts.

Re:So is apple...

[anagama]

And then there is the judicial branch, which rolls over and asks the Feds to scratch its tummy at any mention of the State Secrets Doctrine.

There's a whole sordid history to the State Secrets Doctrine involving the deaths of three geeks in a military plane in the 50s and the Air Force covering up its negligence by claiming it would harm national security if an accident report was released. Decades later that accident report was declassified and showed nothing of any national security import -- just some lousy maintenance on the plane and failure to make manufacturer recommended upgrades. Had the widows been allowed to have it, they would have likely done well at trial. Anyway, keeping it secret enabled the Air Force to short change the widows by settling the case cheap.

http://www.thisamericanlife.org/radio-archives/episode/383/origin-story?act=2#play [thisamericanlife.org]

Oh yeah, and Obama is the worst offender in applying the state secrets doctrine. Just search for obama state secrets doctrine [google.com] --- the examples are ridiculously numerous for one who promised openness in government.