FBI, AntiSec Spar On Apple IDs

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/attacks/fbi-antisec-spar-on-apple-ids/240006742

By Mathew J. Schwartz
InformationWeek
September 05, 2012

Does the release of one million Apple UDIDs (Unique Device 
Identifiers)--including device types and associated usernames--reveal a 
massive device-tracking operation involving the FBI, an attempt by the 
hacktivist group AntiSec to make the bureau look bad, or something in 
between?

For now, the related debate continues to rage online. The FBI, for its 
part, took to Twitter Tuesday to say that any suggestion that one of its 
agents was collecting or storing millions of UDIDs was "totally false" 
and that the agency "never had the info in question." In an official 
statement emailed to journalists, meanwhile, the FBI said that "at this 
time there is no evidence indicating that an FBI laptop was compromised 
or that the FBI either sought or obtained this data."

In response to the FBI's official statement, AntiSec noted via the 
AnonymousIRC channel that "this is far from denial," and continued to 
taunt the FBI. "Before you deny too much: Remember we're sitting on 3TB 
additional data. We have not even started," it said.

But is the leaked UDID data legit? AntiSec said via the Par:AnoIA 
website that the data "was involuntarily provided by Special Agent 
Christopher Stangl, whose notebook was breached by AntiSec in March 
2012," and that "among the data on his notebook was a file named 
NCFTA_iOS_devices_intel.csv which contained a list of 12,367,232 Apple 
iOS devices including Unique Device Identifiers (UDID), user names, name 
of device, type of device, Apple Push Notification Service tokens, ZIP 
codes, cell phone numbers, and addresses."

[...]


--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/