Hack collective AntiSec claims to have broken into an FBI agent’s laptop and extracted what turned out to be a 12m long list of personal details from Apple devices, alleging that the federal agency had been tracking users. The document supposedly contains Unique Device Identifiers (UDID), usernames, name and type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, and other content; AntiSec has released 1,000,001 UDIDs (along with the device name/type) as a proof of hack.
According to the group, a remote exploit on the Dell laptop used by one FBI supervisor managed to pull out several files saved to the desktop. One of those files was a .CSV database containing a huge number of Apple device details, though no other mention of the purpose of that file was discovered on the machine.
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted [sic] on many parts. no other file on the same folder makes mention about this list or its purpose” AntiSec
However, that hasn’t stopped speculation as to the FBI’s intentions with the data. AntiSec suggests that it could be the basis of a tracking project, using Apple UDID codes to monitor individual users; it also claims that “it’s the right moment to release this knowing that Apple is looking for alternatives [to UDID].”
Not all of the records have all of the database fields filled in – some are limited to ZIP code – and it’s unclear where the FBI sourced the data from initially. The filename includes “NCFTA”, which is potentially the National Cyber-Forensics & Training Alliance, an organization which “functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cyber crime” and which “manages the collection and sharing of intelligence” between those groups.
Although app developers have access to some of the data included, it’s apparently rare that they would have full postal address details for individual users.