Wednesday Grok: 12 million Apple user IDs compromised
- 05 September, 2012 10:54
Twelve million unique Apple iPhone IDs have been stolen, a million of them have been released onto the Internet and hacker group Anonymous claims that the FBI has a copy of everyone’s Apple ID.
For its part, the FBI is disclaiming any responsibility, although it hasn’t yet explained what the IDs where doing on one of its notebooks in the first place. And all this at about the same time that Apple finally announced the launch date for the iPhone 5.
In a Facebook post, WikiLeaks (of which Grok is an unashamed fan and tiny financial contributor) says Anonymous (for whom Grok also shares a guilty respect) claims that all Apple iPhone IDs are held by the FBI. (Actually we doubt that bit — no government enterprise is that efficient). Here’s the link to the post if you want to read the whole thing, and if not here’s a sample to get you started.
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. The personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. No other file on the same folder makes mention about this list or its purpose.”
Before we all get too paranoid, Techcrunch tips a little bit of cold water onto the fire. “For starters, there’s no proof at this time that the leak came from the FBI, that personally identifiable info was also involved, that there are actually 11 million other records sitting in a spreadsheet somewhere, or that this is not the case of older data leak being re-released for any other reason than to simply stir the pot. Those are just Antisec’s claims. The data is being examined now by a number of industry and security experts, though, so we should eventually know whether we can rule out any other known leaks as the source.”
In a later post, Techcrunch also reported the FBI’s denials that there is any evidence the data came from one of its laptops. “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed,” reads the statement. “At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”
As the story pointed out, the FBI’s position is something of a non-denial-denial. For those of you who still hold with the quaint notion that privacy is protectable on the Web, Mashable provides some guidance on how to check if your ID was one of those compromised. It outlines how to collect your UDID and then directs you to a website called LastPass which has already created a tool to let you check.
Of course, knowing it after the fact won’t actually make any difference so maybe blissful ignorance could be a better idea.
Andrew Birmingham is the CEO of Silicon Gully Investments. Follow him on Twitter @ag_birmingham.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
- NSW government invites registrations for ServiceFirst contract
- Audit agency does BYOD with BlackBerry
- Telstra breached privacy of over 15k customers: Privacy Commissioner
If you haven't retired Windows XP and haven't been fired yet, get busy
Turnbull asks how the NBN got that way
Turnbull asks how the NBN got that way
Vodafone launches smartphone app for encrypted calls
Thanks a million, Drupal