AntiSec Apple UDID "leak" met with raised eyebrows

A hacking group claiming to be working under the AntiSec banner has published a report on Pastebin which says it has leaked over 1 million Apple UDIDs – unique identifiers  – allegedly found on a compromised FBI laptop. The FBI, in a statement, has denied that there is evidence to suggest such a compromise or that it itself sought or obtained the data.

However, AntiSec said in its own statement, before the FBI response: “If you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that’, well sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed.” AntiSec instead, it says, is shouting because it “seems our best bet,” and “even in this case we will probably see their damage control teams going hard lobbying media to discredit this”.

The group behind the release claimed that the FBI’s device, a Dell Vostro notebook belong to Supervisor Special Agent Christopher K. Stangl, was breached in March 2012 using the AtomicReferenceArray vulnerability in Java.

One file, allegedly called “NCFTA_iOS_devices_intel.csv” contained in it, according to AntiSec, a list of 12,367,232 Apple iOS devices, including user names, the name of the device, the type of device, zipcodes, cellphone numbers, and addresses. The statement says that nowhere else is the list referenced, nor its purpose, and it appeared incomplete as there were empty spaces throughout.

Twitter accounts associated with Anonymous are taking a more cautious approach. @AnonyOps said: “FBI says there was no hack. That means either they’re lying or they *gave* the information up to someine in #antisec. It’s happened before.” The same account later warned that if this is the case, the authorities could be attempting to bolster the credibility of someone within AntiSec, and “will announce arrests in 6-8 months”.

“It’s possible,” @AnonyOps posted, the data released “came from a hacked vendor of an iPhone app”, and that they “could be targeting Stangl for embarrassment”. 

For now, The Next Web has posted a tool that can help you check to see if your UDID or device has been compromised.

It will be interesting to see whether this fizzles out or blows up in a big way: the FBI is alleged to have been involved in sting operations before, but the release could very well be genuine. Apple itself has caused paranoid rumblings, for example, with its latest patent which “could remotely disable protesters’ phone cameras”.