Hacking group AntiSec claims to have released the Apple Unique Device Identifiers (UDIDs) of one million Apple users, after obtaining them from the laptop of an FBI agent.
In what could turn out to be an embarrassing episode for the FBI, AntiSec posted a lengthy statement on Pastebin alongside simple instructions on how to download the database.
AntiSec claims the original file contained info of around 12,000,000 devices, and decided to release details of one million users.
The group obtained the UDIDs from the Dell Vostro notebook used by Supervisor Special Agent Christopher K. Stangl from the FBI Regional Cyber Action and New York FBI Office Evidence Response Team. This was done using the AtomicReferenceArray vulnerability on Java.
"During the shell session some files were downloaded from his Desktop folder. One of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."
AntiSec claims the original file contained around 12,000,000 devices, but decided to release limited details of one million users.
This was done to draw attention to the fact the FBI could be using sensitive information to track and locate users, the group claimed.
"[Even] in this case we will probably see their [FBI] damage control teams going hard lobbying media with bullsh*ts to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it."
