Hackers associated with the well-known hacktivist group, Anonymous have dumped online one million Unique Device Identifiers (UDIDs) belonging to Apple devices. In the Pastebin dump, where the hackers from AntiSec dumped the UDIDs, they reveal that the original file carried information from around 12,000,000 devices, but they found a million of them to be enough to leak online. “We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc. not all devices have the same amount of personal data linked. some devices contained lot of info. others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset”.
The UDIDs had been taken from an FBI computer. Hackers from AntiSec did so to bring to light on the alleged activities of the FBI.
Hackers leak Apple unique device identifiers
According to the Pastebin dump, in the second week of March this year, a Dell Vostro notebook that was being used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team had been broken into, using AtomicReferenceArray vulnerability on Java. During a shell session, they downloaded some files from one of the folders on Stangl’s desktop called NCFTA_iOS_devices_intel.csv. This file contained data about 12,367,232 Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of the devices, types of the devices, Apple Push Notification Service tokens, zipcodes, cellphone numbers, and addresses.
The hackers make it quite clear that did not appreciate the concept of UDIDs right from the beginning. “Really bad decision from Apple. fishy thingie,” they mention further.
Explaining the reason behind exposing such an expansive amount of data, the hackers' group added, “so the big question: why exposing this personal data? well we have learnt it seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info and who the f*** knows what the hell are they experimenting with that', well sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too. So without even being sure if the current choice will guarantee that people will pay attention to this f****** shouted”.