Linked by Thom Holwerda on Tue 4th Sep 2012 09:00 UTC
Apple This could be big - although just how big remains unclear. "There you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens. The original file contained around 12,000,000 devices. We decided a million would be enough to release. We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." How did AntiSec get this data (they claim)? From an FBI laptop. Why an FBI laptop would have a file with personal information on 12 million iOS users, we don't know - especially since 10000 of them are Dutch/Belgian, and last I checked, those do not fall under FBI jurisdiction. Did the FBI obtain it from an application developer, or from Apple itself? Then again - 12 million users? From a single iOS developer? I find that hard to believe.
Thread beginning with comment 533787
To read all comments associated with this story, please click here.
There are devs with that many devices...
by bhtooefr on Tue 4th Sep 2012 11:57 UTC
bhtooefr
Member since:
2009-02-19

...Rovio, for one, could easily have that many users.

And, I do know someone (who told me about the leak, actually), who claimed that his device was on the leak.

The only ways I see it being a hoax are if it didn't actually come from the FBI, but rather Apple or a developer. And, then, it's real data still, and the hoax is just the source of it.

Edited 2012-09-04 11:58 UTC

Reply Score: 4

MOS6510 Member since:
2011-05-12

Apparently the published list is 130 MB. If it's a twelfth of the total the complete file would be about 1.5 GB.

It's kind of hard to believe that a FBI laptop with a Java vulnerability get spotted by some automated scan and somehow "they" managed to locate a file and download 1.5 GB of data.

They couldn't have know it was a FBI laptop, what was on it and where it was located.

Of course they could just have grabbed the biggest file around, but there is a real risk the connection is dropped before it completes considering the time it would take. Besides, large files often are pirated movies you could download anyway without needing to hack a laptop.

Another possibility is that the laptop got discovered by an automated scan and a human sniffed around after that, but that's also a low probability option also because having a file with 12 million UDIDs is very rare.

Discovering and hacking a FBI laptop and finding a 12 million UDID entries file and downloading it probably has a probability that's smaller than one in twelve million.

Reply Parent Score: 1

Morgan Member since:
2005-06-29

The way I understand it, FBI agents in the field are required to use a DoD-provided Linux-based liveCD whenever they connect to the public Internet. It allows for a secure VPN tunnel back to government datacenters. Even my lowly terminal at work goes through two separate encrypted VPNs and it's just a county law enforcement terminal.

As to whether they actually do it in practice, who knows? Some of my coworkers completely ignore their Security and Integrity training and use their mobile data terminals to look up license plate info on cute women. Those sorts of shenanigans go all the way to the top of the ladder too.

Reply Parent Score: 5

Soulbender Member since:
2005-08-18

Discovering and hacking a FBI laptop and finding a 12 million UDID entries file and downloading it probably has a probability that's smaller than one in twelve million.


It makes for good publicity though....

Reply Parent Score: 2

zima Member since:
2005-07-06

Well, camping nearby some FBI offices with a cantenna most likely significantly increases chances of communicating with an FBI laptop...

Also, 1.5 GiB over a decent wifi isn't that much; plus maybe they set up the transfer in a way that a partial file will be saved, too. And pirated movies tend to have very recognizable names & extensions... (but I guess you might be used to the obfuscation done by iTunes? ;p )
...plus, FBI agents would never download and keep such, right? ;)

Reply Parent Score: 2

moloh Member since:
2012-09-04

You don't have to be Rovio to have that many users, in our database we do have ~25 million udid's used for push and pull messaging.

Reply Parent Score: 3