Several hours ago, the latest hacker group to gain prominence, AntiSec, a subset of Anonymous, disclosed that it had obtained the confidential user data contained in some some 12 million Apple units after hacking an FBI Dell Vostro notebook computer, “used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java” which contined a file titled NCFTA_iOS_devices_intel.csv, which “turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.”
In other words, the FBI had the personal data of a substantial number of Apple device users, certainly all of which had been obtained without prior permission. Naturally the question here is why on earth does the FBI have this data, and as TNW suggests, “They published the UDID numbers to call attention to suspicions that the FBI used the information to track citizens.
Much of the personal data has been trimmed, however, with the hackers claiming to have left enough for “a significant amount of users” to search for their devices.” AntiSec has subsequently released one million of these UUIDs and their associated data. Find out if your device is on the list as explained below.
First, courtesy of WhatsmyUDID.com, here is a simple process to find out what the specific number is.
And then, with UDID in hand, go here:
Or, for those who are uncomfortable using the internet for uplink purposes, can use the following instructions on how to download the full list, via Anonymous:
HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE
first check the file MD5:
(lol yes, a “1337” there for the lulz, God is in the detail)
then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz
tar -xvzf decryptedfile.tar.gz
and then check file integrity using the MD5 included in the password u used to decrypt before: