FBI collected millions of Apple device IDs, says AntiSec

Hacking group AntiSec has released more than a million Apple Unique Device Identifiers (UDIDs), claiming it swiped them from an FBI agent's laptop.

UDIDs are the unique string of numbers that identify every iOS device. They were used by developers to track installations of their apps, until Apple put an end to the practice earlier this year.

And, says AntiSec, it's actually got its hands on as many as 12 million UDIDs, as well as other information such as user names, mobile phone numbers and addresses. It hasn't published this extra information, meaning the UDIDs don't represent a security risk to the individuals concerned.

The group says it believes that such a large number of UDIDs can only mean that the FBI is tracking individuals via their gadgets - and on a massive scale.

"We will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it," says the group in a post on Pastebin.

AntiSec says it got the data via from FBI agent Christopher Stangl's Dell Vostro notebook, which it breached via an AtomicReferenceArray vulnerability on Java.

"During the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc," writes the group.

"The personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."

AntiSec's hoping to trigger an outcry over the fact that the FBI is allegedly holding lists like these - and on laptops, no less. But it won't speak to the press, it says, until one demand is fulfilled, relating to a certain journalist who's been critical of the group in the past.

"No more interviews to anyone till Adrian Chen get featured in
the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop," it says. Hold the front page...