Slashdot Mirror
Anonymous Leaks 1M Apple Device UDIDs
Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim."
Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"
Why is that more likely?
You think if the FBI asks Apple or AT&T won't cough up such a list?
Yes, that seems like the larger issue here. What purpose does the FBI Cyber Action team have with 12M Apple UUIDs (from TFA: of which only 1M was leaked so far)?
This actually seems like a care of actual well-meaning hacktivism, as the purpose here is to inform users they are being tracked. It is only a matter of time before the remaining UUIDs are released. Unfortunately, most people have little more tech savvy than a newborn, so it is unlikely many people will even know how to compare their device to the list even if they care to do so.
The best we can hope for is that more of them wake up to the large-scale surveillance being undertaken and the abuse of power it represents. I wish I could be optimistic, but I know better by now.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
From that comment I gather that you believe an anonymous person who claims to be a hacker who claims to have gotten what he claims is Apple UDIDs from what he claims was an FBI computer.
geeks? I see no geeks there, why would geeks using fashion accessories instead of smartphones or using devices made by a company who likes to install rootkits on their users machines?
Oh please, all the big boys play this game. Any major firm is not going to do anything other than send a bill when any three letter agency asks for data. Nothing to do with favors, just typical amoral corporate behavior that we need to regulate against.
The problem is that although Anonymous does have a list of Apple IDs (which I doubt has been verified yet), they don't have hard evidence attributing them to an FBI source. We have to just take their word on that one, unless the FBI admits to the breach.
Better known as 318230.
We need government rules against a company cooperating with the government?
On one hand you argue for regulation, which is more powerful government. On the other hand, you bemoan the government using any power.
Companies and governments don't go to heaven. They don't act morally or amorally. They just do what is necessary to get thru the day.
THL phish sticks
... the possibility that the FBI was doing its job.
The only possibilities here are that the FBI or Apple are in the wrong, there is NO possibility that criminals did something wrong.
Remember that simple rule... the FBI and Apple sometimes make mistakes, therefore they are ALWAYS responsible for things. /groan
EMail: 0110001101100010010000000110001101110010 0110000101111010011011100110000101110010 0010111001100011011011110110
The fact that it is facebook?
Facebook exists for basically this sort of thing. Tracking devices or not, anything you post to it you should consider public knowledge. Sure you have privacy settings, which do not apply to the three letter agencies. At some point they may not apply to anyone.
I am not saying don't use it, but consider anything you say on facebook the same as printing it on a billboard.
"Why did all that personal data reside on the laptop of one special agent?"
Probably it didn't and doesn't.
Reside on the laptop of *just one* special agent, that is.
Whenever one of these special agents gets something particular from the boss, all the others want that, too.
This is considered "insightful"? If Shavano had taken the 5 seconds required to verify that those UDID are, in fact, valid, he wouldn't be saying silly things like this.
Sure, we have no idea of the source of this (FBI, Apple, random person with 1M+ harvested UDIDs, etc.), but it's trivial to verify that (at least a good part of the data) is valid.
Maybe google for "Apple UDID deanonymize" and you'll get there.
I think you do not understand the separation of powers: legislative power (congress) would make a law prohibiting collecting arbitrary data about individual citizens without reason and companies to provide them that information without due process. Executive power (government) is not allowed to subvert that law.
There isn't much bi-partisan common ground in the US. But on the subject of Congress being unwilling and/or unable to prevent the Executive Branch from violating laws in such areas as arrest, detention, search, seizure and privacy, the parties are of one mind. There are perhaps a handful of Senators and Representatives willing to speak up about it, but even they're too scared to actually point fingers and name names.
I am not a crackpot.
if you are going to post to a tech site. There are plenty of beginner sites out there, this one is for people who know basic technical info like "You can put any OS you want on a MacBook".
From the article I read the laptop was owned by the agent not the FBI which raises a whole pant load of other questions.
That's okay, we already know you are 1153867, we don't need computer serials to identify you.
Change is certain; progress is not obligatory.
I wouldn't exactly call it amoral corporate behavior. These companies all are publicly traded, and their primary obligation is to preserve and increase shareholder value. Standing up to the Government has no relation to their actual primary goals and is usually in opposition to them. When a company gets that big, they have a lot to lose, and the Government has hundreds of ways to arrange for them to lose it all. Think they're going to stand up to them and jeopardize shareholder value for the sake of someone who will be called a mobster, drug dealer, or terrorist? And regulate against? Do you really expect that the Government is ever going to punish a corporation for agreeing to give data to it, no matter what laws get passed?
I'm not thrilled about it or anything, but that's the way the world works. If you're going to do anything that might be legally iffy, you're better off assuming that every major and even medium-sized corporation will give the Government anything it asks for on a silver platter.
I don't reply to ACs