Richi Jennings

#AntiSec: FBI has data on 12 million iPhone/iPad users

September 04, 2012 6:08 AM EDT

Our Anonymous 'friends' have reappeared, this time alleging that the FBI is tracking iOS device users. They claim to have copied information from an FBI laptop that lists more than 12 million Apple Unique Device IDs, with their associated personal information. They've published a small sample -- suitably redacted -- as proof.

In IT Blogwatch, bloggers wonder how -- if true -- such data collection could be legal.

LulzSec logo

By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. 

 
G'day, Jonathan Stewart:

The data is claimed to be sourced from FBI agent Christopher Stangl, whose...notebook was breached...in March..
...
Personal data...have been “trimmed out” according to [Antisec, who]...went on to show their support for...Pussy Riot, Syrian rebels, Julian Assange and Bradely Manning.  MORE

 
Josh Ong goes on:

The group claims to have...user names, device names, notification tokens, cell phone numbers and addresses. ... They published [it] to call attention to suspicions that the FBI used the information to track citizens.
...
The NCFTA acronym in the filename would likely refer to the National Cyber-Forensics & Training Alliance, a non-profit [group] from both the private and public sector that investigates cyber-crimes.  MORE

 
The alleged perps speak up:

Happy to bring this...for the utterly lulz. ... In July 2012 NSA's General Keith Alexander (alias the Bilderberg Biddy) spoke at Defcon. ... He was trying to seduce hackers into improving Internet security and...to recruit them, ofc, for his future cyberwars...[in a] hypocritical attempt...to flatter hackers into becoming tools for the state. ...they are spending millions of tax dollars to spy on their citizens. ...the system wants you clearly identified...[in] a government database so it can make its watchdogs' lives easier.
...
[Here are] 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens. ... We never liked the concept of UDIDs. ... Really bad decision from Apple. ...looking at the massive number of devices concerned, someone should care about it. ... [A] notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray [Java] vulnerability. ... "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices.  MORE

 
David Meyer 'splains:

Every iOS device has a UDID...so developers and mobile advertising networks could track user behaviour.
...
The document...has near its end an insult about US presidential candidate Mitt Romney, written in German.  MORE

 
A "disturbed" Andy Lim asks the crucial question:

How did the FBI gain access to all this information? ... Is Apple willingly sharing personal information with the FBI?  MORE

 
Arnold Kim presumes to answer:

I'm presuming the FBI got the database from an App Developer.  MORE

 
Roger Chucker thinks it's worse than that:

I doubt that they are a single app's data. ... UDIDs show an incremental pattern in their first 3 digits [so] those devices were bought in bulk and...were never sold to one person - since the Device names were unchanged. ... I just don't see how one app...could be on all the devices...and dump all its data to FBI.  MORE

 
However, muppetman urges caution:

I'm not saying that the FBI story isn't true, but [don't] assume it to be 100% factual. ...a deep breath is in order before we all accuse the FBI of leaking/losing/stealthily acquiring something!  MORE

 
And plugger assumes any FBI data collection was done legally:

I'd love to read the warrant that granted this disclosure [or] Apple's reasoning for releasing a 12 million + user database...without being legally obliged to do so.  MORE