The hacker group AntiSec has released 1 million Apple device IDs that they say they obtained from an FBI computer they hacked.
The hackers say they actually stole 12 million IDs, including personal information, from the hacked FBI computer, but released only 1 million in an encrypted file published on torrent sites.
In a lengthy post online, the hackers wrote that last March, they hacked a laptop belonging to an FBI agent named Christopher K. Stangl from the bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.
The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”
The file, according to the hackers, contained a list of more than 12 million Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of devices, types of devices, Apple Push Notification Service tokens, ZIP codes, cellphone numbers, and addresses. The hackers released only 1 million UDIDs, however, and did not release the accompanying personal information for the IDs.
Apple UDIDs are a 40-character alphanumeric string that is unique to each Apple device.
It’s not known why the FBI possessed the Apple IDs. The hackers suggested in a tweet from the the @AnonymousIRC account, that the FBI was using the information to track users.
12,000,000 identified and tracked iOS devices. thanks FBI SSA Christopher Stangl.
— AnonymousIRC (@AnonymousIRC) September 4, 2012
Stangl may have been targeted because he was on an e-mail that members of Anonymous intercepted last January. The e-mail was sent to several dozen U.S. and European law-enforcement personnel to participate in a conference call discussing efforts to investigate Anonymous and other hacking groups. The email included a call-in number for the discussion, which members of Anonymous recorded and posted online last February.
The hackers say they released the Apple UDIDs so that people would know that the FBI may be tracking their devices and also because, they wrote in their online post, “we think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently … but well, in this case it’s too late for those concerned owners on the list.”
Apple has been criticized for hard-coding the ID’s in devices, since they can be misused by application developers and others to identify a user, when combined with other information, and track them. Last April, Apple began rejecting applications that track UDIDs.
The Next Web has created a tool for users to check if their Apple UDID is among those that the hackers released.