Hacking: 12 million iOS identifiers taken by the FBI

Hacking group AntiSec has claimed that more than 12 million Apple iOS device identifiers have been stolen. This information was found on an FBI agent’s hijacked laptop.

Formed from members of Anonymous and LulzSec, the AntiSec hackers group has already been spoken about on numerous occasions. Today, they state that they have more than 12 million UDID identifiers (Unique Device Identifier) belonging to unique Apple iOS devices.

These UDIDs allow you to identify each iOS device individually and are used by Apple to manage App Store purchases. Until recently, developers were able to call on these UDIDs to trace the installation of their apps through an Apple user’s database (Apple has now started to limit access).

According to AntiSec, 12 367 232 iOS devices have been affected by the leak of their UDIDs, username, name and device type, Apple Push Notification Services token, telephone numbers and addresses…

To prove their hack, AntiSec has posted a list of a million UDIDs online (1 000 001 to be precise) linked to their users and APNS tokens. Personal information like full names, telephone numbers and addresses have been voluntarily removed from the posting.

There is enough information for users to be able to verify whether their devices are on the list or not (the published text file can be found here). Even more surprising, AntiSec claims that this information was not stolen from Apple but rather the FBI.

In March 2012, AntiSec claimed that they remotely hacked an FBI special agent’s laptop working for the Regional Cyber Action Team in New York via a Java fault on his computer. Among the stolen files was one titled NCFTA_iOS_devices_intel.csv which contained the now published information.

NCFTA could be a reference to the National Cyber-Forensics & Training Alliance which brings together public and private sector experts who work on investigating cybercrime.

For the hacking group, this shines some light on how the FBI spy’s on users, and the tactics that they can deploy to hit back against hackers. The question that now needs to be asked is how the FBI got their hands on such information.