http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/


During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.


I am wondering how/why the FBI would have this information to begin with...

I also hate it when people have all their files on the desktop directory. It's and indication that this agent was even more careless.

I am wondering how/why the FBI would have this information to begin with...

Doesnt it make more sense to wonder what info they dont have?

Where's the list?

Doesnt it make more sense to wonder what info they dont have?

very true..sadly

Where's the list?

http://pastebin.com/nfVT7b0Z

CANDY! CANDY! CANDY!...............candy.


Download links:

http://freakshare.com/files/6gw0653b/Rxdzz.txt.html
http://u32.extabit.com/go/28du69vxbo4ix/?upld=1
http://d01.megashares.com/dl/22GofmH/Rxdzz.txt
http://minus.com/l3Q9eDctVSXW3
https://minus.com/mFEx56uOa
http://uploadany.com/?d=50452CCA1
http://www.ziddu.com/download/20266246/Rxdzz.txt.html
http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html

HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE

first check the file MD5:
e7d0984f7bb632ee19d8dda1337e9fba

(lol yes, a "1337" there for the lulz, God is in the detail)

then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz

password is:
antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6

then uncompress:
tar -xvzf decryptedfile.tar.gz

and then check file integrity using the MD5 included in the password u used to
decrypt before:
579d8c28d34af73fea4354f5386a06a6
^ yeah that one.

if everything looks fine
then perhaps it is.

enjoy it!

there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
APNS tokens.
the original file contained around 12,000,000 devices. we decided a million would be
enough to release.
we trimmed out other personal data as, full names, cell numbers, addresses,
zipcodes, etc.
not all devices have the same amount of personal data linked. some devices
contained lot of info.
others no more than zipcodes or almost anything. we left those main columns we
consider enough to help a significant amount of users to look if their devices
are listed there or not. the DevTokens are included for those mobile hackers
who could figure out some use from the dataset.


file contains details to identify Apple devices.
ordered by:

Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
Device Type.

-t

iCrap..
never owned any,, will never own any.
Same with Sony, for shit they have pulled.
I Don't use micro$oft for anything of importance.. (read the damn EULA)

Learn enough to hack your own stuff,, keep the bastards out.

^^^
I have not let Apple own ME........

Doesnt it make more sense to wonder what info they dont have?

Exactly. Another scary indication of the lawless police state.

I don't think this "leak" was accidental. I think was on purpose to drive down Apple stock. How did the FBI get such ID information and names that go with it? Apple has a lot of explaining to do if this story is true. It could be a hoax, which would still drive down Apple stock until it is revealed as a hoax.

I also hate it when people have all their files on the desktop directory. It's and indication that this agent was even more careless.

You are hating the wrong thing. You should rather hate that they have the info at all, regardless of where they keep it on their hard drive.

in English where is the list? Can I d/l it if I'm on a Mac?

in English where is the list? Can I d/l it if I'm on a Mac?

English? sort of.. Most of it anyway. (some is in haxor)


http://pastebin.com/nfVT7b0Z

CANDY! CANDY! CANDY!...............candy.


Download links:

http://freakshare.com/files/6gw0653b/Rxdzz.txt.html
http://u32.extabit.com/go/28du69vxbo4ix/?upld=1
http://d01.megashares.com/dl/22GofmH/Rxdzz.txt
http://minus.com/l3Q9eDctVSXW3
https://minus.com/mFEx56uOa
http://uploadany.com/?d=50452CCA1
http://www.ziddu.com/download/20266246/Rxdzz.txt.html
http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html

HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE

first check the file MD5:
e7d0984f7bb632ee19d8dda1337e9fba

(lol yes, a "1337" there for the lulz, God is in the detail)

then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz

password is:
antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6

then uncompress:
tar -xvzf decryptedfile.tar.gz

and then check file integrity using the MD5 included in the password u used to
decrypt before:
579d8c28d34af73fea4354f5386a06a6
^ yeah that one.

if everything looks fine
then perhaps it is.

enjoy it!

there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
APNS tokens.
the original file contained around 12,000,000 devices. we decided a million would be
enough to release.
we trimmed out other personal data as, full names, cell numbers, addresses,
zipcodes, etc.
not all devices have the same amount of personal data linked. some devices
contained lot of info.
others no more than zipcodes or almost anything. we left those main columns we
consider enough to help a significant amount of users to look if their devices
are listed there or not. the DevTokens are included for those mobile hackers
who could figure out some use from the dataset.


file contains details to identify Apple devices.
ordered by:

Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
Device Type.

-t

Damn I'm glad Apples MICRO upgrades every year pissed me off enough to where I left apples stuff behind for good!

FBI says data not from one of their computers or laptops.
http://www.cnn.com/2012/09/04/tech/web/fbi-apple-id-hack/index.html

The FBI on Tuesday said there is "no evidence" to support claims by a hackers group that they accessed information about millions of Apple users on a bureau computer.

The hackers have posted online what they claim are the IDs of more than 1 million iPhones and iPads. And they say that's just part of the more than 12 million IDs -- and other information such as users' names, cell phone numbers and billing addresses -- they got from the laptop of an FBI agent.

The release, if authentic, sparked a flurry of headlines Tuesday and raised questions about both FBI security and why the bureau would have collected that information about people in the first place.

Antisec, a politically minded branch of the hacker collective Anonymous, posted the ID numbers on Monday. If cross-referenced with info available to Apple developers, they could theoretically help someone find more specific details about the device's owner.

The post claimed that hackers exploited a vulnerability in the programming language Java on the computer of Special Agent Christopher K. Stangl, who specializes in cybersecurity.

The FBI responded Tuesday afternoon.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device IDs) was exposed," according to an FBI spokesperson. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

As of Tuesday afternoon, there had been no independent verification that the IDs came from an FBI computer. Apple did not respond to a request for comment.

"We don't have any way of confirming the source of the data, or what else might have been taken, but it does appear that the files do contain at least some genuine Apple UDIDs," said Graham Cluley, a senior tech consultant at Sophos Security. "Certainly things would be worse if the personal info was also released. But at the moment it feels as if the hackers might be more interested in embarrassing the FBI and causing mischief than putting innocent users at risk."

More at link.

FBI says

Yeah,,OK.
Did you really expect them to admit it?
AntiSec has taken down FBI security before.. They denied then too.

It won't be long till this shows up at doxbin as an unencrypted, uncompressed file. If you don't understand how to use the tools to gain access to this info now, just wait 14 days or so.

Assuming this is true, and I am, Apple had to have given the FBI the files.