It seems like every week more data comes out about the US government’s nefarious intelligence-gathering activities. This week’s reason to strap on your tin-foil hat comes from hacking group Antisec.
The hackers claim they breached the laptop of special agent Christopher K. Stangl from the FBI’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team, revealing that he held the sensitive identity information for over 12 million Apple mobile devices and their users. After the breach, Antisec took personal IDs from this database, which they then published (redacted). No they were not trying to be dicks, they were trying to expose some of the FBI’s tracking activities, claiming
“…We have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that’… the FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. So next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too.So without even being sure if the current choice will guarantee that people will pay attention to this fucking shouted’ FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT’ well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it.“
And of course, as Antisec correctly predicted, the FBI came out in full force denying everything they possibly could- that Antisec hacked the laptop, that they ever had this type of information to begin with, etc.
To which Antisec replied:
Now your first question might be- what kind of data is this exactly? This data includes:
- Unique Device Identifiers (UDID)
- user names
- name of device
- type of device
- Apple Push Notification Service tokens
- zip codes
- cell phone numbers
- addresses, etc.
But really your first question should be WHY THE FUCK DOES THE FBI HAVE THIS INFO TO BEGIN WITH? Well the answer to that lies in the title of the document itself- “NCFTA_iOS_devices_intel.csv.”. Apparently, NCFTA stands for the National Cyber Forensics and Training Alliance, a non-profit founded in 1997 by FBI agent Dan Larkin to facilitate the exchange of data between private industry and law enforcement agencies. Some of the private institutions include financial institutions, telecommunications firms and Independent Service Providers. So if it’s not enough that the bank and your internet company knows what you spend your money on and what you’re watching, they’ve also set up an agency so they can easily give that information to the cops and the FBI. If you haven’t put on your tinfoil hat yet, now might be a good time.
HOW FIND OUT IF THE FBI WAS TRACKING YOUR APPLE DEVICES
Your next question might be (or at least should be)- how do I know if my data is included in the breach? Well first you have to find out what your Apple UDIDs (the 40-character alphanumeric string unique to each Apple device) is.
The folks over at WhatsmyUDID.com have a simple tutorial on how to find this info out. And once you find out you can check out this link to imput your UDID and have it run against the database. They claim not to be storing the numbers, but if you’re paranoid you can always only partially enter your UDID. And if your number is not in the database, don’t be lulled into a false sense of security- it just might be one of the millions not published by Antisec.