Hackers Claim FBI Has Tracking Information For 12 Million iPhones And iPads

Yesterday, while many of us were grilling various meats and dreading the inevitable return to work, hackers posted what they claim are 1 million unique identifiers for iPads and iPhones. According to the hackers, the source of this information is a significantly larger database held by the FBI.

The pastebin post linking to the leaked information claims that during the second week of March, hackers were able to breach a notebook belonging to a FBI agent based out of New York City.

From the post:

“[D]uring the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”

All iOS devices are associated with a UDID, intended to allow for easier tracking by developers and advertisers. Apple has come under fire in recent months after it was revealed that some third parties were receiving this tracking information without consent.

The hackers say they have always believed that such unique IDs being attached to phones “was a really bad idea,” that and that the “concept should be eradicated from any device on the market in the future.”

“[W]e have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that’,” continues the post. “[W]ell sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too.

“So without even being sure if the current choice will guarantee that people will pay attention to this fucking shouted ‘FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT’ well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it. Also we think it’s the right moment to release this knowing that
Apple is looking for alternatives for those UDID currently and since a while blocked axx to it, but well, in this case it’s too late for those concerned owners on the list.”

[via ZDnet]


Edit Your Comment

  1. TrustAvidity says:

    They better not use that information for anything. I’m sure Apple has a patent on it.

    • Costner says:

      No Apple just has a patent on the format of the database and the shape of the data elements, but not the content itself since they didn’t invent or create it.

  2. Guppy06 says:

    Ah, Anonymous; they can crack FBI security but they still can’t crack the English language.

    • Marlin says:

      Really? RTFA

      They just used a Java exploit; they did not “crack FBI security”.

      They, Anonymous, may not speak english as their native language. But yea let’s ignore what they are saying as the idiot grammar Nazi is not happy.

      • Back to waiting, but I did get a cute dragon ear cuff says:

        Uh, this is one thing a lot of people do not realize. Security is the whole package.

        This was on an FBI computer.
        Java was installed on this computer.
        ANYWAY that you get access to information on that computer is breaking the security of that computer, and by extension the security of the issuing company or agency.

        It does not matter how they broke in. Whether it was through a Java exploit, Internet Explorer exploit or a thumb drive left in the parking lot. They still broke into the computer and accessed sensitive information. FBI security on this computer WAS breached.

        Just because you locked your doors does not mean that the thief did not enter your house because they came in through an unlocked window.

  3. Mr. Spy says:

    Why have hackers become our reporters? Isn’t this the type of thing that real reporters should be busting heads over? Or, you know… finding out?
    But also, he’s right. People don’t care. What’s worse, this doesn’t even shock us. We actually expect that we are tracked at all times. We should be furious, but I just can’t help but feel that we just don’t care anymore. I know, call out the wambulance and all that.
    *Insert political opinion here* *insert grand societal change theory here* *insert pop psy analysis here*.

    • Laura Northrup says:

      I don’t know if there is a way you could find this out through legal means.

      • Back to waiting, but I did get a cute dragon ear cuff says:

        In the old days (Watergate, Pentagon Papers, etc) people would give this type of info to reporters who would protect their sources. Journalists protecting their anonymous sources used to be almost sacrosanct in this country for a properly functioning free press.

        However, this has been slowly eaten away by various laws, rulings and presidential decrees. Now, reporters are afraid to touch something like this.

        Because of this, the internet has become both the reporter and news outlet. Things like this slowly bubble up from the smaller sites, then to slashdot, reddit and the like. THEN it finally gets on the radar of the big news sites, who can report that they (slashdot, reddit, consumerist, etc) reported this so we can safely say they spilled the beans and we do not have to worry about getting our hands dirty on something like this.

  4. Jawaka says:

    Honestly I really don’t care. The FBI can assemble a list of my name address, phone number, and other details from a million other sources anyway.

    • nightshade74 says:

      Is that what this is?
      Why would they need the unique identifier.

      My guess … tracking is a possibility… or … the ability to push applications
      to a particular iDevice…

      • Jawaka says:

        Meh, track away.

        Personally I’m flattered if they find me worth their time.

        • Mark702 says:

          Said like a total moron. What happens when they decide to install a monitoring app via a backdoor and use it to identify you as a homegrown terrorist because you decided to visit a site they deem un-American, even if it’s just a political site or is anti-federal government?

          • YouDidWhatNow? says:

            He won’t mind if the reciept-checker at Wal-Mart goes thorugh his bags on the way out the door. He won’t mind if he follows him to his car, and looks in the trunk. He won’t mind if he follows him home and checks out the garage, the backyard, his CD collection, his home computer hard drive, his naked pictures of his wife, etc.

            It’s all fine. After all, only people who have something to hide complain.

            • Jawaka says:

              You’re partially correct. I generally don’t mind when they ask to see my receipt while leaving a store since I know why they do it and the tradeoff isn’t unreasonable to me. If I took offense to them doing so I’d just shop somewhere else. Likewise if I was so concerned about the government tracking me via my cell phone I wouldn’t carry it when I was out robbing banks, counterfeiting, and planning other nefarious crimes.

              the way I look at it is that the real criminals of the world are using hi tech to break the laws, why shouldn’t the government be able to as well in order to fight crime?

  5. dolemite says:

    And the entirety of America shrugged their shoulders and continued eating Cheetos while watching Honey Boo Boo, while .001% of them cried out in rage.

  6. Quirk Sugarplum says:

    Clearly this is just another PR “leak” by Apple for the iPhone 5 launch.

  7. crispyduck13 says:

    Enjoy those apps, iPhone people.


    Non-iPhone people.

    • RynanEmery says:

      If you think that the iphone is the only smart phone being tracked, I have a bridge for sale…

      • rgf207 says:

        tell me more about this bridge…

        • Costner says:

          It leads to your own private island off the coast of Iowa and each rivet was hand carved from a Unicorn horn. The metal used in the trusses is an alloy containing a mixture of copper, gold, and nano-infused carbon based steel which is actually able to reflect back 105% of the sun’s ultraviolet rays, and the driving platform consists of pavement that is a mixture of a soy-based bio-renewable asphalt product mixed with the ground-up baby teeth collected from over a million children and certified by none-other than the tooth fairy herself.

          It is a sight to be seen… truly one of a kind.

    • poco says:

      I was waiting for the inevitable “OMFG APPLE IS THE WORST THING EVER ARGBLARGWARG STEVE JOBS IS SATAN ARGGGGGGGGHHHHH!!!!!” post. Thanks for not letting me down.