The hacking group AntiSec struck again by claiming a hit on the Federal Bureau of Investigation as well as compromising more than 12 million IDs. The said IDs are associated with other personal information including device names, names, telephone numbers, and addresses but the group said that they haven’t released them to the public…yet.
Experts think that such information can be provided to criminal groups and spammers and can potentially be used to infect other computers or take away credit card information.
AntiSec said that it had dumped about a million IDs to the Web to bring to public attention FBI’s attempt to track Americans. No personal information was released though. The IDs are unique identifiers for Apple devices.
The group claimed that they managed to hack the laptop of FBI special agent Christopher Stangl, “using the AtomicReferenceArray vulnerability on Java. During the shell session some files were downloaded from his Desktop folder.”
Sophos security expert Graham Cluley said that the hackers may have intentionally withheld the bulk of the information they had to make it more valuable for criminal groups.
An offshoot of the notorious Anonymous group, AntiSec said they used a vulnerability in Java to breach the laptop of Stangl in March this year. To lend some credence into the hacking, Anonymous confirmed the breach and released a message in the Anonymous twitter feed AnonymousIRC saying that it only released a sample of data they have collected “to help a significant amount of users to look if their device are listed there or not.”
The name AntiSec is short for Anti Security Movement. The group is against the security industry and is part of the rising “hacktivism” movements throughout the world. Basically, hacktivism aims to embarrass and discredit large scale organizations like the FBI.
AntiSec released a statement mocking the FBI as a reference to the recent appearance of NSA Director and General Keith Alexander at Defcon inviting attendees to join the government: “It was an amusing hypocritical attempt made by the system to flatter hackers into becoming tools for the state,” Anonymous’ statement reads. “We decided we’d help out Internet security by auditing FBI first.”
Word has spread in the Web that the released UDID are indeed real but just what that means about privacy of Apple users and law enforcement is not yet clear. Experts are saying that UDIDs are used by advertisers and app developers alike, according to one study in 2011. The study discovered that 74% of the apps tested sent a user’s UDID to a remote server. The same research also discovered that majority of the social gaming networks tested in the study allowed users to sign in automatically using only their UDID, making it an equivalent of a stolen log-in credentials or password.“We never liked the concept of UDIDs since the beginning indeed,” Anonymous said. “Really bad decision from Apple. Fishy thingie.”
Both Apple and the FBI declined to comment on the release of UDIDs but the latter denied that one of its agent’s computers was compromised.
“Statement soon on reports that one of our laptops with personal info was hacked,” FBI said on Twitter. “We never had info in question. Bottom Line: TOTALLY FALSE.”