Tech Made Simple

Hot Topics: Apple iPhone 6 | Top Pick: Best Portable Bluetooth Speaker | Top Pick: Best Android Tablet | What's Draining Your Android Battery?

Techlicious Blog

author photo

Is the FBI Tracking 12 Million Apple Users?

by on September 08, 2012
in Blog, News, Computers and Software, Phones and Mobile, Cell Phones :: 8 comments

UPDATE 9/10/2012: Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that its million-record database of UDIDs was stolen within the last 2 weeks and that there was a 98 percent correlation between its dataset and the one the hacker group Anonymous claims it stole from an FBI agent's laptop in March.

This week the hacker group known as AntiSec released a list of one million UDIDs—Unique Device Identifier numbers associated with Apple mobile devices—which it says came from a collection of 12 million UDIDs lifted from an FBI agent’s laptop.

The complete original file also contains user names, name of device, type of device, APNS tokens, ZIP codes, mobile phone numbers, addresses, and more. AntiSec’s release doesn’t include this personal information and the hacker group says it only wants the public to know that the FBI uses such information to spy on people.

Apple says it never gave the FBI any such information while the bureau itself issued a statement denying the data came from them. "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," it says, in a remarkably short and vague answer to a controversy of this magnitude.

Still, the UDIDs are real—many news outlets are publishing examples of people who have found their devices on the list.

Where did the List Come From?

An Apple spokesperson told the web site AllThingsD that “The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID.”

If that’s true and assuming the list wasn’t gleaned from some kind of hack into Apple or other company, the next most likely culprit is an app developer. Here’s why:

The UDID is an alpha-numeric string of characters that tells Apple and developers which device is yours so they can do things like push alerts to your phone, serve you ads and keep track of your preferences. Following privacy concerns Apple has cracked down on developers that track users via the UDID because it found that in addition to the identifier some developers were also garnering personal user data. That means any number of developers with more than 12 million users could have compiled the data the FBI agent supposedly had on his laptop.

Another clue the list is app-related was tweeted by AnonymousIRC (AntiSec is a subset of the loose hacking collective called Anonymous) and shown here.

Lots of people are trying to figure out which ones might be suspect. For instance, anyone who finds their device on AntiSec’s list can now help solve the mystery by completing an online survey that seeks to determine which apps are common to those listed.

Is Your Device on the List?

First, you need to determine the UDID of your Apple device. You can do that by connecting it to iTunes. From there, click on your device's name in the left-hand column and on the right you'll see system data, including your serial number. Click on it to show your UDID.

Alternately, you can use an app to figure it out. Just go to the iTunes Store and search for “UDID.” A slew of options are available for download.

The Next Web has posted a UDID checker. You can access the site anonymously by using a Web proxy like Anonymouse.org or HideMyAss.com. Of course your ID could be one of the 11 million that hasn't been released, so it would only confirm that you are on the list.

Who’s Lying?

While it’s always risky to trust anything a hacker says, another expletive-ridden statement surfaced today supposedly from AntiSec that gives some cryptic clues to authenticate what it says it found on the FBI agent’s laptop. According to the post, the group is being careful with what information it releases because, basically, it doesn’t want to get caught. In the message, the person said more information will be forthcoming but it will be on the group’s timeline and no one else’s.

But the FBI’s denial leaves a lot to the imagination in terms of brevity and vagueness. Doesn’t it sort of sound like they’re saying “Prove it”? And even if any such stolen data didn’t technically come from an FBI-owned laptop, couldn’t it have been stored on an agent’s personal machine?

Why Would the FBI Want This Information?

That’s the most interesting question of all.

One security researcher pointed out to The New York Times that the F.B.I. could have received the file as part of a forensics investigation involving a separate data breach.

Then again, there is plenty of evidence the government wants to track people.

For example, legislation has been drafted by Congress that would make it easier for the government to spy on people. CISPA has already been passed in the House of Representatives and its Senate counterpart, SECURE IT, is in committee. While these bills aim to protect the U.S. from cyberterrorism, they also would allow companies to share user’s private data with the government without a warrant or any oversight.

There’s also a landmark case in which the Supreme Court in January ruled unanimously that police and the FBI violated the Fourth Amendment when they secretly attached a GPS tracker to a man’s car and tracked him for a month.

“But now the government — instead of fixing the way it conducts this kind of invasive surveillance — has simply set its sights on another way to obtain people's location information: their cell phones,” writes the ACLU in a statement.

The defendant is being retried and last week his attorney said that prosecutors have also obtained records showing the location and movement of his cell phone over the course of five months.

“Since the GPS data from Jones's car was thrown out by the Supreme Court, it seems the prosecution intends to use Jones's cell phone data to get another bite at the apple. Like the GPS device on the car, the government was able to obtain the cell phone information without a probable cause warrant. Instead, it only had to claim that the data was ‘relevant and material’ to an ongoing investigation,” the ACLU points out, adding that after investigating public records the civil liberties watchdog group found that hundreds of law enforcement agencies engage in cell phone tracking on a regular basis, many of which do so without a warrant.

The ACLU says pending legislation in Congress, titled the Geolocation Privacy and Surveillance (GPS) Act, would require law enforcement agents to obtain a warrant in order to access location information.

Want to support it? The ACLU has a slick tool on its site that will send a message to your legislators.
 

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

Couldn't Care Less about Tracking

From Jeff Michelson on September 10, 2012 :: 11:46 am

Look, none of this matters.  There is no “Big Brother”.  This is all conspiracy theory.  The real criminals here are the hacker groups.

Reply

gravatar

Hackers

From Kathy on September 10, 2012 :: 12:55 pm

So how did the hackers get this list if not from the FBI?

And maybe you’re right, there is no Big Brother. Just the Patriot Act and CISPA. But those aren’t Big Brother, right? I’m not saying you’re wrong, I’m just wondering where the government crosses over the line and becomes Big Brother.

If it’s app based then maybe Big Brother is actually corporations trying to get purchasing info?

Which is worse? Either way, there is no privacy. We have to adjust to and live with that concept.

Reply

gravatar

Just the beginning...welcome to Micrsoft's world

From 434at3m3 on September 10, 2012 :: 1:38 pm

Apple brought this on themselves by trying to destroy consumer choice and having the highest market cap the world has ever seen.  Bullseye = Apple…get use to it.

Reply

Hackers DID get it from the FBI

From Jeff Michelson on September 10, 2012 :: 2:32 pm

They did get it from the FBI, no doubt about that.  Why the FBI had it?  Who knows; ongoing investigation? You can get the answer with a Freedom of Information Act request.

Which is worse?  I’d say the hackers, hands down.  And you’re right, there is no real privacy anymore, and everyone needs to get used to that. 

I’d call the Patriot Act and CISPA “Big Mother”, watching over us and protecting our national interests and keeping this country safe from terrorism.

I could care less what information the government or corporations have on me.  I’m not doing anything illegal, or even morally wrong, so I have nothing to fear.  That should be a mantra for everyone.

When is it crossing the line?  I suppose we’ll know that when we see it, and so far we haven’t Remember McCarthy? 

I for one am tired of the likes of Anonymous, Assange and WikiLeaks.  THOSE are the terrorists, not government, not “big corporation”, and not me.

Reply

Who cares...

From Steph Thomas on September 10, 2012 :: 2:36 pm

If it’s the FBI or the government, and it’s true, what do you or anyone proposing to do about it???

Reply

Privacy Breech

From Doreen Felix on September 10, 2012 :: 3:09 pm

FBI, Hackers…The way I see it Apple has allowed a Privacy Breech. Didn’t sign up for that. Yes, what is Apple going to do about it? Other than that info they may lift from any account of mine…pretty damn boring.

Reply

gravatar

FBI TRACKING APPLE IPHONE DEVICES BELONGING TO HACKERS

From CCSO on September 10, 2012 :: 6:22 pm

HACKERS COME IN all types, kinds and sizes some groups others outraged just to slaughter and ruin a single life. Why? I ask myself, does a good person have to be haunted by a demented, greedy hacker stalker?  America has gotten greedy making the already sly and demented turn deadly. CYBER Crimes are often turned over to local authorities and if needed the FBI. Those are the cases where you want to just go in but, you know you want them behind bars for life, no probation, parole. LIFE!! I have personally watched a young woman’s life be turned into a nasty Sci-Fi Movie and worse. I know people think authorities dont care, were slow, how can you no and still watch this happen to me? I’ve been asked, by this Victim so I Chuckle to keep from wanting to cry myself. Old men, especially with 30 yrs. In aren’t suppose to cry. The only thing that keeps me goung is I know and will get ” THAT ONE WRONG MOVE” SWEET JUSTICE ON A HACKER(S) LIFE, Internet Crimes take time, patience and in the end There Life. My motto is for you women out there “Never trust an EX that walked away from you and kicked you when you were already DOWN” Dont let him back in your life for any reason, SAY GOODBYE ASSHOLE, OR WHATEVER IT TAKES DONT LET HIM HAVE THAT CHANCE TO TAKE MORE THAN HES ALREADY HACKED FOR!  “YOU”!

Reply

gravatar

I am not happy that

From Tips4pc on September 11, 2012 :: 9:39 pm

I am not happy that stuff is tracked but lets face it, everything is tracked now… If you do not want to be tracked just stop using the internet and mobiles phones…Go live in the bush, camping, and grow your own food.

I would rather be tracked.

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose