Antisec uses Java exploit to breach 'FBI' laptop

Powered by SC Magazine
 

Bureau says claims are totally false.

Hacker group Antisec has leaked more than a million unique Apple device identifiers it claims to have stolen from an FBI agent's laptop, a claim that is strongly refuted by the FBI.

The group claimed to have exploited a Java vulnerability to obtain over 12 million UDIDs, which uniquely identify Apple iOS devices.

It then leaked a portion of these identifiers in a long, incoherent and expletive-laden political posting to Pastebin.

Antisec's Pastebin post alleged a "Dell Vostro notebook" used by a special agent and two separate FBI teams had been compromised "during the second week of March 2012".

"[It] was breached using the AtomicReferenceArray vulnerability on Java," Antisec said.

"During the shell session, some files were downloaded from [the] Desktop folder.

"One of them ... turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

"No other file on the same folder makes mention about this list or its purpose. "

The FBI has refuted Antisec's claims. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," a spokesman said.

An FBI spokesman also said the FBI did not have a file corresponding to that obtained by Antisec.

"We never had info in question. Bottom Line: TOTALLY FALSE," it said on an official Twitter account.

According to MacRumours, the captured UDIDs appear to be genuine. The identifiers are tied in with personal data, most of which has been redacted by Antisec. 

The FBI special agent who allegedly used the hacked laptop has a history with Antisec's predecessor Lulzsec, being one of the agents in a joint FBI and Scotland Yard conference call in March this year that Lulzsec intercepted and broadcast on the Internet.

The conference call related to investigations into members of Anonymous.

The AtomicReferenceArray vulnerability used by Antisec to break into the FBI agent's laptop is different from the recently publicised zero-day Java exploits.

Copyright © iTnews.com.au . All rights reserved.


Antisec uses Java exploit to breach 'FBI' laptop
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 262

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 82

Vote