Antisec uses Java exploit to breach 'FBI' laptop

By Juha Saarinen on Sep 5, 2012 7:19 AM
Filed under Security

Bureau says claims are totally false.

Hacker group Antisec has leaked more than a million unique Apple device identifiers it claims to have stolen from an FBI agent's laptop, a claim that is strongly refuted by the FBI.

The group claimed to have exploited a Java vulnerability to obtain over 12 million UDIDs, which uniquely identify Apple iOS devices.

It then leaked a portion of these identifiers in a long, incoherent and expletive-laden political posting to Pastebin.

Antisec's Pastebin post alleged a "Dell Vostro notebook" used by a special agent and two separate FBI teams had been compromised "during the second week of March 2012".

"[It] was breached using the AtomicReferenceArray vulnerability on Java," Antisec said.

"During the shell session, some files were downloaded from [the] Desktop folder.

"One of them ... turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

"No other file on the same folder makes mention about this list or its purpose. "

The FBI has refuted Antisec's claims. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," a spokesman said.

An FBI spokesman also said the FBI did not have a file corresponding to that obtained by Antisec.

"We never had info in question. Bottom Line: TOTALLY FALSE," it said on an official Twitter account.

According to MacRumours, the captured UDIDs appear to be genuine. The identifiers are tied in with personal data, most of which has been redacted by Antisec.

The FBI special agent who allegedly used the hacked laptop has a history with Antisec's predecessor Lulzsec, being one of the agents in a joint FBI and Scotland Yard conference call in March this year that Lulzsec intercepted and broadcast on the Internet.

The conference call related to investigations into members of Anonymous.

The AtomicReferenceArray vulnerability used by Antisec to break into the FBI agent's laptop is different from the recently publicised zero-day Java exploits.