Antisec uses Java exploit to breach 'FBI' laptop

Powered by SC Magazine
 

Bureau says claims are totally false.

Hacker group Antisec has leaked more than a million unique Apple device identifiers it claims to have stolen from an FBI agent's laptop, a claim that is strongly refuted by the FBI.

The group claimed to have exploited a Java vulnerability to obtain over 12 million UDIDs, which uniquely identify Apple iOS devices.

It then leaked a portion of these identifiers in a long, incoherent and expletive-laden political posting to Pastebin.

Antisec's Pastebin post alleged a "Dell Vostro notebook" used by a special agent and two separate FBI teams had been compromised "during the second week of March 2012".

"[It] was breached using the AtomicReferenceArray vulnerability on Java," Antisec said.

"During the shell session, some files were downloaded from [the] Desktop folder.

"One of them ... turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

"No other file on the same folder makes mention about this list or its purpose. "

The FBI has refuted Antisec's claims. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," a spokesman said.

An FBI spokesman also said the FBI did not have a file corresponding to that obtained by Antisec.

"We never had info in question. Bottom Line: TOTALLY FALSE," it said on an official Twitter account.

According to MacRumours, the captured UDIDs appear to be genuine. The identifiers are tied in with personal data, most of which has been redacted by Antisec. 

The FBI special agent who allegedly used the hacked laptop has a history with Antisec's predecessor Lulzsec, being one of the agents in a joint FBI and Scotland Yard conference call in March this year that Lulzsec intercepted and broadcast on the Internet.

The conference call related to investigations into members of Anonymous.

The AtomicReferenceArray vulnerability used by Antisec to break into the FBI agent's laptop is different from the recently publicised zero-day Java exploits.

Copyright © iTnews.com.au . All rights reserved.


Antisec uses Java exploit to breach 'FBI' laptop
 
 
 
Top Stories
Don’t mention digital disruption to David Whiteing
Buzzwords don’t curry favour with CBA's new CIO - it’s all just innovation to him.
 
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  43%
 
No
  57%
TOTAL VOTES: 608

Vote