FBI denies Antisec Java exploit hack

Powered by SC Magazine
 

Hackers claim 12 million identifiers accessed.

Hacker group Antisec has leaked more than a million unique Apple device identifiers it claims to have stolen from an FBI agent's laptop, a claim that is strongly refuted by the FBI.

The group claimed to have exploited a Java vulnerability to obtain over 12 million UDIDs, which uniquely identify Apple iOS devices.

It then leaked a portion of these identifiers in a long, incoherent and expletive-laden political posting to Pastebin.

Antisec's Pastebin post alleged a "Dell Vostro notebook" used by a special agent and two separate FBI teams had been compromised "during the second week of March 2012".

"[It] was breached using the AtomicReferenceArray vulnerability on Java," Antisec said.

"During the shell session, some files were downloaded from [the] Desktop folder.

"One of them ... turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

"No other file on the same folder makes mention about this list or its purpose. "

The FBI has refuted Antisec's claims. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," a spokesman said.

An FBI spokesman also said the FBI did not have a file corresponding to that obtained by Antisec.

"We never had info in question. Bottom Line: TOTALLY FALSE," it said on an official Twitter account.

According to MacRumours, the captured UDIDs appear to be genuine. The identifiers are tied in with personal data, most of which has been redacted by Antisec. 

The FBI special agent who allegedly used the hacked laptop has a history with Antisec's predecessor Lulzsec, being one of the agents in a joint FBI and Scotland Yard conference call in March this year that Lulzsec intercepted and broadcast on the Internet.

The conference call related to investigations into members of Anonymous.

The AtomicReferenceArray vulnerability used by Antisec to break into the FBI agent's laptop is different from the recently publicised zero-day Java exploits.

Copyright © iTnews.com.au . All rights reserved.


FBI denies Antisec Java exploit hack
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1070

Vote