FBI denies Antisec Java exploit hack

Powered by SC Magazine
 

Hackers claim 12 million identifiers accessed.

Hacker group Antisec has leaked more than a million unique Apple device identifiers it claims to have stolen from an FBI agent's laptop, a claim that is strongly refuted by the FBI.

The group claimed to have exploited a Java vulnerability to obtain over 12 million UDIDs, which uniquely identify Apple iOS devices.

It then leaked a portion of these identifiers in a long, incoherent and expletive-laden political posting to Pastebin.

Antisec's Pastebin post alleged a "Dell Vostro notebook" used by a special agent and two separate FBI teams had been compromised "during the second week of March 2012".

"[It] was breached using the AtomicReferenceArray vulnerability on Java," Antisec said.

"During the shell session, some files were downloaded from [the] Desktop folder.

"One of them ... turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."

"No other file on the same folder makes mention about this list or its purpose. "

The FBI has refuted Antisec's claims. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," a spokesman said.

An FBI spokesman also said the FBI did not have a file corresponding to that obtained by Antisec.

"We never had info in question. Bottom Line: TOTALLY FALSE," it said on an official Twitter account.

According to MacRumours, the captured UDIDs appear to be genuine. The identifiers are tied in with personal data, most of which has been redacted by Antisec. 

The FBI special agent who allegedly used the hacked laptop has a history with Antisec's predecessor Lulzsec, being one of the agents in a joint FBI and Scotland Yard conference call in March this year that Lulzsec intercepted and broadcast on the Internet.

The conference call related to investigations into members of Anonymous.

The AtomicReferenceArray vulnerability used by Antisec to break into the FBI agent's laptop is different from the recently publicised zero-day Java exploits.

Copyright © iTnews.com.au . All rights reserved.


FBI denies Antisec Java exploit hack
 
 
 
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
 
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
 
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3975

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1356

Vote