AntiSec, a prankish offshoot of the Anonymous hacker collective, released 1,000,001 Apple device ID profiles, a fraction of the 12 million device IDs it claims to have obtained. While Apple users may be concerned about the public release of the data – numbers that identify all Apple devices, often including a user’s personal information – the source of AntiSec’s leak is more unsettling still. According to its characteristically boisterous release, the millions of ID numbers were taken from an FBI agent’s laptop, which they hacked earlier this year.
With scant regard for grammar, the hacktivists explained in the release their decision to expose Apple users’ personal data as their “best bet” to instigate public outcry over the FBI’s phone surveillance apparatus:
It seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that.' [W]ell sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed.
According to security expert Peter Kruse, who has been investigating the validity of AntiSec’s claims, the leaked data genuinely corresponds to Apple Unique Device Identifiers (UDIDs). He tweeted, “Apple UDID leak is real. I have confirmed three of my devices in the leaked data.” (HuffPost Tech this morning published a post for Apple users on how to check if your UDID was among the leaked material.)
It is not clear why or how the FBI (or, for that matter, any party aside from Apple) would have an extensive list of device identifiers. The file containing the information, according to AntiSec’s release, was taken during a March 2012 hack on the computer of New York-based Supervisor Special Agent Christopher K. Stangl from the FBI’s Regional Cyber Action Team.
“Some files were downloaded from his Desktop folder, one of them … turned [out] to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone, numbers, addresses, etc,” the AntiSec statement noted.
There’s currently no evidence to suggest that the FBI was actively tracking any of the devices listed. However, earlier this year, an extensive report from the American Civil Liberties Union, based on over 5,000 law enforcement agency documents, concluded that “The government is routinely violating Americans' privacy rights through warrantless cell phone tracking.” Unsurprisingly, then, AntiSec sympathizers have been quick to highlight the political importance of the hackers’ controversial release. The official Twitter feed of Occupy Wall Street posted, “The American people demand to know how and why the FBI got 12 million Apple device users’ private info.”
The New York FBI Office’s press line gave Salon “no comment” on the issue.
Despite their self-styled reputation as pranksters in it “for the lulz,” AntiSec members are forthright in stating their political allegiances and anarchistic underpinnings. (“This is our next challenge: to decide whether to become tools for the system, or for ourselves,” they wrote.) Their statement today also included solidarity messages to Bradley Manning, Pussy Riot (“Hang in there babes!”) and dissidents in Syria, Tunisia and Egypt. They make special note too of Jeremy Hammond, a Chicago-based hacker currently facing charges relating to the December 2011 Statfor Hack. Hammond was among a handful of activists turned over to the FBI by AntiSec and LulzSec hacker-turned-informant Hector Xavier Monsegur (aka “Sabu”).
Whether more will come from what AntiSec describe as their “auditing” of FBI activity is yet to be seen. The hacker collective stated that they would not be speaking to journalists unless a very specific demand is met: an image of Adrian Chen, a male Gawker staff writer who has written critically about Anonymous tactics, must be featured on the Gawker front page for a whole day with the reporter wearing a ballet tutu. Until Chen meets the demand, the hackers vow to stay quiet. Chen has responded, “I'm totally open to the possibility. I know I look pretty good in a tutu.” We’re on tenterhooks, Adrian …
Update: The FBI has released the following statement in response to AntiSec's announcement:
"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
Whether AntiSec will respond in turn is yet to be seen. Meanwhile, Gawker has posted a fetching photo of their writer, Adrian Chen, tutu-clad with a shoe on his head -- a condition the hacker collective said had to be met before they would give more information to the press.