Hackers have released a file that they say contains more than one million identification numbers for Apple iPhones, iPads and iPod Touch devices. They claim to have obtained the file by hacking into the computer of a federal agent.
The hacking group, known as AntiSec a subset of the loose hacking collective known as Anonymous posted copies of the file on Sunday and, in an online message, claimed to have a total of more than 12 million Apple identification numbers and associated personal data in their possession. They said they obtained the file in March by hacking into the laptop of a Federal Bureau of Investigation agent in the bureaus New York field office.
The F.B.I. denied that the file was obtained from one of its agents.
<<<<< Actual Dump >>>>>>> <<<< web Source: http://pastebin.com/nfVT7b0Z >>>>>
- CANDY! CANDY! CANDY!...............candy.
-
-
- Download links:
-
- http://freakshare.com/files/6gw0653b/Rxdzz.txt.html
- http://u32.extabit.com/go/28du69vxbo4ix/?upld=1
- http://d01.megashares.com/dl/22GofmH/Rxdzz.txt
- http://minus.com/l3Q9eDctVSXW3
- https://minus.com/mFEx56uOa
- http://uploadany.com/?d=50452CCA1
- http://www.ziddu.com/download/20266246/Rxdzz.txt.html
- http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html
-
- HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE
-
- first check the file MD5:
- e7d0984f7bb632ee19d8dda1337e9fba
-
- (lol yes, a "1337" there for the lulz, God is in the detail)
-
- then decrypt the file using openssl:
- openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz
-
- password is:
- antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6
-
- then uncompress:
- tar -xvzf decryptedfile.tar.gz
-
- and then check file integrity using the MD5 included in the password u used to
- decrypt before:
- 579d8c28d34af73fea4354f5386a06a6
- ^ yeah that one.
-
- if everything looks fine
- then perhaps it is.
-
- enjoy it!
-
- there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
- APNS tokens.
- the original file contained around 12,000,000 devices. we decided a million would be
- enough to release.
- we trimmed out other personal data as, full names, cell numbers, addresses,
- zipcodes, etc.
- not all devices have the same amount of personal data linked. some devices
- contained lot of info.
- others no more than zipcodes or almost anything. we left those main columns we
- consider enough to help a significant amount of users to look if their devices
- are listed there or not. the DevTokens are included for those mobile hackers
- who could figure out some use from the dataset.
-
-
- file contains details to identify Apple devices.
- ordered by:
-
- Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
- Device Type.
-
-
-
- We never liked the concept of UDIDs since the beginning indeed.
- Really bad decision from Apple.
- fishy thingie.
-
-
- so the big question:
- why exposing this personal data?
- well we have learnt it seems quite clear nobody pays attention if you just come
- and say 'hey, FBI is using your device details and info and who the **** knows
- what the hell are they experimenting with that', well sorry, but nobody will care.
- FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will
- forget the whole thing at amazing speed. so next option, we could have released
- mail and a very small extract of the data. some people would eventually pick up
- the issue but well, lets be honest, that will be ephemeral too.
- So without even being sure if the current choice will guarantee that people
- will pay attention to this ******* shouted
- '******* FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME
- ****' well at least it seems our best bet, and even in this
- case we will probably see their damage control teams going hard lobbying media
- with bullshits to discredit this, but well, whatever, at least we tried and
- eventually, looking at the massive number of devices concerned, someone should
- care about it. Also we think it's the right moment to release this knowing that
- Apple is looking for alternatives for those UDID currently and since a while
- blocked axx to it, but well, in this case it's too late for those concerned
- owners on the list. we always thought it was a really bad idea. that hardware
- coded IDs for devices concept should be erradicated from any device on the
- market in the future.
-
- so now candy was delivered.
- few words, and just a few, about how the **** came. we don't like too much
- about disclosing this part, we understood it would be needed, so, ****
- whatever. lost asset. Hope it serves for something.
-
-
- During the second week of March 2012, a Dell Vostro notebook, used by
- Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
- Team and New York FBI Office Evidence Response Team was breached using the
- AtomicReferenceArray vulnerability on Java, during the shell session some files
- were downloaded from his Desktop folder one of them with the name of
- "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
- devices including Unique Device Identifiers (UDID), user names, name of device,
- type of device, Apple Push Notification Service tokens, zipcodes, cellphone
- numbers, addresses, etc. the personal details fields referring to people
- appears many times empty leaving the whole list incompleted on many parts. no
- other file on the same folder makes mention about this list or its purpose.
-
