“Now I know what a ghost is. Unfinished business, that’s what.” — Salman Rushdie, The Satanic Verses
With this strange quote, the Hacker group Operation AntiSec released one million unique identifiers (UDIDs) from Apple iOS devices today. Here’s the full-blown statement the group made on the subject of releasing the list to the public. Further down, there’s also a description of how to obtain the leaked list if you wish to do just that.
The reason for making public what it found on an FBI laptop back in March is to bring more attention to the fact that the FBI might be using these UDIDs for some kind of tracking project. We’ll never know for sure why the FBI has access to this data, of course. What should be the more pertinent question is how the FBI got its hands on this list, which contains over 12 million device records. These include also usernames, and in some instances, names, cellphone numbers, addresses, and ZIP codes. So, if you’re using an iOS device, it’s understandable if you’re a little concerned. Notwithstanding the strange feeling it elicits, probably nothing malicious will happen to you, yet now other hackers and spammers can access this same data and could misuse it to their advantage.
To find your phone’s UDID:
- Plug your device into your computer.
- Launch iTunes and click on your device in the sidebar.
- Under your device’s name, capacity, and software version, click on the serial number. This will show your device’s UDID instead.
Unfortunately, if you own an Apple device, there’s not much you can do to leverage the situation. You can’t change your UDID the way you could choose a new password. There are sites that let you search the one million list UDIDs to ascertain if yours is included. The safest way to check is to download the 90 MB file from the links provided at Pastebin and check for your UDID with a simple Ctrl+F (Cmd+F on Mac). Also, even if your device isn’t in the list, it could be in the other 11 million.
Mac Rumors notes: “The actual implications of the leak, even if your UDID is found, aren’t entirely clear. The UDIDs themselves are rather harmless in isolation.”
At the end of the day, one question still remains: Why does the FBI have 12 million UDIDs on its laptops, anyway? What or who is it tracking?
Update: In a statement on Tuesday afternoon,The Federal Bureau of Investigation denies any involvement. It claims it was never in possession of the data claimed stolen by AntiSec. Here is what the FBI says: “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.” Furthermore, there’s no comment on the alleged connection to the NCFTA (mentioned in the statement from the hacker group). The National Cyber Forensics and Training Alliance is a non-profit founded in 1997 by FBI agent Dan Larkin as an aid to exchange data and cooperate between private industry and law enforcement agencies.
Further Update: According to new sources that contradict Anonymous’ claims, it was the Blue Toad publishing company — not the FBI — who is responsible for the UDID leak. Next week, maybe someone else will be to blame? Stay tuned!