Some bad (and scary) news that is doubly bad; in part for Apple, in part for the FBI, and all for the rest of us.
Hackers from the hacking group AntiSec breached the laptop of a federal agent and downloaded an Excel file that contained just under 12.5 million device IDs (UDIDs) of Apple products, meaning iPads, iPods, and iPhones.
The first thing to know is that atomic data, say a device's unique identifier, in and of itself is not of much use, but its ability to link to other pieces of information is the real problem. From what the reports say, there is associated data such as the owner of the device's name, phone number, and address.
1 million IDs, without user information, were leaked online, but there about 12 million more to unleash.
This is of course bad for apple, but the real question seems to be 'what was an FBI agent doing with an Excel spreadsheet containing the unique device IDs and associated owner information ?' Even President Obama's iPad was in the list.
This is bad for Apple, good for AntiSec, but i suspect it will turn out to be VERY bad for the FBI. If you would like to see if your iPad, and your info, is in the file, you check it online here. You can even see the plaintext version of the leaked info here (thanks to Ars Technica, and there is very heavy traffic). It's an interesting read.
Update: Perhaps the FBI is off the hook after all; app developer Blue Toad publishing is claiming that the data was stolen from them, not the FBI. If conspiracy theory is your thing, you might be interested in the suggestion that the data was actually *planted* on the FBI laptop to implicate them in something.
Very interesting, I'm curious to see how this all falls out.
Wow! I was wondering why an FBI agent would have that information as well. It is so interesting to me that people who are so computer savvy choose to use their knowledge for bad rather than good. Very interesting story.
ReplyDeleteI saw this piece of news earlier today and thanked my lucky stars I don't have to worry. I've experienced the nightmare of identity theft before and I feel for the folks who are now exposed.
ReplyDeleteThat said, how is it that the FBI hires someone capable of losing that much information ... or was it done on purpose to promote the same ideology behind AntiSec, i.e. -- non-disclosure of unknown/non-public exploits, and ultimately tilt public sentiment in favor of internet lock down?
I'm not accusing the agency of pulling a false flag but since S3414 just failed, the whole situation just looks suspect.
----
About S3414:
`Cyber-Security Impasse: Senators failed, 52-46, to reach 60 votes for ending GOP blockage of a bill setting up a voluntary system to help companies fend off cyber-attacks that could cause chaos in America. A yes vote was to advance the bill (S 3414) over U.S. Chamber of Commerce arguments it is government overreach into the private sector.' -- 30 AUG 2012
http://winnetka.suntimes.com/news/14277232-418/voterama-in-congress-week-ending-aug-3-2012.html
There have been so many crazy scandals surrounding incompetent employees in government, with the secret service and its in behavior in Columbia and GSA. This new mishap doesn't sound to surprising with all of the others bad judgement on the job. One may think that this person from the FBI would learn from the mistakes that other governmental officials made?
ReplyDeleteThis is interesting and at the same time very scary. What exactly is the FBI doing with those files? It isn't surprising, just scary. Identity theft is a big deal and with advancing technologies, I think everyone is unsafe.
ReplyDeleteJust to comment on some of the posts:
ReplyDelete@Hicks, I worked for a federal agency and during the time there my bosses laptop was stolen. Because of the 'do more with less' work ethic, all of our bosses had laptops that they could take home and work late by from remote access. So if this person was identified and followed to secure the theft of a laptop, what should be recognized is there was probably little that could be done, as most law enforcement official will atest to, 'if someone wants to steal your stuff, they will find a way'. Maybe it would better to start ensuring that government agencies have the money to keep this sort of information in a secure building with the most up to date, online protection.
@ vegas coed: S3414 argument against by the chamber of commerce that it is an overreach by the government should really be looked at in terms of money. The argument that it is overreaching by the COC, in my opinion comes down to the cost of ramping up the security of the consumers by the companies, which can be costly. After a business does the cost benefit analysis ( the chances of a cyber attack and the estimated cost of litigation) and realizes that it's cheaper to settle out of court (because in reality, it would be very hard to win in court against these types of companies) so they lobby to have cheaper security at the expense of easier access to the customers information via security breaches and then blamed their position against the bill on the fear mongering of an 'over reaching' government. I can assure you, whatever the government wants to know about you, they have legal access to through the Freedom of Information Act. The lack of passage on the bill boils down to the cost of a ramped up security by the business community.
Very intriguing...
DeleteMy boyfriend was a victim of identity theft so this story is very scary! I try to take all precautions to avoid anyone getting my information. I am happy to say that I do not own any apple products. This kind of situation should have never happened. Why did the FBI have this information in the first place??
ReplyDelete