So, today there was a rather significant data leak posted by the folks at Antisec who apparently managed to breach a system of an FBI agent and leaked 1 million of those records to the web.

Oops.

At first I was skeptical as there was no corroboration but, once I pulled the data and started hunting though it I found some people were in there that I knew and was able to confirm that some of their devices were in fact included. The UDID or Apple unique device ID is tied to iPhones or iPads.

Rob Lemos confirmed that one of his iPads was in fact in the list of dumped UDIDs from the compromised FBI system.

I was in the process of posting a searchable db of the affected data but, I suffered through a bunch of memory errors and was about to five up when I found http://dazzlepod.com/apple/. You can use that link to do partial searches and (possibly) find your UDID. I was happy to note that the only people I could validate in the file were in fact US citizens. I would have been seriously annoyed if I was in there.

So, how does one go about finding the information if they want to test the data?

From Pastebin:

Download links:

http://freakshare.com/files/6gw0653b/Rxdzz.txt.html
http://u32.extabit.com/go/28du69vxbo4ix/?upld=1
http://d01.megashares.com/dl/22GofmH/Rxdzz.txt
http://minus.com/l3Q9eDctVSXW3
https://minus.com/mFEx56uOa
http://uploadany.com/?d=50452CCA1
http://www.ziddu.com/download/20266246/Rxdzz.txt.html
hxxp://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html

HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE

first check the file MD5:
e7d0984f7bb632ee19d8dda1337e9fba

(lol yes, a “1337” there for the lulz, God is in the detail)

then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz

password is:
antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6

then uncompress:
tar -xvzf decryptedfile.tar.gz

and then check file integrity using the MD5 included in the password u used to
decrypt before:
579d8c28d34af73fea4354f5386a06a6
^ yeah that one.

OK, now you have the data or at the very least a way to check for your UDID. The question that comes to mind is…how did the FBI get this information in the first place?

From AFP:

Johannes Ullrich of the SANS Internet Storm Center said it was difficult to verify the report.
“There is nothing else in the file that would implicate the FBI. So this data may very well come from another source. But it is not clear who would have a file like this,” he told AFP.

Ullrich said it is unclear why the FBI, if the report were true, would have the data.

“The size of the file… would imply a widespread, not a targeted tracking operation, or the file was just kept in case any of the users in the file needs to be tracked,” he said.

“The significance of this breach very much hinges on the source, which as far as I know, hasn’t been authenticated yet. The data is, however, real based on some of the reports that people do find their own UDID in the file.”

Sure, the FBI will likely not comment on this leak for a while. But, if in fact this turns out to be real (as I’m thinking it may be) who gave them this data?

It should be noted that this is only a subset of the data that was leaked.

Was it Apple? Was it an app author that divulged this information? Is there a common denominator among the apps people have installed?

The search for the needle in the haystack begins.

(Image used under CC from e_monk)

UPDATE: The plot thickens…

…and then

Comments

  1. Other than the word of Antisec is there any reason to believe this data *actually* came from the FBI?

    If Antisec claimed that it came from a discarded USB drive found outside the residence of the Director of the FSB would we believe that too?

    I think it’s quite silly to just assume that this data came from the FBI unless/until there is more evidence.

  2. Would the FBI admit to it if they DID have the file?

    Of course not. As pointed out, the file implies a very wide scale surveillance or cooperation from Apple. Both imply privacy violations on a large scale. Given the current furor over the NSA’s vast violation of US citizen surveillance laws as revealed by whistle-blower William Binney, I doubt the FBI wants to get in on that…

    Supposedly there is more data to be dumped. Let’s see if that ever turns up.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.