Hacktivist group #Antisec releases a million Apple device IDs, wonders why FBI had them
#Antisec, The loosely-organized black hat security collective formerly known as Lulzsec has released a file containing a million and one (1,000,001) Apple Unique Device Identifications (UDIDs), and their related APNs (Apple Push Notification Service) tokens, as well as a certain amount of personal user information. The group claims the information was not taken from Apple directly, but rather though a vulnerability exploit on FBI Agent Christopher K. Stangl last March.
The group claims there were actually more than twelve million UDIDs on Stangl's Dell Vostro notebook, as well as an incomplete list of zip codes, mobile phone numbers, home addresses, and whatever personal detail fields could be obtained. Antisec said there were no other files in the same folder that mention the list or its purpose.
This is why the group released the list to the public.
"…It seems quite clear nobody pays attention if you just come and say 'hey, FBI is using your device details and info and who the f--- knows what the hell are they experimenting with that', well sorry, but nobody will care.
FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too.
So without even being sure if the current choice will guarantee that people will pay attention to this, f----- shouted 'F---- FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME S---' well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media
with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it. Also we think it's the right moment to release this knowing that Apple is looking for alternatives for those UDID currently and since a while blocked axx to it, but well, in this case it's too late for those concerned owners on the list. we always thought it was a really bad idea. that hardware coded IDs for devices concept should be eradicated from any device on the market in the future."
The rest of Antisec's announcement contains some general political grandstanding, including mentions of Syria and Mitt Romney. Still, it is actually one of the most well-written manifestos from the group thus far, and includes some rather poignant passages on the hacktivist ethos:
"If you buy a Playstation, you are not allowed to use it as you want to -- you can only use it the Sony wants you to. If you have found a way to improve something, just shut up. You are not allowed to share this info with anyone else and let them make improvements, too. We are not the real owners of anything anymore. We just borrow things from the System. Shiny, colorful things, we agree to play with for a fee. A fee for life. Because this system works only if you keep working to buy new things. Not important if they are good things, just buy new crap, even better like that. So everything gets outdated soon.
Your home, stuff, car and computer, you will pay for everything you have for all of your life. All the time: a monthly fee, forever until you die. That's the future; nothing is really yours. LaaS - Life As A Service. You will rent your life."
The full document, including instructions on how to obtain the list of UDIDs can be found here.