AntiSec, a splinter group of the popular hacktivist group Anonymous, has claimed that it was recently able to break into FBI’s servers. As a result of this breach, the group claims, it obtained more than 12 million Apple UDIDs. It has now leaked 1 million of these on the web.
The group claims that it was able to break into the notebook of a FBI agent who belonged to the FBI Regional Cyber Action Team and New York FBI Office Evident Response Team. The breach was achieved by exploiting the AtomicReferenceArray vulnerability in Java.
During the hack session, it was found out that a certain file titled ‘NCFTA_iOS_devices_intel.csv’ was contained on the machine. AntiSec downloaded the file, only to find that it contained the device IDs of some 12 million Apple users. The UDIDs were accompanied with names, zip code, phone numbers as well as other information. AntiSec has posted 1 million of these UDIDs online over here.
What this suggests is that the data has been handed over to FBI by Apple. Apple is known to be quite friendly and complacent towards security agencies. The file name contains the acronym ‘NCFTA’ which probably stands for National Cyber Forensics & Training Alliance. NCFTA “functions as a conduit between private industry and law enforcement.”
In other words, it is a body that lets security agencies gather all kinds of user data from private companies. And Apple seems to be a part of it. It is quite disappointing to note that while on the face, most tech giants blatantly argue that they would never divulge any user information to the security agencies, things seem to be different behind the scenes.