One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Curtis Holland
Show Hide image

Living the Meme: What happened to the "Bacon is good for me" boy?

Eight years after becoming a meme, the boy dubbed "King Curtis" explains what life is like now.

It is hard to pinpoint the one quote that made Curtis Holland a viral sensation. When he appeared on Wife Swap eight years ago, Holland – aka King Curtis – battled ferociously with his replacement mum Joy, who wanted to rid his home of unhealthy snacks. “Chicken nuggets is like my family,” he said at one point; “I don’t wanna be skinny! I wanna be fat and happy,” he said at another; during one particularly memorable scene he wrote “I am not lisning to your rules” on a Post-It note.

“Bacon is good for me!” perhaps comes out top. The quote – like all the others – has become an internet meme, featured in screenshots and gifs, but has additionally been remixed into a song. The original clip has over ten million views on YouTube. Now aged 15, Holland is speaking to me from his home in Vanceboro, North Carolina. “Oh yes!” he says when I ask if he still likes bacon. “Every morning my mum gets up and we all cook bacon together.”

 

Before speaking to Holland, I had eaten (ten) chicken nuggets for my tea, but when I tell him this I'm not sure he believes me. “I know some people say this just to say it,” he says, before admitting he himself had eaten some that day. “This morning that's exactly what I had.”

Holland speaks in a straightforward matter-of-fact tone that is just as endearing now as it was when he was seven. He is incredibly respectful – calling me “ma’am” at least three times – and is patient when I struggle to decipher his thick Southern accent (“pennies” for example, becomes “pinnies”, “cars” is “curs”).

“We live in a small community, and a lot of people say that I'm the movie star,” says Holland, when I ask him to explain how life has changed since appearing on TV. When I ask about life after becoming a meme, Holland is less sure. “I mean I don't have a Twitter but a lot of people say that I'm up there just about every week,” he says (in reality, the clip of his appearance alone – never mind gifs, quotes or screenshots – is tweeted multiple times a day).

There is one meme moment, however, that Holland definitely didn’t miss. In 2015, Pretty Little Liars actress Lucy Hale posted a photo to Instagram asking for an update on his life. In response, Holland created a YouTube video asking for money to rebuild cars and confidently saying “Someday I’ll get my own bacon brand.” The video got over 400,000 views.

“I went viral for I think three or four days and I was on the most views on YouTube,” explains Holland. “That was pretty cool for me, to see when I look on YouTube there my face is.” How did it make him feel, I ask? “It makes you feel good inside. One day I come home from school and I was mad, and I can tell you it just made me feel really good inside to see that [the video] was pretty much one of the top in basically the world.”

Despite enjoying the attention, Holland has no aspirations to be a TV or internet star again. He is part of an organisation called the Future Farmers of America (FFA), and plans to go to his local community college before becoming a welder. “There’s a few know-it-alls in the community,” he says, “They just say it’s crazy how you went and did all that and now you’re not going on in the movie field. That’s not something I’m really interested in.”

Yet although Holland says it’s “time to move on a little bit”, he also admits he would be open to any offers. “A lot of people say well why don’t you just get up with a bacon company and do commercials or something… I mean I wouldn’t mind doing that if they came and asked me.” After Wife Swap, a company did come and film a pilot for Holland’s own show, but it never amounted to anything. “I mean you'd be lucky to get on TV once in your whole life and I feel like I really enjoyed it when I was up there,” he says when I ask if this was disappointing.

All of this means that Holland hasn’t made much money from his viral fame. Unlike other memes I’ve spoken to, he hasn’t earned hundreds of thousands of dollars. “I believe I got 150 bucks,” he says of his “Update” YouTube video, “All the other stuff like the ‘Bacon is good for me’ songs, they’ve [the creators] made $75,000 and that’s a lot of money putting away."

“I mean it don’t annoy me because it ain’t my fault; it’s nobody’s fault in the situation. They found a way around the system,” he says when I ask if he’s annoyed at others’ making money at his expense.

Nowadays, Holland is still recognised when he is out and about, and says he has signed over one thousand autographs in his life (once he was wary of a neighbourhood policeman who was asking him to sign a parking ticket, before he realised he simply wanted an autograph). “I don’t get sick of it, but of course you’ve got a few people that want to be rude about what you’re doing.

“I really don’t care, I’m a really upbeat kind of person. If there's somebody in a computer screen telling me something that means nothing, you know?”

For Holland, then, the good outweighs the bad. Apart from being asked after by Lucy Hale, his favourite thing about going viral is that he gets to make people laugh. “If I can go up to somebody and make their day and make them smile, I feel like I’ve done a great thing,” he says.

I end the interview with Holland like I end all of my interviews with memes: by asking him if there’s anything he would like to say – a message he’d like to get out there, or a misconception he’d like to clear up – now that he has the chance.

“Oh nothing I've got to say,” he begins, “except bacon is still good for me.”

 “Living the Meme” is a series of articles exploring what happens to people after they go viral. Check out the previous articles here.

To suggest an interviewee for Living the Meme, contact Amelia on Twitter.

Amelia Tait is a technology and digital culture writer at the New Statesman.