One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Collage by New Statesman
Show Hide image

Clickbaiting terror: what it’s like to write viral news after a tragedy

Does the viral news cycle callously capitalise on terrorism, or is it allowing a different audience to access important news and facts?

On a normal day, Alex* will write anywhere between five to ten articles. As a content creator for a large viral news site, they [Alex is speaking under the condition of strict anonymity, meaning their gender will remain unidentified] will churn out multiple 500-word stories on adorable animals, optical illusions, and sex. “People always want to read about sexuality, numbers of sexual partners, porn habits and orgasms,” says Alex. “What is important is making the content easily-digestible and engaging.”

Alex is so proficient at knowing which articles will perform well that they frequently “seek stories that fit a certain template”. Though the word “clickbait” conjures up images of cute cat capers, Alex says political stories that “pander to prejudices” generate a large number of page views for the site. Many viral writers know how to tap into such stories so their takes are shared widely – which explains the remarkably similar headlines atop many internet articles. “This will restore your faith in humanity,” could be one; “This one weird trick will change your life…” another. The most cliché example of this is now so widely mocked that it has fallen out of favour:

You’ll never believe what happened next.

When the world stops because of a tragedy, viral newsrooms don’t. After a terrorist attack such as this week’s Manchester Arena bombing, internet media sites do away with their usual stories. One day, their homepages will be filled with traditional clickbait (“Mum Sickened After Discovery Inside Her Daughter’s Easter Egg”, “This Man’s Blackhead Removal Technique Is A Complete And Utter Gamechanger”) and the next, their clickbait has taken a remarkably more tragic tone (“New Footage Shows Moment Explosion Took Place Inside Manchester Arena”, “Nicki Minaj, Rihanna, Bruno Mars and More React to the Manchester Bombing”).

“When a terrorist event occurs, there’s an initial vacuum for viral news,” explains Alex. Instead of getting reporters on the scene or ringing press officers like a traditional newsroom, Alex says viral news is “conversation-driven” – meaning much of it regurgitates what is said on social media. This can lead to false stories spreading. On Tuesday, multiple viral outlets reported – based on Facebook posts and tweets – that over 50 accompanied children had been led to a nearby Holiday Inn. When BuzzFeed attempted to verify this, a spokesperson for the hotel chain denied the claim.

Yet BuzzFeed is the perfect proof that viral news and serious news can coexist under the same roof. Originally famed for its clickable content, the website is now home to a serious and prominent team of investigative journalists. Yet the site has different journalists on different beats, so that someone writes about politics and someone else about lifestyle or food.

Other organisations have a different approach. Sam* works at another large viral site (not Buzzfeed) where they are responsible for writing across topics; they explains how this works:  

“One minute you're doing something about a tweet a footballer did, the next it's the trailer for a new movie, and then bam, there's a general election being called and you have to jump on it,” they say.

Yet Sam is confident that they cover tragedy correctly. Though they feel viral news previously used to disingenuously “profiteer” off terrorism with loosely related image posts, they say their current outlet works hard to cover tragic news. “It’s not a race to generate traffic,” they say, “We won't post content that we think would generate traffic while people are grieving and in a state of shock, and we're not going to clickbait the headlines to try and manipulate it into that for obvious reasons.”

Sam goes as far as to say that their viral site in fact has higher editorial standards than “some of the big papers”. Those who might find themselves disturbed to see today’s explosions alongside yesterday’s cats will do well to remember that “traditional” journalists do not always have a great reputation for covering tragedy.

At 12pm on Tuesday, Daniel Hett tweeted that over 50 journalists had contacted him since he had posted on the site that his brother, Martyn, was missing after the Manchester attack. Hett claimed two journalists had found his personal mobile phone number, and he uploaded an image of a note a Telegraph reporter had posted through his letterbox. “This cunt found my house. I still don't know if my brother is alive,” read the accompanying caption. Tragically it turned out that Martyn was among the bomber's victims.

Long-established newspapers and magazines can clearly behave just as poorly as any newly formed media company. But although they might not always follow the rules, traditional newspapers do have them. Many writers for viral news sites have no formal ethical or journalistic training, with little guidance provided by their companies, which can cause problems when tragic news breaks.

It remains to be seen whether self-policing will be enough. Though false news has been spread, many of this week’s terror-focused viral news stories do shed light on missing people or raise awareness of how people can donate blood. Many viral news sites also have gigantic Facebook followings that far outstrip those of daily newspapers – meaning they can reach more people. In this way, Sam feels their work is important. Alex, however, is less optimistic.

“My personal view is that viral news does very little to inform people at times like this and that trending reporters probably end up feeling very small about their jobs,” says Alex. “You feel limited by the scope of your flippant style and by what the public is interested in.

“You can end up feeding the most divisive impulses of an angry public if you aren’t careful about what conversations you’re prompting. People switch onto the news around events like this and traffic rises, but ironically it’s probably when trending reporters go most into their shells and into well-worn story formats. It’s not really our time or place, and to try and make it so feels childish.”

Amelia Tait is a technology and digital culture writer at the New Statesman.

0800 7318496