One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

An antibiotic-resistant superbug is silently spreading through UK hospitals

There have already been outbreaks in Manchester, London, Edinburgh, and Birmingham, but deaths are not centrally recorded. 

Lying in a hospital bed, four months pregnant, Emily Morris felt only terror. She had caught a urinary tract infection and it was resistant to common antibiotics. Doctors needed to treat it as it could harm the baby, but the only drugs that could work hadn’t been tested on pregnant women before; the risks were unknown. Overwhelmed, Emily and her husband were asked to make a decision. A few hours later, gripping each other’s arms, they decided she should be given the drugs.

In Emily’s case, the medicine worked and her son Emerson (pictured below with Emily) was born healthy. But rising antibiotic resistance means people are now suffering infections for which there is no cure. Doctors have long warned that decades of reliance on these drugs will lead to a "post-antibiotic era"– a return to time where a scratch could kill and common operations are too risky.

It sounds like hyperbole – but this is already a reality in the UK. In the last four years 25 patients have suffered infections immune to all the antibiotics Public Health England tests for in its central lab, the Bureau of Investigative Journalism has discovered.

While these cases are rare, reports of a highly resistant superbug are rising, and infection control doctors are worried. Carbapenem resistant enterobacteriaceae (CRE) are not only difficult to pronounce, but deadly. These are bugs that live in the human gut but can cause an infection if they get into the wrong place, like the urinary tract or a wound. They have evolved to become immune to most classes of antibiotics – so if someone does become infected, there are only a few drugs that will still work. If CRE bacteria get into the bloodstream, studies show between 40 per cent and 50 per cent of people die.

These bugs are causing huge problems in India, certain parts of Asia, the Middle East and some countries in southern Europe. Until recently, most infections were seen in people who had travelled abroad, had family members who had, or had been in a foreign hospital. The boom in cheap cosmetic surgery in India was blamed for a spate of infections in Britain.

Now, doctors are finding people who have never boarded a plane are carrying the bug. There have already been outbreaks in Manchester, London, Liverpool, Leeds, Edinburgh, Birmingham, Nottingham, Belfast, Dublin and Limerick among other areas. Patients found with CRE have to be treated in side rooms in hospital so the bacteria does not spread and harm other vulnerable patients. But in many of Britain’s Victorian-built hospitals, single rooms are in sparse supply. Deaths from CRE aren’t centrally recorded by the government - but it is thought hundreds have already died. 

Across the country, doctors are being forced to reach for older, more toxic drugs to treat these infections. The amount of colistin – called the "last hope" antibiotic as it is one of few options still effective against CRE infections - rose dramatically in English hospitals between 2014 and 2015, the Bureau has revealed. Colistin was taken off the shelves soon after it was introduced, as it can harm the kidneys and nervous system in high doses, but was reintroduced when infections became immune to standard treatment. The more we use colistin the more bacteria develop resistance to it. It’s only a matter of time before it stops working too, leaving doctors’ arsenal near-empty when it comes to the most dangerous superbug infections.

Due to a kidney problem, Emily Morris suffers repeat urinary tract infections and has to be hospitalised most months. Her son Emerson comes to visit her, understanding his mummy is ill. If she catches a superbug infection, she can still be given intravenous antibiotics to stem it. But she worries about her son. By the time he is an adult, if he gets ill, there may be no drugs left that work.

Madlen Davies is a health and science reporter for the Bureau of Investigative Journalism