One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Show Hide image

First The Dress, now The Legs: Why is the internet so obsessed with optical illusions?

Ever since The Dress, optical illusions have dominated our feeds and brains. What does this tell us about 21st-century society?

Are these legs shiny and oily, or are they legs with white paint on them? That’s the first question. The second question is: why do we care? Ever since the fateful first light of 25 February 2015, optical illusions have become the internet’s currency. “Is this dress white and gold or black and blue?” whispered the world wide web on that day, paving the way for our news sources to be replaced by a constantly updating feed of hidden cigars in brick walls, phones concealed in carpets, and a lonely Cheese & Onion Bake secreted in some Steak Bakes.

Today, The Dress has been usurped by The Legs. Within the last few hours, news stories on The Telegraph, Metro, Mashable, Buzzfeed and The Independent’s Indy100 have popped up about a tweet from Twitter user @kingkayden, who posted a picture of legs-splattered-with-white-paint-that-sort-of-look-like-legs-splattered-with-oil. No one on social media can shut up about it, and – aside from the fact that anything, absolutely anything, which distracts us from Brexit will do – it’s a mystery why.

“Optical illusions have always been very popular because they challenge the basic notion that we are able to see what is right in front of our eyes,” says Richard Wiseman, a psychologist, author, and owner of the YouTube channel Quirkology, which is full of optical illusions and tricks. “In fact, perception is constructive and our brains are constantly making guesses about what is happening around us. But it doesn't feel like that.

“Illusions show us that we are not really seeing the world as it is and I think people find that fascinating. The web just allows these images and videos to be shared more quickly than ever before.”

It’s a fascinating explanation, but there are also much more cynical tricks at play. News websites deliberately play on this basic psychological love of optical illusions to ensure that they spread online and therefore generate clicks.

“If you sell the story on social channels as a challenge it’s more likely to perform well,” explains a writer for a popular viral news website who wishes to remain anonymous. “I honestly think people like the feeling that they’re intelligent or have completed a challenge simply because they can see the reasoning behind why a certain illusion works.”

Although the writer, understandably, doesn’t want to share the number of clicks an average optical illusion story gets, they assure me that they are a huge traffic driver. “I think there’s something to be said for optical illusions stories being entertainment as news – they’re innocuous pieces which pretend to teach you something about the way your eyes and brain work, but actually you’re just clicking on it because you think you know what the trick will be. Of course this is a fallacy, but it’s one that works for everyone – the ‘news’ website gets traffic, the people get entertained,” they say.

“That it’s become such a success story for viral news outlets is more concerning – the traffic these stories generate mean they often supersede actual news in terms or priority, even if the news is thoroughly entertaining. This is where I think we hit murky waters if we attempt to define our product as 'news'.”

It's true that there's room on the internet for everything and everyone, and optical illusions shouldn't disappear from our hearts and feeds, but it is fair to be worried about their prevalence online. When news websites sell stories as something “Only 2 per cent of people can see!!!”, we are simultaneously dumbing down and pretending we are smart. 

Besides, the legs clearly have white paint on them.

Amelia Tait is a technology and digital culture writer at the New Statesman.