David Gilbert reports:
A post on Pastebin claims that during the second week of March 2012, a Dell Vostro laptop used by FBI Supervisor Special Agent Christopher K. Stangl (seen above in a video calling for computer science graduates to work with the FBI) was breached.
The group claims it found a file on the computer’s desktop – labelledNCFTA_iOS_devices_intel.csv – which contained a list with details about over 12 million unique Apple iOS devices including the Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, addresses and mobile phone numbers.
Read more on International Business Times.
The paste, which is not signed with the now-familiar Anonymous sigblock, offers a somewhat lengthy political statement and rationale before getting to the description of the breach:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The FBI has not confirmed or denied the claims, which were first revealed yesterday on Pastebin.
So… if the claims are true (and we don’t know that yet): why were 12+ million entries of this kind in the FBI’s possession? And why were they on a mobile device? I’d like to hear the FBI’s explanation for this. That the FBI engages in domestic surveillance is not exactly earth-shattering news, but what crimes have so many possibly committed that would justify this database? And how did they compile these data, if they did?
Kudos to the hackers who decided to trim the personal information. Although DataBreaches.net does not, as a policy, endorse hacking even for worthy goals, this site does endorse hackers taking steps to protect the personal information of those who may have done nothing wrong but find their details in a database.
UPDATE: The FBI issued the following statement:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.