Hackers Get Personal Info On 12-Million Apple Users... From An FBI Laptop
by Mike Masnick
Much of the debate over cybersecurity legislation like CISPA and the Cybersecurity Act focused on getting more private companies to "share data" with federal government agencies, including the FBI and the NSA. As we've pointed out time and time again, beyond the basic privacy rules that the bills tended to bulldoze through, any time you increase the sharing of private data, you're only making it that much easier for hackers to access that info because you're putting it in more places -- some of which will almost definitely be insecure. In other words, even though these bills were ostensibly about "protecting" from hack attacks, by increasing the sharing of data, they'd almost certainly open up new attack opportunities and make it easier for hackers to get info.
While neither bill passed (yet), the latest example of what happens when you have widespread data sharing comes from some Antisec hackers, who claim that -- in response to a presentation from the NSA's General Keith Alexander -- they wanted to probe the security of various government agencies, including the FBI. End result? They claim to have hacked into the laptop of FBI agent Christopher Stangl, who has appeared in recruitment videos for the FBI looking to hire "cyber security experts."
The hackers claim that on his laptop, they found a csv file with:
...a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. The hackers have released 1,000,001 UDIDs and APNS tokens to prove they had the data, stripping out the personal info. The file they found was called: "NCFTA_iOS_devices_intel.csv" which folks at Hacker News have pointed out likely refers to the National Cyber-Forensics & Training Alliance. According to its website, the NCFTA...
functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cyber crime. In an effort to streamline intelligence exchange, the NCFTA will often organize SME interaction into threat-specific initiatives. Once a significant online scheme is realized and a stakeholder consensus defined, an initiative is developed wherein the NCFTA manages the collection and sharing of intelligence with the affected parties, industry partners, appropriate law enforcement, and other SMEs. In other words, it's almost exactly what we were told we needed CISPA to enable. In fact, during the CISPA debate, we specifically pointed to the NCFTA to ask why we needed CISPA, since something like that was already possible.
And now it seems to also be showing why CISPA or other similar legislation focused on increased "sharing" of info could actually put many more users at risk, rather than protect them. When the feds are careless with the info they receive from companies, it's going to get hacked. These kinds of things just put a giant target on their back, and now we're seeing the harmful results of such sharing without effective privacy protections.
And the feds want more of this?
Latest Big Brother/Orwellian
- New Bill Would Have Teachers Diagnose Psychological Issues in Children and Report them to Police
- How The Copyright Industry Wants To Undermine Anonymity & Free Speech: 'True Origin' Bills
- Even If Congress Lets Section 215 Expire, The NSA May Be Able To Keep On Collecting Phone Metadata
- Report: Feds Urge Banks to Call Cops on Customers Who Withdraw $5,000 or More
- UK Police Can't Confirm Or Deny Investigation Of Journalists It Publicly Confirmed In 2013
- Snowden Docs Reveal Canada a Major Player in Global Spy Operations
- Senate Intelligence Committee Advances Terrible Surveillance Bill in Secret Session
- US Threatened to 'Cut Off' Germany Over Snowden
FAIR USE NOTICE
This site contains copyrighted material the use of which in some cases has not been specifically authorized by the copyright owner. Such material is made available for the purposes of news reporting, education, research, comment, and criticism, which constitutes a 'fair use' of such copyrighted material in accordance with Title 17 U.S.C. Section 107. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. It is our policy to respond to notices of alleged infringement that comply with the DMCA and other applicable intellectual property laws. It is our policy to remove material from public view that we believe in good faith to be copyrighted material that has been illegally copied and distributed by any of our members or users.