Hackers Get Personal Info On 12-Million Apple Users... From An FBI Laptop
by Mike Masnick
Much of the debate over cybersecurity legislation like CISPA and the Cybersecurity Act focused on getting more private companies to "share data" with federal government agencies, including the FBI and the NSA. As we've pointed out time and time again, beyond the basic privacy rules that the bills tended to bulldoze through, any time you increase the sharing of private data, you're only making it that much easier for hackers to access that info because you're putting it in more places -- some of which will almost definitely be insecure. In other words, even though these bills were ostensibly about "protecting" from hack attacks, by increasing the sharing of data, they'd almost certainly open up new attack opportunities and make it easier for hackers to get info.
While neither bill passed (yet), the latest example of what happens when you have widespread data sharing comes from some Antisec hackers, who claim that -- in response to a presentation from the NSA's General Keith Alexander -- they wanted to probe the security of various government agencies, including the FBI. End result? They claim to have hacked into the laptop of FBI agent Christopher Stangl, who has appeared in recruitment videos for the FBI looking to hire "cyber security experts."
The hackers claim that on his laptop, they found a csv file with:
...a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. The hackers have released 1,000,001 UDIDs and APNS tokens to prove they had the data, stripping out the personal info. The file they found was called: "NCFTA_iOS_devices_intel.csv" which folks at Hacker News have pointed out likely refers to the National Cyber-Forensics & Training Alliance. According to its website, the NCFTA...
functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cyber crime. In an effort to streamline intelligence exchange, the NCFTA will often organize SME interaction into threat-specific initiatives. Once a significant online scheme is realized and a stakeholder consensus defined, an initiative is developed wherein the NCFTA manages the collection and sharing of intelligence with the affected parties, industry partners, appropriate law enforcement, and other SMEs. In other words, it's almost exactly what we were told we needed CISPA to enable. In fact, during the CISPA debate, we specifically pointed to the NCFTA to ask why we needed CISPA, since something like that was already possible.
And now it seems to also be showing why CISPA or other similar legislation focused on increased "sharing" of info could actually put many more users at risk, rather than protect them. When the feds are careless with the info they receive from companies, it's going to get hacked. These kinds of things just put a giant target on their back, and now we're seeing the harmful results of such sharing without effective privacy protections.
And the feds want more of this?
Latest Big Brother/Orwellian
- Bakery Under Government Investigation For Refusing To Write Anti-Gay Message On A Cake
- How Hollywood Plans to Seize Pirate Site Domain Names
- New Snowden Leak Reveals GCHQ Collected Emails Of Journalists At NYT, WaPo, Guardian, BBC And Elsewhere
- You'll Never Guess Who's Trying to Hack Your iPhone
- Most People Easy To Convince They Committed A Crime That Never Happened - Study
- CPS Investigating Parents for Letting Kids Walk Home Alone
- UK Intelligence Boss: We Had All This Info And Totally Failed To Prevent Charlie Hebdo Attack... So Give Us More Info
- MPAA Wants Regulators To Force ISPs To Block Sites 'At The Border'
FAIR USE NOTICE
This site contains copyrighted material the use of which in some cases has not been specifically authorized by the copyright owner. Such material is made available for the purposes of news reporting, education, research, comment, and criticism, which constitutes a 'fair use' of such copyrighted material in accordance with Title 17 U.S.C. Section 107. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. It is our policy to respond to notices of alleged infringement that comply with the DMCA and other applicable intellectual property laws. It is our policy to remove material from public view that we believe in good faith to be copyrighted material that has been illegally copied and distributed by any of our members or users.