“Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments,” LulzSec said in a release at the time.
The group claiming credit for the attack accused the FBI of using the identification numbers to track Apple users. According to a statement posted Monday, the ID numbers are just a fraction of more than 12 million IDs that were reportedly in a file taken from the agent’s computer. The hackers claim (in a statement with objectionable language) that the file also contained data naming the type of device, address of the device owner and cellphone numbers associated with the devices. The file name includes a mention of the “NCFTA” which could stand for the National Cyber-Forensics Training Alliance, an FBI-associated group that was created to proactively address cyber crime.
FBI spokeswoman Jenny Shearer declined to comment on the claims.
The Apple identification numbers listed in the file are not the “Apple IDs” with which users sign into iCloud, iTunes and other services, but the unique device identifiers that developers often ask beta users or others to submit in order to access apps before they’re available on the general App Store. It’s a 40-character string similar to a serial number for iOS devices, and can also be used to track users and target ads.
It’s not clear how the FBI or any non-Apple entity would have gotten the numbers. In discussions on Hacker News, there’s speculation that the most likely explanation is that identification numbers could have been obtained from a developer collecting the information for an app. Apple has begun changing its policy regarding UDIDs, as 9 to 5 Mac has reported, and others have identified that there are certain privacy risks to using the method for tracking.
In a report on Apple’s changing plans, the Wall Street Journal noted that privacy advocates have raised concerns the UDID could be used to identify individual users.
The FBI recently arrested a second suspected member of LulzSec, Reuters reported, in connection to an attack on Sony Pictures Entertainment.
FBI arrests second hacker connected with LulzSec
LulzSec hacking group leader turned in other members, FBI says
AntiSec results start rolling in, LulzSec chats exposed
Review: “We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency” by Parmy Olson