
AntiSec leaks 1,000,001 Apple UDIDs, Device Names/Types - robbiet480
http://pastebin.com/nfVT7b0Z
======
saulrh
Money quote for the people that don't want to wade through ten pages of rant:

    
    
      During the second week of March 2012, a Dell Vostro notebook, used by
      Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
      Team and New York FBI Office Evidence Response Team was breached using the
      AtomicReferenceArray vulnerability on Java, during the shell session some files
      were downloaded from his Desktop folder one of them with the name of
      "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
      devices including Unique Device Identifiers (UDID), user names, name of device,
      type of device, Apple Push Notification Service tokens, zipcodes, cellphone
      numbers, addresses, etc.

~~~
yangez
This is very disturbing. How did the FBI gain access to all this information?
It should be locked up in Apple.

From what I see, the NCFTA in "NCFTA_iOS_devices_intel.csv" looks like it
stands for the National Cyber-Forensics & Training Alliance, which "functions
as a conduit between private industry and law enforcement."
(<http://www.ncfta.net/>)

Is Apple willingly sharing personal information with the FBI through the
NCFTA?

~~~
arn
Doesn't a popular iOS developer have the same information?

UDIDs, APNS tokens (for push notifications), basic demographic information is
something a popular social app or game might have. 12 million is a pretty good
number, though.

edit: our iOS app has over 2 million of these type of device records (though
we don't collect any demographic info, so just device ids, apns tokens, device
names, device types -- standard for push notifications).

[http://developer.apple.com/library/mac/#documentation/Networ...](http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html)

~~~
pilif
iOS developers don't have the Apple IDs nor ZIP codes nor addresses (unless
they separately ask for them but at least the apple ID is very uncommon)

~~~
arn
There are no "Apple IDs" in here. Just Apple device UDIDs.

~~~
pilif
You are right. I misread the announcement. That still leaves the issue of the
personal data, but as I said: app developers could acquire that directly from
the user.

Possibly, the fact that personal data is missing so often actually might point
to a non-apple leak, because they would have the link to personal data. Of
course it could be fake, but it would be prsesent.

~~~
bornhuetter
When he said "a popular iOS developer" I assumed he meant Facebook.

------
cortesi
This is huge. I've been fearing this kind of leak for a long time. If you're
unsure why this is huge, here are some posts of mine on this issue showing de-
anonymization, complete takeover of social media accounts, and more:

De-anonymizing UDIDs with OpenFeint:
[http://corte.si/posts/security/openfeint-udid-
deanonymizatio...](http://corte.si/posts/security/openfeint-udid-
deanonymization/index.html)

A survey of how UDIDs are used: <http://corte.si/posts/security/apple-udid-
survey/index.html>

Why the Apple UDID had to die: <http://corte.si/posts/security/udid-must-
die/index.html>

I've often been asked what I thought the worst-case scenario is regarding the
mis-management of UDIDs. My answer has always been that a large UDID database
leaking would be a privacy catastrophe...

------
antimatter15
One interesting thing I've found is that apparently 190 of those 1000001
people have named their devices "The Titanic", for that iTunes "The Titanic is
syncing" pun. I'm curious if there's anything else interesting that might be
found in this data.

~~~
firebones
I seem to see a disproportionate number of pro photographer accounts (grep for
dot coms as device names) which might point to some commonality--some photo
app? A quick search showed more female email addresses, but not sure if this
is related to the source or if it is related to the likelihood of women using
their email addresses as device names.

------
DigitalSea
This is troubling on so many levels. Why did an FBI agent have a document of
user and device info on his desktop and the real question is why are the FBI
tracking this information in the first place? Surely this is illegal.

By the way, I think AntiSec needs to hire someone to write their releases for
them. I struggled at times to make sense of the almost gibberish in their
rant-filled sentences and at times some of the things they were saying read
like the paranoid ramblings of a crystal meth addict. It wasn't until the end
where everything they were saying was put into perspective and I understood
what they were talking about.

~~~
andrewfelix
I was confused by the writing style as well. It seems to be almost
intentional. I wonder if it's a way of avoiding any style or nuances that
could be attributed to a single person. Almost like a cut and paste ransom
note.

~~~
GrumpySimon
It's elite (or 1337 if you will). It's supposed to sound cool. All the
underground computer groups have talked like that since the early
warez/cracking/phreaking scene.

~~~
jrockway
Are you sure they're not just really bad at writing?

~~~
vidarh
A lot of the "scene" traditions and symbols has a lineage back to adolescent
boys in the early 80's as that's when many of the influential groups exploded
onto the scene, so even if they're emulating a traditional style, they're
emulating one that arose out of kids who wrote badly who tried to sound cool.

(I've some really horrible examples to my credit too, but thankfully I don't
think any of it has survived)

------
muppetman
I can't believe with nearly 100 comments I appear to be the only one to call
the whole story of how these were acquired into doubt.

I'm not saying that the FBI story isn't true, but so many comments here just
assume it to be 100% factual - there's no evidence that it was taken from the
FBI vs found on a USB Stick in the garbage.

It's a big story, yes, but I think maybe a deep breath is in order before we
all accuse the FBI of leaking/losing/stealthily acquiring something!

(I'm not a US Citizen, btw)

~~~
encoderer
I guess we better start tracking everything the FBI does. You know, so we can
prove their innocence.

Besides, what's the big deal... if they have nothing to hide then they have
nothing to worry about!

~~~
tripzilch
Nitpick: While I agree with the idea (of accountability), the fact of the
matter is that the FBI--being what they are and doing what they do--actually
_does_ have things to hide, often with good reason, even.

------
Monotoko
I have found my own UDID - I can confirm these are real UDID's - and now I
want to know why an FBI agent had my (a brit) UDID on their laptop.

~~~
ErikD
What apps do you have installed? This is interesting to know since the data
might be from a popular app instead of Apple.

~~~
Monotoko
Whatsapp, ebuddy pro, ebuddy XMS, Angry Birds, Angry Birds Space, FML, XKCD,
Facebook, Spotify, BBC News, Dropbox, Steam and PokerStars are the more
popular ones official I have installed. I also have Cydia, a few tweaks and
finally Installous (didn't want to admit that - I don't use it often - but
thought it may spread some light here)

~~~
saurik
I run Cydia, and have determined only 16.7% of the UDIDs in that file are from
jailbroken devices: I thereby do not believe that whatever managed to get this
data is anywhere in our ecosystem.

~~~
aw3c2
Do you have similar information stored about the Cydia users? How many users
do you have?

~~~
saurik
The question "how many users do you have" is impossible to answer, as all I
can ever demonstrate is "X users used Cydia in the last Y period". As for your
second question, the information I have for your average Cydia user (one that
is not actively paying me money, in which case I obviously have tons of
information) is purposely highly limited: I certainly do not have, for
example, the "names" of devices that was included in these dumps from AntiSec
(which often discloses the name of the user), or any of the other personal
details that are claimed to be in the original file.

~~~
aw3c2
Thanks!

------
gyardley
Refresh my memory - aren't the device tokens for the Apple Push Notification
Service application-specific? That suggests this data comes from a single
application, not Apple. The patchy personal information columns also suggests
that this is a single (somewhat grabby) application's data store - presumably
Apple would have more comprehensive records.

My wild speculation, assuming what we're told is true - the application
developer shared this information with the NCFTA, who in turn shared it with
the FBI. (After all, that's what the NCFTA does.) The application developer
may have shared this information because they wanted the FBI to investigate a
'cybercrime' of some sort against them - who knows what, in-app purchase
fraud? That could explain why the data ended up on this FBI agent's desktop.

EDIT: I refreshed my own memory - APNS tokens are device-specific, not
device+app specific. I still think this is a single application's data dump,
if the statement about sparse personal info is true.

~~~
rogerchucker
I doubt that they are a single app's data. Look at the repeat of certain
Device names (try "Abo Mossa") and check their UDIDs - those UDIDs show an
incremental pattern in their first 3 digits. This tells me: (a) those devices
were bought in bulk and (b) those devices were never sold to one person -
since the Device names were unchanged [assumption is that a regular customer
cannot own so many devices]. I just don't see how one app (not pre-installed)
could be on all the devices bought in bulk by one person and dump all its data
to FBI.

~~~
saurik
The UDID is a SHA1 of a few fields (including a couple MAC addresses): we
actually know the exact algorithm; if you are seeing patterns in them it is
either a trick your brain is playing on you or a trick the user is playing on
you (some people modify their UDID occasionally to keep themselves from being
tracked by apps).

~~~
chimeracoder
How do you modify the UDID? Does it depend on the model?

~~~
saurik
At some point, the UDID is being processed by code, so you don't really need
to permanently modify anything: you just edit the code that generates it and
make that return something different. These kinds of changes are very simple
using Substrate, the library we all use (that I developed) for changing code
at runtime. For the UDID, the obvious candidates are "edit every app so
[UIDrvice uniqueIdentifier] returns fake" and "edit lockdownd so it calculates
the wrong value every time it is generated".

------
schappim
Looks like they've got Obama's iPad:

thea:Downloads admin$ cat ./iphonelist.txt | grep -i obama
'473d6e1ebf0b100ed172ce5f69c97ba6c8f12ad5','766a23201c6089be11845bfef624dbaada68be52155079850951836e9373e5cd','hobamain','iPad'
'c63e008e6271c3ac128eb6a242a9817528b6baef','b996a080e11265a0c93436ba0b13b7c07ee4e8eef6faeb8516917b015d7355fb','Obama','iPad'

~~~
panarky
Openfeint shows that 'Obama' last played 'Fishing Fun 2'

    
    
        curl 'https://api.openfeint.com/users/for_device.xml?udid=c63e008e6271c3ac128eb6a242a9817528b6baef
    
        <?xml version="1.0" encoding="UTF-8"?>
        <resources>
        <user>
        <chat_enabled>true</chat_enabled>
        <gamer_score>160</gamer_score>
        <id>1479631313</id>
        <last_played_game_id>165632</last_played_game_id>
        <last_played_game_name>Fishing Fun 2</last_played_game_name>
        <online>false</online>
        <profile_picture_source nil="true"></profile_picture_source>
        <profile_picture_updated_at nil="true"></profile_picture_updated_at>
        <profile_picture_url nil="true"></profile_picture_url>
        <status nil="true"></status>
        <uploaded_profile_picture_content_type nil="true"></uploaded_profile_picture_content_type>
        <uploaded_profile_picture_file_name nil="true"></uploaded_profile_picture_file_name>
        <uploaded_profile_picture_file_size nil="true"></uploaded_profile_picture_file_size>
        <uploaded_profile_picture_updated_at nil="true"></uploaded_profile_picture_updated_at>
        <name>Player 1479631313</name>
        </user>
        </resources>

~~~
bestes
Seriously? Personal info about the President was leaked? Not that this
particular instance looks like a big deal. Doesn't the NSA secure the
President's communication? That must be carrer-impacting-embarrassing for
_someone_.

~~~
kennywinker
Personal information about someone who had their device name set to "Obama".
Let's not get all crazy now.

~~~
krbbltr
$ cat iphonelist.txt | grep c63e008e6271c3ac128eb6a242a9817528b6baef
'c63e008e6271c3ac128eb6a242a9817528b6baef','b996a080e11265a0c93436ba0b13b7c07ee4e8eef6faeb8516917b015d7355fb','“Administrator”的
iPad','iPad'
'c63e008e6271c3ac128eb6a242a9817528b6baef','b996a080e11265a0c93436ba0b13b7c07ee4e8eef6faeb8516917b015d7355fb','Obama','iPad'

Looks legit...

~~~
crag
You do know that there are other people in world with the name Obama, right?

I know for a fact, the NSA protects all communications from the president (and
most of the top level folk in his administration). If this turns out to really
be the president (which I doubt) it would be a MAJOR breech.

~~~
mkhalil
For a fact? How so?

~~~
27182818284
It was an issue widely covered in the press, or at least widely covered enough
that I remember people joking about it in monologues. Obama wanted to keep his
blackberry and other gadgets in opposition to what the Secret Service wanted.
They finally compromised with security-enhanced versions of the devices such
as his so-called "Blackberry One" a pun off of Air Force One.

Though I didn't hear anything about securing it when he got an iPad, I did see
photos in the news of him carrying one. I would assume it would be equally
vetted and locked down.

------
error54
DL links for the lazy:

<http://freakshare.com/files/6gw0653b/Rxdzz.txt.html>
<http://u32.extabit.com/go/28du69vxbo4ix/?upld=1>
<http://d01.megashares.com/dl/22GofmH/Rxdzz.txt>
<http://minus.com/l3Q9eDctVSXW3> <https://minus.com/mFEx56uOa>
<http://uploadany.com/?d=50452CCA1>
<http://www.ziddu.com/download/20266246/Rxdzz.txt.html>
<http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html>

~~~
jordanbaucke
why does an FBI agent have 12 million+ identification numbers for iOS devices?

~~~
lancewiggs
This is the stated reason for the release - to have people ask why an agent
has 12m UDID numbers on his laptop. They released 1m out of the 12m UDIDs so
that they can guarantee a statistical sample that can be verified, while
preserving a bit of privacy.

Along with the UDIDs were other columns with an assortment of personal data,
although there were a lot of holes.

~~~
felixfurtak
How large would a 12m line long .csv file be?

Not sure how many bytes per entry, but it would be of the order of gigabytes.

~~~
troels
It would probably compress well

------
rkaplan
Question: is it possible for a malicious hacker to use this information for
anything? E.g. sending rogue push notifications to a user, or tracking down a
user's additional personal information by knowing his/her device UDID or APNs
token?

I sincerely hope both the U.S. government and Apple address this. I'd also be
interested in hearing why Apple chose to have hardware coded unique ids for
each device.

~~~
uxp
If a webservice tries to send a push notification to a device that has not
registered for push notifications for the entitlement requesting the
notification to be sent, the notification gets discarded. Remember, all
notifications are to be pushed to Apple using a certificate generated on a
per-app basis, who in turn pushes the message to devices.

------
irollboozers
I like the card AntiSec is playing:

    
    
      well we have learnt it seems quite clear nobody pays attention if you just come
      and say 'hey, FBI is using your device details and info and who the fuck knows what
      the hell are they experimenting with that', well sorry, but nobody will care.
    

Arms race for attention, while the government races towards quieter actions
and laws...

------
r00fus
Marco Arment thinks that the All Clear ID app is responsible for this leak:
<http://www.marco.org/2012/09/04/fbi-udid-leak>

Can anyone who can confirm they're on the list confirm that was one of their
apps?

~~~
aisenik
This guy says he's in the dump and didn't use AllClear ID.
<https://twitter.com/BFormations/status/243044444595687424>

------
FredericJ
If you've been exposed take some time to help us identify who gave this UDID's
to the FBI. (Already working with 3 exposed device owners)
<http://news.ycombinator.com/item?id=4473833>

------
akldfgj
Putting a file of user data on a laptop is a fireable offense at at any
reputable organization. Sad that the FBI is less careful about user data
protection than consumer Internet companies.

~~~
epo
The laptop was compromised while running. We do not know whether the disc was
encrypted or not.

~~~
llcoolv
If it was exploited through the JRE, then it doesn't really matter...

~~~
ciupicri
On the other hand the disk or better said the partition with sensitive data
should decrypted (mounted) only when needed. I doubt he needed that data
during the conference.

------
arasmussen
Apple could probably figure out if this data came from an app developer
because I'd bet there's only exactly one app which every single one of those
1,000,001 devices downloaded.

Even if they threw in a few fake rows to mess up the data, they could find the
app that has the highest percentage of downloads from that entire data set.

~~~
buro9
And if the data came from Apple?

I can't think of any apps that take a full address. Perhaps there are some, I
just don't know them.

Apple could have been compelled to release this data to the FBI.
Unfortunately, we're unlikely to ever know this and Apple are equally unlikely
to want to shed light on it.

If the claim is true, that the source data included full postal address, then
I find it hard to identify a better source for all of that than Apple
themselves. And that the data was brought together from various systems, and
that we're glimpsing data that was shared between Apple and the FBI.

Not to say that there's anything illegal about that, more that the laws that
allow that are a bit screwed but that's another issue altogether.

~~~
technoslut
A reasonable assumption, besides Apple, is Facebook. With all the information
these services have the easiest part may be to acquire your home address.

------
papaver
interestingly enough, top ten ios devices names:

    
    
      42797 'iPhone'    
      5191 'iPod touch'
      3136 '“Administrator”的 iPad'
      2202 '“Administrator”的 iPhone'
      1534 'Owner’s iPad'
      1453 ' iPhone'
      1309 'Administrator’s iPad'
      1196 'Administrator’s iPhone'
      1141 'PdaTX.Net'
      1058 'John’s iPad'

~~~
rogerchucker
If you look at the UDID's for the '“Administrator”的 iPad's or
'“Administrator”的 iPhone's, there seems to be an incremental pattern in their
first 2-3 digits. Does that mean these devices were purchased/ordered in bulk
and hence belong to some reseller? In which case, these must not have been
sold to people and thus we don't see change in the Device names maybe? And
thus the claim that this came from one or two apps seems a bit infeasible, no?

~~~
arn
maybe an enterprise location or school that bought in bulk?

~~~
rogerchucker
Wouldn't the devices' names still be changed when individual members of the
enterprise/school activated them?

~~~
caladri
Devices being used in a kiosk-like or other setting in which they are mostly
not being used by people who would be responsible for activating them?

------
mgz
Just made a page where you can check if your UDID is leaked:
<http://pastehtml.com/udid>

------
sideshownz
We've recently discovered that even though the Apple docs suggest the APNS
tokens may be unique to each app and may change over time they are NOT unique
to an app and they also do not change (at least not over the last 18 months).

So if you have two apps on the same device they both share the same UDID _and_
the same APNS token.

Whilst on the surface this may seem like a huge security issue it is not as
bad as it seems, because in order to send push notifications to a device you
must have the correct APNS .p12 certificate generated by Apple for the app AND
the app must be installed on that device.

I would see the UDID's as more of a security breach given the fact that many
developers are still using the now depreciated udid to interface with web
services.

On a similar note, If you are developing an app and need to have a unique
identifier you should be using Secure UDID or something similar
<https://github.com/crashlytics/secureudid> and if you're sending data to
you're own webservice, don't just use SSL, use encryption such SHA to prevent
mitm sniffing of your data - Both iOS and Android both allow installation of
root CA certs which is amazing for developing and sniffing API's but dangerous
if your writing webservices and ONLY relying on SSL and no other encryption.

~~~
davidp
> you should be using Secure UDID or something similar

As an app developer, does this give me some benefit over just generating and
saving a random UUID on first launch?

~~~
drharris
If you save the random number, what happens when they wipe the device and
reinstall your app? No way to get that original number back. Secure UDID is
deterministic, so you'd get the same ID, and can resume the original session.

~~~
danudey
One way around this is to store that number in iCloud. Then you can always get
it back no matter the device.

------
ripperdoc
Wow, this is bad, and an excellent example of how the security machine (in
this case FBI) can always be turned on itself. The methods required for FBI to
"protect" citizens can be misused (or hacked) to do the opposite. A gun can
always be turned around, etc.

------
pgrote
video of the special agent.

<https://www.facebook.com/video/video.php?v=512364171294>

~~~
giles
His delivery is painful to listen to.

~~~
progrock
Not everyone is a polished orator.

~~~
danudey
Practice in front of a mirror or video camera a few times. Write some notes.
It's not too hard to get competent, even if you can't become phenomenal.

------
graiz
The fact that there is a column for APNS (Apple Push Notifications) suggests
that this is a database dump from an iPhone app that supports push
notifications. APNS tokens are generally tied to a specific app so it may be
possible to figure out what app leaked their database.

The "NCFTA" seems to deal with identity theft. (Ironic)

~~~
oasisbob
_APNS tokens are generally tied to a specific app so it may be possible to
figure out what app leaked their database_

This isn't true, APNS device tokens are shared among apps on a device. The
only time a device will have more than one device token is if it's being used
for development.

This isn't to say that Apple couldn't correlate the device tokens by looking
for shared apps with active APNS entitlements.

~~~
biafra
I don't think so. The device token is even generated over the version of the
app. Meaning: you get a new device token if the app version changes.

~~~
saurik
No: the APNS token is only changed if you get a new device (as it is tied to
your device's certificate) or restore your phone (and not restore a backup: if
you restore a backup it restores the token).

[http://stackoverflow.com/questions/2338267/is-the-apn-
device...](http://stackoverflow.com/questions/2338267/is-the-apn-device-token-
unique-to-each-individual-app)

------
konstruktor
If the full file (including addresses) gets into the wild, and I fear that
this may happen, it will be a really useful tool for burglars. Many iOS
devices probably correlate with many valuables in a home. That's a lot of
lawsuits against everybody involved...

~~~
crisnoble
Pretty sure that a smart burglar could figure out approximate addresses of
people who own iPhones by looking at publicly available Instagram or Twitter
or Facebook or Flickr locations. Not to mention people telling the world "I'm
camping this weekend" which a burglar hears as "I'll be gone all weekend,
steal my things!"

~~~
wpietri
I think a smart burglar would just look at any commonly available database of
home sales. Anybody who has moved in the last few years into a more-expensive-
than-average house should correlate much better with valuables than iPhones.

However, I'd hope any criminal with brains like that would find something to
do that has higher yield and lower risk than housebreaking. I'd suggest
working for a private equity company.

~~~
crisnoble
Yeah i'm not really worried that burglars are going to use this data-set for
harm. If they know about this data-set they likely know about databases of
home sales or car sales or just plain old census data listing the average
income by county.

------
happyhessian
There's a pretty nice power law in the names, which would support a real
random sample. <http://tinypic.com/r/11gmwjl/6> That PDATX.net business is
really weird, though.

------
mdonahoe
Has anyone here found their own UDID in the list?

~~~
fusiongyro
I checked and didn't find my own iPhone, iPad or my wife's iPhone in the list.

------
tzs
Is there some good reason for all those steps to actually get the file after
downloading? I don't see the point of encrypting it, or of having a tarball
with just one file. They also suggest checking the file integrity of the
download, and then also checking the integrity of the final extracted file--
this seems completely pointless as the final extracted file is derived
deterministically from the download so you've already checked it when you
checked the download checksum.

Am I missing something?

~~~
gizzlon
Encrypting it, at least, makes sense: They can take their time distributing
the file without anyone peeking at it before they're suppose to. Then, when
they release the decryption key, the file is already copied all over the place
and really hard to shut down.

Guess all the verifying means they are afraid someone will distribute
"altered" versions. Checking it twice is maybe a little drastic? Don't know
how hard it is to generate a file that compresses to the same as their file
(collision). But it's at least theoretically possible.

~~~
pi18n
MD5 is not the best cryptographic hash... it's weird that they would be so
paranoid as to include two hashes but not use something harder to collide
with.

~~~
MichaelGG
While I agree there's better options, MD5 has no known preimage attacks. So
it's stretching it a bit to imply that someone could easily cause a collision
on an existing archive.

------
sidcool
Can someone tell me what the AntiSec can do with these UDIDs? I mean they are
just phone identifiers, what harm can their exposure cause?

------
jacklandenw
Haxxors, what can we lay people with no computationalizing skills do?

~~~
sam_watson
Get informed, and inform.

Then, one can hope, the government might actually be forced to engage in
meaningful discussion about whether their ridiculously expensive and obviously
damaging espionage programs make sense.

~~~
gyardley
It's far more likely that this data was willingly shared by an application
developer who was the victim of a crime the FBI is investigating.

Not everything is a government conspiracy.

------
kfrwzwq
The question of evidence is a very significant one.

Namely, why has AntiSec not provided any to substantiate their claim that the
data was sourced from the agent's laptop? Surely if they had access to it they
could have provided some additional files as supporting evidence?

------
disclosure
UDID checklist: <http://dazzlepod.com/apple/> Partial UDID search accepted,
i.e. search "d565" instead of your full UDID
"d56504ca3b268177f76fef0c2c446ba183afd12b"

------
novaleaf
so, any of you iOS guys find your device? it'd be interesting to know what
apps you have in common (if any)

------
jfriedly
They wrote in the release that they wouldn't give any more interviews until
they saw "Adrian Chen get featured on the front page of Gawker, a whole day,
with a huge picture of him dressing a ballet tutu and shoe on the head, no
photoshop."

Chen, a journalist at Gawker, actually did it: <http://gawker.com/>

Not even bothering to submit this as a story to HN because I'm pretty sure
Gawker links get auto-killed (with good reason, the Gawker article is crap).

------
andrewfelix
As an Australian I am intrigued by the following:

 _just a comment: we are still waiting for published news about the $ 2
billions worth loans Assad has taken from Russia, mentioned on the syrian
mails and also about the transfer of money to austrian banks etc.... and also
cocks... So, don't be lazy journos and look for them._

Any one have any additional info on that?

EDIT: Derp...thanks for the correction. I read too fast. Still intrigued if
anyone knows anything more.

~~~
rfugger
_Austrian_ banks.

~~~
epaga
"Austrian, eh? <puts on australian accent> Let's put some shrimp on the
barbie!"

~~~
sjwright
Paul Hogan hammed up his Australian accent.

One of the best examples of a real Australian accent I've heard on American
television is Dr. Chase [Jesse Spencer] from House, who is a real Australian
and did not ham it up for an American audience. (Oddly though, the man who
played his father in one episode had possibly the most embarrassingly bad fake
Australian accent ever. Surprised Spencer didn't kick his arse during
filming.)

~~~
epo
You do not get real foreign accents on prime time American television, the
viewers would be bemused and look for subtitles.

You get what Americans think are foreign accents, i.e. lightly accented. The
one exception is that Brits playing bad guys are allowed to use camp,
pantomime villain accents. Alan Rickman has made his fame and fortune from
this, a shame as he is rather a good actor.

Hugh Grant sounds nothing like he does/did before that series started.

------
notlisted
I'm still somewhat unclear on the dangers involved with this leak (other than
the likelihood of being tracked), but this link seems relevant:
[http://www.cultofmac.com/160248/what-the-hell-is-a-udid-
and-...](http://www.cultofmac.com/160248/what-the-hell-is-a-udid-and-why-is-
apple-worried-about-them-feature/)

~~~
notlisted
Hmmm, it seems that despite removal of the personal info, there may be ways to
link it back to partial profiles via OpenFeint...
[http://corte.si/posts/security/openfeint-udid-
deanonymizatio...](http://corte.si/posts/security/openfeint-udid-
deanonymization/index.html)

also: <http://corte.si/posts/security/udid-must-die/index.html>

~~~
arn
Yep... well, based on this, I was able to fill in a UDID from the file and
pull back an openfeint result. It didn't pull any sensitive information, but
it worked. so seems to be real udids.

------
afitnerd
Find out if your udid has been compromised <http://udid.afitnerd.com/>

------
circa
Didn't see this posted. Check to see if your UDID was on the list. Obviously
it only checks the one million that were released. -
[http://thenextweb.com/apple/2012/09/04/heres-check-apple-
dev...](http://thenextweb.com/apple/2012/09/04/heres-check-apple-device-udid-
compromised-antisec-leak/)

------
pshof
508 email addresses (.com, .net, .org, .edu) used as iOS device names in this
file, and several hundred phone numbers.

------
chmike
This demonstrate once again the antagonism of beeing able to ensure security
as was complained to be lacking for the 9/11 and that no honnest citizen gets
trampled by it.

I can't see a way out of spying it's own cytizen and keep them in the beleif
they aren't to achive the goal.

One of the question to be asked is who is controlling the controllers ?

------
ommunist
I think this leak plays for FBI in PR sense, not against it. All support
slogans in the _anonymous message are exact description of the US foreign
policy, so this message support distribution of wreck and havoc of people's
lives in the third and second world. All this is rather strange.

------
throwawaypopo
Hi, first time here. I'm from Malaysia with a Jailbroken Ipad 2 as well. To my
surprise, my device shows up on the <http://pastehtml.com/udid> link.

So now what does this all means? (and) I've never been to US.

~~~
mkhalil
They're coming for you. Run!!

------
brown9-2
I think there is another part of this alleged story that is equally as
disturbing as the FBI having this data in the first place:

that an FBI agent's laptop, let alone an agent in the "Cyber Action Team", was
susceptible to a common Java vulnerability.

------
DanielKlein
O proprio Governo dos EUA nos Da essa BRexa eu sou Brasileiro e ja comsegui
diverssas vezes invadir o site da aplle e Microsoft ee agora ireii tentar o do
FBI em um COmputador Externo :D me Desejem Sorte

------
salimmadjd
FACEBOOK? If I had to bet on any company I would bet on Facebook as the
main/top source of this data. Where else can you easily be profiled so easily
by liking or sharing content the Big Bro would deem as subversive. Followed by
phone carriers since they have already been working with Big Bro, then apple
and google. Combine these and you should be able to know everything you want.
Govs probably won't deal with smaller companies lest increasing chances of
leakage, etc.

------
EYEARR
If you want the list you can download it here, <http://fileurl.me/41ld1>

~~~
ralfd
I HATE YOU!!!!

"Please complete this survey to continue"

------
ralfd
What do I do wrong?

$ tar -xvzf decryptedfile.tar.gz tar: Unrecognized archive format tar: Error
exit delayed from previous errors.

------
ajays
What's an easy way to figure out the UDID of a device (without hooking it up
to a Mac to sync)?

~~~
arn
there's a bunch of UDID apps (free) that you can download from the App Store.

~~~
aw3c2
Don't iOS apps have the permission to use the internet without any hassle? In
that case, I would assume by using such app, chances are, you are contributing
to another entity's UDID collection.

~~~
joahua
If in doubt, download and turn flight mode on before running, then uninstall?

------
dantiberian
What does ofc stand for?

~~~
suriyawong
Ofc = of course

------
abdelmaalik
the only thing to quench the appetite for additional wealth is the dirt of the
grave

------
redtxai
ok, FBI have all information about us, and now? what we gonna do?? come on
guys...

------
wallyfink
Terrifying!

------
rogerchucker
If you look at line #'s 3741 through 3845, you will see they all (105) belong
to one Abo Mossa. Is Abo Mossa some kind of an iPhone/iPad reseller or is
there something else going on?

~~~
saurik
He probably is using a tool that spoofs his UDID... a lot. ;P

------
89a
> 'Yip\'s iphone(in the memory of steve jobs)'

------
Fice
Why all the buzz? I thought that the people who buy Apple products or use
centralized social networks knowingly sacrifice their privacy and already
expect things like this to happen.

~~~
technoslut
Do we really need to go into tired cliches of what kind of people own which
device? We don't even know how this information was acquired.

------
robomartin
I doubt very much that Apple had anything to do with this. That's not the kind
of company they are.

~~~
zwdr
Wait, are syou serious? I didnt know anyone could be _that_ delusional about
Apple. You _really_ think Apple cares about privacy? They aren't "that kind of
company"? Where the hell do you get the idea that Apple cares about the
morality of their decisions? Could it be that you are a fanboy? Wait, I know
the answer to that already.

..."shit HN says", right here.

~~~
robomartin
The accusation is that Apple INTENTIONALLY gave the FBI a database with twelve
million records. That is what my comment refers to. It is preposterous to
propose that Apple --or any company for that matter-- would willingly do that.
The liability hole this would open up would be massive. They are a business
and you can bet your ass that every decision with potential liability
consequences is well considered by managers and their legal teams.

No, I am not an Apple fanboy, quite the contrary. As a developer I am very
critical of their attitude and decision making. I think they really suck at
some things and have been very vocal about it on HN and elsewhere. That does
not mean that I would automatically vilify them for everything.

HN is very interesting at times. Most of the time you get positive feedback
when you are for Apple and for politically Liberal points of view. However,
sometimes the poles reverse and North becomes South. This is rare when Apple
is the subject. I guess in this case it was as simple as not understanding
what the comment was referring to, which can happen if someone doesn't
actually read the original article in the first place.

~~~
wpietri
Precisely what liability do you think Apple should be afraid of? I'm having
trouble imagining what they could be sued for here.

Note that the FBI is the supposed source of the leak here. So let's say Apple
claims they gave up the data at the request of the FBI to supposedly help with
a classified terrorist threat that the government won't have to reveal at
trial. Who's going to sue Apple, and for what?

