Hacker group AntiSec claims to have broken into an FBI agent's notebook and retrieved 12 million Apple Device IDs that were supposedly being used to track Americans. While the "hacktivists" have published a statement claiming good intentions, experts are wary of what will happen to the information from here, given its value to spammers.
In its statement, AntiSec says:
"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Strangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices using Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cell phone numbers, addresses, ect. the personal details fields referring to people appears many times empty leaving the whole list incomplete in many parts. No other file on the same folder makes mention about this list or its purpose."
Despite the rationale behind AntiSec's actions, the FBI's alleged access to Apple's customer information illuminates the vulnerability of sensitive, electronically stored data. While AntiSec has not yet released the IDs, computer security expert Graham Cluley argues that the hacker's withholding strategy is simply meant to drive up the price of the information.
"That is obviously information that has a real value. It could be abused in several ways. By publicizing the Apple ID details what they are doing is saying we have got all this data-we can prove that we have got it and Apple can test whether these device numbers are correct or not," Cluley said. "They probably either want to exploit [the details] themselves or they might for instance want to sell it on the computer underground to spammers who can send a targeted campaign to those email addresses."
Such emails may claim to come from Apple and ask for credit card information, or contain malicious links to spread viruses. Keep on the lookout for any suspicious messages.