Over a Million Apple Device UDIDs Leaked by Hackers as Part of AntiSec

Back in August this year, NSA general Keith Alexander addressed the DefCon crowd for the first time and called upon hackers to join the NSA and strengthen the cyber-security infrastructure of America. However, on being asked whether the government keeps profiles of Americans and spies on them, he went into the usual denial mode. However, William Binney, a former Technical Director at the NSA (also present at DefCon) assured that this spying was indeed happening and that is the reason he left NSA back in 2001.


Now, hacker groups have gotten hold of clear proof that the FBI is spying on people. They have released a huge announcement, as part of the #AntiSec movement, and the FBI is trumped. This Pastebin announcement has a long rant and a list of doxes that were obtained from the FBI laptop.

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS  devices including Unique Device Identifiers (UDID), user names, name of device,  type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

The hack is so popular; it has become the most visited Pastebin paste ever, within 24 hours. However, it also raises questions. What is the FBI doing with 12 million Apple UDIDs? Why is the data lying on a laptop, unencrypted? There are too many unanswered questions here. Apple and the FBI should come out with a response.

Update: The FBI denied possessing any such file.

The Antisec Team Strikes At Online Security Supplies Store

Continuing their role of being a silly bunch of hackers with vague goals and assaulting easy-to-hack sites and then twisting their victims to somehow fit into their agenda, the #Antisec team of [probably] Anonymous has struck again! Now as you can see, I have a poor opinion about these attacks. This is mostly due to their terrible handling of the previous attack on Stratfor and misappropriating stealing money from credit cards. Now I do not know what wrong Stratfor, or their latest target SpecialForces.com did but merely standing by and doing business is something these Anons cannot stand. As I have said before, we live in sad times.


The pretext that Antisec put up to attack SpecialForces.com, a security gear supply store (they stock items like knives, combat apparel and the like), is merely existing:-

[W]e are announcing our next target: the online piggie supply store SpecialForces.com. Their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and professionallooking website.

According to the group which is yet to be properly identified (they just mentioned Merry LulzXmasand #Antisec in their release and since they mentioned Stratfor, I am assuming they are Anonymous), this attack is indirectly related to the pepper spraying cop of UC Davis fame. How very… precise, Anons.

We will have more on this as it develops.

Anonymous Strikes, Releases Confidential Documents Belonging to FBI Contractor ManTech International

Anonymous, working together with LulzSec and other hackers, has struck again. As a part of its Operation Antisec, Anonymous has released close to 400 megabytes of documents belonging to FBI contractor ManTech International. Ironically enough, ManTech proudly claims to specialize in tackling some of the most challenging cyber security problems facing our nation.

In the recent past, Anonymous and LulzSec have been actively targeted by law enforcement agencies around the world. FBI alone arrested 16 suspected Anonymous members earlier this month. In response, Anonymous has continued to strike high profile targets such as defense contractor Booz Allen Hamilton and NATO.

The documents leaked by Anonymous include everything from photographs to income statements and strategic plans. Last year FBI had outsourced its cyber security responsibilities to ManTech for $100 million. However, it’s not the sole federal agency that is served by ManTech. National Security Agency, U.S. Navy, Air Force, Army, Marine Corps, and Defense Intelligence Agency are some of the other esteemed clients of ManTech. In fact, an overwhelming proportion of the leaked documents pertain to NATO. ManTech was also possibly chosen because of its involvement in the planned smear campaign against WikiLeaks (dubbed Operation MetalGear), along with HBGary.

ManTech’s Official Response

It’s unclear exactly how much the recent spate of arrests has hurt Anonymous. Earlier this week, UK Police claimed to arrest Topiary, one of the major forces behind LulzSec. However, recent reports suggest that the law enforcement agencies might have been carefully and intentionally mislead into arresting the wrong person. However, one thing that is clear is that Anonymous doesn’t have any intention of giving up.

#Antisec Release

#OpPayPal is the New Hacktivist Operation from LulzSec and Anonymous

I think I should start this post by stating that there is a blurred distinction between Anonymous and LulzSec in the shady realms of the internet. Even in the face of this harsh reality, I have general contempt for the immature and mischevious LulzSec while I am not apathetic to Anonymous who are generally a more mature lot.


Considering the little amount of mayhem that LulzSec caused and the disproportionately high amount of chest thumping they gave themselves, they always seem to be on the threshold of quitting. Their latest communiqué comes at the heels of Anonymous’ #OpPayPal (the hashtag on Twitter for operation PayPal) a worldwide boycott of PayPal because they are still not allowing donations to Wikileaks and threatens PayPal with cracking into their vaults (emphasis added):-

The hateful fiends at PayPal have unleashed FBI sea dogs to hunt down some of the more beloved members of our battlefleet. That is why we have decided to raise anchor and leave harbour for one final journey on the seven proxseas. We’ve set our LulzCannon’s sights on the smarmy pirates of PayPal and will take no prisoners. They have not kept their most important booty safe. We find this very troubling, as it is not even their booty! Take this as a warning from your friendly LulzBoat captain. Wise little LulzLizards should withdraw their funds from PayPal before we do.

The LulzSec twitter account is also buzzing with a lot of anti-PayPal propaganda and suggesting a lot of alternatives for the service. We are not great fans of PayPal ourselves, but at least we do not break into the accounts of customers and steal their hard-earned money. It seems LulzSec is threatening to do exactly that.


Are you listening PayPal? Even if it is an empty threat, you should secure your network just to be safe.

Apple Hacked. 27 Administrative Account Stolen

While the infamous hacking group LulzSec are done with their 30-days long campaign creating a havoc by hacking into several government and corporate websites, a new group of hackers who call themeselves “AntiSec”, are claiming to have hacked into one of the Apple’s servers using an SQL injection.

According to reports, it is expected that the group includes hackers from both Anonymous and LulzSec Security. Anonymous tweeted that they hacked one of the Apple servers and managed to steal 27 usernames and passwords. The document wih usernames, password and the server link was posted on Pastebin.

Apple Hacked by AntiSec

The hackers gained access to Apple’s severs due to a security falw in Apple’s software that is used by the Cupertino, California based gadget maker and other companies. However, the hacker group stated that they are focused elsewhere and there is nothing to worry about Apple as of now, but it could be target in the near future.

AntiSec posted that they managed to steal username and password from this server:


The hacked Apple’s servers is used for conducting technical support follow-up surveys. Currently the server is temporarily down: http://abs.apple.com/fsurvey/survey.html?l=en

Apple was earlier hacked by LulzSec during their month-long campaign. LulzSec posted that it had “mapped Apple’s internal network, thoroughly pillaging all of their servers, grabbed all their source code and database passwords,  which we proceeded to shift silently back to our storage deck.”

Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet
Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?

However, Apple has not yet confirmed the breach and we are not sure if these claims are true.

Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

About thirteen hours prior to the writing of this piece, a very special surprise bootywas dropped by the infamous hackergroup LulzSec, over Twitter. The 50 Days of Lulzstatement and the accompanying torrent link with their last bountiful booty of 812,000 emails, AOL and AT&T internal dataand some other random information hacked off several servers, signified the end of the six-man self-appointed hacktivist group.


Their almost poetic farewell message was all about saying how much they cared about the very people they chose to disrupt, and how the world is a better place now since they have shown how a common man can spread anarchy so easily (emphasis added):-

We are Lulz Security, and this is our final release, as today marks something meaningful to us.

For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you.

Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance…

Extremely magnanimous of these fellows, is it not? These fine gentlemen showed us that a small bunch of people could bring the world down to its knees, all through open exploits and SQL vulnerabilities that anyone can search for from the comforts of their establishments.


I would have tapped my hat respectfully at LulzSec if I did not know more about the entire debacle of the past fifty days.

Actually, no, I would not have tapped my hat respectfully at LulzSec at all. If I did, my name would be OddJob and I would be throwing my hat at them. Why? Because LulzSec was never a hackergroup it was a group that used to search for known exploits online, and then use them to take down, deface and otherwise maim a server or a company. In the event that there was no known exploit, they would rely on Distributed Denial of Service (DDoS) attacks using the Low Orbit Ion Cannon (LOIC) to take down a website. All of this in the name of lulzand, later, antisec/wikileaks movement.

New Group “LulzSec Brazil” Takes Down Brazilian Government Portal

A new branch of LulzSec group called “LulzSec Brazil” has targeted and attacked the Brazilian Government portal and the homepage of the President of Brazil. The two websites, Brasil.gov.br and Presidencia.gov.br are currently down and unreachable.

Brazilian Government Portal Attack

LulzSec Brazil claimed the attack by updating their Twitter timeline. The LulzSec Brazil group was started on June 19 and had promised that if they got more than 1,000 followers on Twitter, then they would attack and invade Brazil’s government portal.

LulzSecBrazil Attack Brazil Govt Website

LulzSec Brazil currently has more than 1,200 followers on Twitter.

According to Anonymous, the new Brazalian branch is part of the Anonymous and LulzSec operation called “AntiSec”. An video from Anonymous said:

We encourage defacement’s of the enemies websites, and use of the word antisec on any and every website or pro censorship group. Any exposed intelligence the enemy decides to withhold from us, should be brought to light. It’s time to show the corrupt governments of the world that they have no right to censor what they do not own.

Watch the video released by Anonymous:

According to LulzSec’s tweet, the next step they would take is to release AntiSec documents in coming days.

LulzSec AntiSec

Few days back, LulzSec attacked CIA website CIA.gov.