12 million iOS users' info released into the wild.Follow

http://blogs.computerworld.com/itbwcw/20120904/antisec-lulzsec-fbi-iphone-ipad-udid

There's a million stories on the web, I just picked the first one that came up. The gist of it is that an FBI officer had personal data (UDID, names, addresses, phone numbers, etc.) for over 12 million iOS device users sitting on a laptop. Said laptop was hacked by a group called #AntiSec and the file was stolen. They released 1 million of the abridged records (sans PII) as a kind of "FU" to the FBI to raise public awareness that this data was being compiled.

I posted about it on facebook and nobody said a word. I've also not seen anything posted here. Have we become so jaded on the subject of internet security that the potential for the FBI to have this data in the first place sparks absolutely zero discussion on the origin of the data or the security of the individuals whose information may now be compromised?

I think it's ironic that its IOS given that the "knowledgeable" IOS users claim security as one of their primary reasons for choosing the iPhone.

Honestly, at this point, I think it's naive if you don't think that your information isn't readily available to someone.

Well, the first question would be "What was the FBI doing with personal data for 12 million iOS users in the first place?", but at this point, the primary concern would be what whomever has access to the actual data chooses to do with it.

I assumed it was God punishing the Apple users.

Isn't that data that's basically published to every app you use? Don't get me wrong, I think it's moronic how Apple set this up (it's the equivalent of a cookie that hands every web site you visit your personal information), but that's Apple being the evil empire that it is. I hardly blame the FBI for this.

You have to remember that there are a very large population of federal and state high ranking law enforcement agents who have essentially only the slightest clue how electronic information security works. Which is ironic because many of these same individuals could probably give a lecture on how to find and disable phone taps and secure perimiters from optical microphone spying. But anyways, they have enough rank to get the data whenever they want it, the data is small enough to be moved easily and quickly in a variety of forms, and most small law enfocement agencies are more connected to the bigger data sources due to homeland security than they ever were before. Aside from the NSA and a few domestic CIA areas, no one has the budget to put up dedicated secured fiber optic links with sufficient security to ensure they aren't being tapped. Everyone else is relying on internet service providers of some sort, with antiquated computer equipment often running outdated software / firmware. Even the best of them tend to have some sort of pre-patch deployment testing, which leaves things open for targetted zero day attacks. That and so many people are conditioned to give information to "bob from IT" over the phone. In many instances corporations are even worse, because they give their data to Marketing People, who probably would sell the data under the table to a hacker for the right price. As much as I hate apple, its not just them either. Somewhere, there is a record of serial numbers that go with my motherboards. Those serial numbers theoretically tie to the list of MAC addresses for devices on those boards, and since they are registered for warranty purposes, they probably tie to my personal info, which given websites for certain motherboard makers, a toddler could probably accidentally hack. I can mitigate that somewhat from my end of course, but all data phones period are in the same boat. Apple just happens to make alot of them and has a really stupid way of storing the data.

The problem is that there are no concequinces. No requirements for my bank to disclose to me personally what retailer I use got hacked when they issue me a new credit card, no requirement that apple give these people new phones to complensate for the released data. If its a corporation there is at least a chance that someone will sue, but if its government, there is almost no chance of any action occuring at all, no matter how severe the breach. It's a broken system, and its going to remain broken until people start learning how to implement encryption and stop treating dataphones as a good place to do their banking on.

You can create a network that isn't on the Internet though. Anything that sensitive shouldn't be accessible outside of one location.

Lots of phone press events going on today. Nokia, Microsoft, Motorola, Verizon, & I believe Samsung/HTC are in a couple weeks.

Nokia/Microsoft's thing is going on now. I've been paying close attention to this stuff based on what I mentioned in the Windows Phone thread.

On that, note, if I don't hear anything compelling about Verizon Windows Phones, I'm probably going to just go for a Droid Razr Maxx. It's supposed to have pretty nice battery life, and it's 4G.

I'm a Signal Officer for the Army. I'm very familiar with SIPRNET, as I've been working with it in the past 6 years.I also spent the last 5 years as a COMSEC custodian...I'm familiar with the G-14 rooms.

Or maybe you misunderstood?

So, you don't understand.. There's no other meaning. How about you tell me how that is stupid or contradicts your statement?

You clearly don't understand COMSEC. Take that from a COMSEC Custodian and don't even bother trying to get out of this without looking silly. I assure you that you can't.

Edited, Sep 5th 2012 6:23pm by Almalieque

You don't get it, it's more complicated than that. You clearly don't understand COMSEC.

Hey dumb ***. If I unplug the internet cable from my router, all of my computers (wired and wifi) are still connected to each other, but there is zero internet connectivity. It really is no more complex than that.

It's OK though, keep talking out of your ***.

Edited, Sep 5th 2012 11:49am by BrownDuck