The hackers have posted their message on Pastebin explaining their motive behind the hack and how they get hold of these records. Giving a reference to July 2012 NSA’s General Keith Alexander speech at DefCon, whereby he urged hackers to help out the government in securing the Internet, the hacking collective said, “We decided we’d help out Internet security by auditing FBI first.”
The hacked laptop in question was used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team. The hackers claim that the laptop was breached using the AtomicReferenceArray vulnerability in Java and during a shell session some files were downloaded from his Desktop. They managed to download a file with name “NCFTA_iOS_devices_intel.csv” that contained the list of 12,367,232 Apple iOS devices along with Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.
The group has stripped most of the information before making the million records public though, probably because they must have plans of their own. The final release contains Apple UDIDs, APNS (push notification) Tokens, Device Name (e.g. “Arnold’s iPhone”) and Device Type (e.g. “iPhone”). MacRumors has verified some of the UDIDs and they appear to be legitimate.
We believe that this kind of information on its own might not do an awful lot of harm. Such information is used by developers of iOS apps to deliver push notifications. You may download the files to check if your UDID is present in the list or not.
[Update@ 19:37 UT]: Anonymous has tweeted that the pastebin post has become the most visited post in less than 24 hours.
— AnonymousIRC (@AnonymousIRC) September 4, 2012