黑客曝FBI監控蘋果移動用戶
????反安全黑客集團(AntiSec)發布了一段奇特的、慷慨激昂的公開聲明。這份聲明以拉什迪的《撒旦詩篇》(The Satanic Verses)中的詩句開頭,以說給共和黨總統候選人聽的一句德語臟話結束(“不過,羅姆尼,告訴他,他可以去舔鞋!”)。在聲明末尾,黑客們終于拋出了想要表達的觀點: ????2012年3月的第二周,聯邦調查局(FBI)地區網絡行動小組(Regional Cyber Action Team)兼紐約FBI辦公室證據響應小組(Office Evidence Response Team)的主管特工克里斯多夫?K. 斯坦格爾使用的一臺戴爾Vostro筆記本被黑客入侵。黑客利用了Java語言中原子引用數組(Atomic Reference Array)的漏洞,在shell會話過程中從他的桌面上下載了一些文件。其中一個文件夾名為“NCFTA_iOS_devices_intel.csv”,里面有一份包含12,367,232個蘋果iOS設備的清單,含有唯一設備標識(UDID)、用戶名、設備名稱、設備類型、蘋果推送通知服務標識、郵編、手機號碼、地址等信息。提及用戶的個人細節字段出現了多次空白,致使整張清單留有多處未完成部分。這個文件夾中沒有其他文件再提到過這份清單,也沒有透露它的用途。 ????這份聲明稱,這些數據是周二發布的,其中一些用于識別身份的信息已被刪除。它們是用來警告公眾的。聲明稱:“(不宜刊印)FBI正在利用你們的設備開展一個或數個人員跟蹤項目(不宜刊印)。”請注意,這些黑客沒說他們已經獲得了蘋果設備的注冊號、密碼或信用卡卡號。 ????但是,如果該聲明可信的話,廣大蘋果用戶的地址、手機號碼和iOS設備注冊號到底是如何從蘋果公司的服務器上流向FBI特工的筆記本的,這個問題需要有人給個解釋。 ????截至目前,蘋果公司或FBI都還沒有就此事發表評論。 ????黑客們聲稱,暫時不會發表進一步聲明,也不會接受媒體采訪,除非明星八卦網站Gawker的狗仔隊在Gawker首頁上貼出狗仔記者身穿芭蕾短裙、頭上頂著一只鞋子的照片。這支狗仔隊報道了兩大社交媒體網站——4chan(著名的匿名圖片分享社區)和Reddit之間的混戰。黑客在聲明中說:“不穿上芭蕾短裙,就別想得到更多消息”(No tutu, no sources)。 ????截至目前,Gawker尚未就此發表評論。 ????點擊這里可以閱讀反安全集團聲明的全文。必須提出警告的是:它含有不雅的語言。 ????The Next Web發布了一個查找工具,可以用它弄清自己的UDID是不是在已公布的1,000,001個UDID中。 ????最新消息:Gawker負責報道Reddit/4chan的狗仔阿德里安?陳已經在網站首頁上貼出了自己身穿芭蕾短裙,頭頂鞋子的照片。與此同時,FBI也通過科技博客AllThingsD發表了一項聲明。 ????FBI注意到,有公開報道聲稱FBI有一臺筆記本電腦遭盜用,有關蘋果UDID的私人數據已遭泄露。就目前而言,還沒有證據表明FBI有一臺筆記本電腦遭盜用,或FBI曾試圖獲取、或已經取得了這些數據。 ????呃。“就目前而言……還沒有證據……”也許是這樣。不過要是回到水門事件(Watergate)發生的年代里,這就是我們稱之為“非否認的否認”(nondenial denial)了。 ????譯者:清遠 |
????Toward the end of a bizarre rant that begins with a quote from Salman Rushdie's The Satanic Verses and ends with an off-color suggestion -- in German -- for the Republican candidate for President ("Romney aber, sag's ihm, er kann mich im Arsche lecken!") the anonymous AntiSec hacking group gets to the point: ????During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the Atomic Reference Array vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose. ????The statement says the data were released Tuesday -- with some identifying information removed -- to alert the public that, in its words,"[unprintable] FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME [unprintable]" Note that the hackers don't say they have obtained Apple IDs, passwords or credit card numbers. ????Still, if the claims are to be believed, users whose addresses, cell phone numbers and iOS device IDs made their way from Apple's (AAPL) servers to an FBI agent's notebook computer deserve an explanation. ????No comment so far from either Apple or the FBI. ????The hackers, for their part, say that no further statements or press interviews will be forthcoming until Gawker's beat reporter for two rough-and-tumble social media sites, 4chan and Reddit, is pictured on Gawker's front page dressed in a tutu with a shoe on his head. "No tutu, no sources." ????No comment so far from Gawker. ????You can read the AntiSec post in fullhere. Warning: It contains language unsuitable for polite company. ????Via: The Next Web, which has posted a look-up tool here to determine if your UDID is one of the 1,000,001 that were released. ????UPDATE: Gawker's Reddit/4chan reporter, Adrian Chen, has complied, posting a photo of himself in tutu with a shoe on his head. Meanwhile, the FBI has issued a statement through AllThingsD: ????The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data. ????Hmm. "At this time... no evidence...." Perhaps. But back in the Watergate era, that's what we used to call a nondenial denial. |
最新文章