A group of hackers claim they have compromised Foxconn's servers
Feb. 9, 2012
A group of hackers claim that they successfully hacked into Chinese contract manufacturer Foxconn yesterday, and a long list of email log-ins and intranet passwords were posted online. If this is true, it could cause many fraudulent orders for the company. And Apple is one of Foxconn's largest customer.
In a lengthy message posted to Pastebin, the hacking group Swagg Security claimed the attack on Foxconn. Although they described Foxconn’s dubious track record on the company's poor working conditions at length, the group said this was not the primary motive for the attack on its servers.
The message read: "Although we are considerably disappointed of the working conditions at Foxconn, we are not hacking a company for such a reason and, although we are slightly interested in the existence of an iPhone 5, we are not hacking for that reason either."
And it continued: "We hack for the cyberspace who share a few common viewpoints and philosophies. We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?"
Internet-Security.ca tried to contact Foxconn’s Shenzhen headquarters in China for confirmation but had not heard back at the time we posted this.
But according to their Twitter feed, the hackers gained access to Foxconn’s network via an outdated security vulnerability in a version of Internet Explorer which was extensively being used internally by the company.
The information posted online includes mail server log-in and username credentials, as well as various log-ins for procurement sites and intranets which Swagg Security claimed “could allow individuals to make fraudulent orders under big companies' names such as Apple, Microsoft, IBM, Intel, Dell, HP and a few more”.
“But Foxconn did have an appropriate firewall, however. The issue is that we were able to bypass it almost flawlessly,” the hackers explained in their note.
“Of course with the funding by ourselves, we did have our limitations. However, with several hacking techniques employed and a couple of days in time we were able to dump most of everything of significance nevertheless.”
Other security experts were able to verify that the stolen log-ins worked on more than one Foxconn server. Foxconn does appear to be taking measures to lock down its systems, however. Swagg Security tweeted on Thursday morning that the company had closed the compromised services.foxconn.com by saying: “Guess you guys made one too many orders”.
F-Secure chief research officer Mikko Hypponen says that, looking at the data released by the hacktivists, Foxconn wasn't following network security best practices. "If you do a Google search for the site: services.foxconn.com, you'll see that they had a file uploading service there for their partners," he said.
"So my best guess at this stage would be that the hackers managed to upload something malicious on the services.foxconn.com servers and somehow used that to gain access into the system."
The news comes as pressure mounts on Apple and other big tech companies to clamp down on conditions in supplier factories, in an effort for better and safer working conditions in Foxconn factories.
This morning, concerned Apple customers will drop off over 250,000 signature petitions in cities across the globe including New York, London and Sydney, registering their strong disapproval of supplier working practices, mostly directed at Foxconn, but there are also a few other contract manufacturers as well that are also being targeted.
Overall, Foxconn usually comes in for the most abuse, and understandably so, given that lucrative contracts with big names such as Apple, Dell, Intel and Microsoft have made it one of the largest electronic component manufacturers on the planet.
In other internet security news
A job-hunting hacker in Hungary who tried to get a job with the Marriott Hotel by hacking into the chain's network before offering to sort out the resulting mess has been found guilty of hacking and attempted extortion, and will have to spend the next 2 1/2 years in a U.S. federal prison.
Aged 26, Attila Nemeth did admit to sending Trojan-infected emails to workers at the hotel late in 2010, allowing him to access back end servers from PCs he managed to infect.
Nemeth then extracted sensitive data which he threatened to reveal unless the hotel chain offered him a job maintaining Marriott's computer systems.
Marriott responded to the event by reporting Nemeth to U.S. authorities, which ran a sting operation. Nemeth entered into an email and phone conversion with a U.S. federal agent posing as a hotel manager before he was persuaded to travel to the United States, ostensibly to attend an all-expenses-paid job interview.
Under the disguise of a Marriott job interview, Nemeth was coaxed into explaining how he hacked into the company's computer systems. He was subsequently arrested and charged with computer crime and extortion.
Nemeth then pleaded guilty to both crimes last November prior to a sentencing hearing last week, where he was sentenced to 2 1/2 years behind bars.
Marriott Hotels estimates that Nemeth's hacking attempts resulted in expenses of between $400,000 and $1 million in consultant expenses and other costs associated with determining how much damage the hacker might have caused.
In other internet security news
Cim Stordal, a fifteen years old teenager has discovered some critical security flaws in Google, Facebook, Microsoft and Apple programming code.
When he's not in school, Cim spends part of his time playing the Team Fortress video game, shooting his Airsoft pellet gun, and working in a fish store in Bergen, Norway.
But his real passion in his young life is hunting for, and then discovering security flaws in software used by millions of people today, both on and off the internet.
And Cim has made the Google Security Hall of Fame. He's also been credited with disclosing a cross-site scripting issue to Apple, he's then been thanked by Microsoft officials for disclosing a security vulnerability to the company, and Cim also received an elite 'White Hat' Visa card from Facebook with $500 credit on it.
"I got a card for a self-persistent XSS (cross-site scripting issue) at Facebook, and a nonpersistent XSS at Google, Microsoft, and Apple," he said.
As a self-persistent issue, Facebook's security hole that Stordal disclosed wasn't exploitable by a third-party because it required a user to take an action to be at risk.
"I just look around at the site and find out where I can input HTML code and it's not filtered in the source code. Often they filter some characters but forget some or they totally forget that input," he said.
"What an attacker often wants is just the cookie, which can be used to log-in as the user," he said. Stordal added that of all the sites he poked around in, surprisingly, Apple was the easiest to find a security flaw in. "I found the Facebook security issue after four days and the Google one after three, but Apple took me only five minutes" to find two XSS flaws, he said. Apple representatives did not respond to a request seeking comment.
And the companies involved appreciate his efforts, particularly because he tells them before going public with any of the details. "Everyone was happy about it and they fixed the issues kind of fast," he said.
Stordal started looking for security vulnerabilities in software when he was just 14 years old last year. "I have always loved being on the PC and I already was programming some C++," he said. "So I wanted to do something new and constructive, so I searched around and learned Basic programming."
Cim's friends are impressed with his skills and ask him to help keep their Web sites secure. His parents aren't really sure what to make of his research.
"They think it's kind of cool, I guess, as they don't understand what I do," he said. "But they also don't want me to stay on the computer all day."
His next move is looking for security vulnerabilities on mobile devices. He's trying to set up a fuzzer (automated software testing tool) on his iPhone 3 GS.
In other internet security news
The hacking group Anonymous has successfully hacked into some U.S. federal websites. Most of the sites shut down by the hackers were up and running early this morning, including the Department of Justice, the FBI and some entertainment sites.
This is referred to as one of the U.S. federal government's largest anti-piracy crackdowns. The group Hacktivist Collective Anonymous admitted that it was responsible for taking down the sites yesterday.
Hours after the announcement of the arrests, some of Megaupload's site visitors turned the table on the feds, knocking the U.S. Department of Justice and the FBI websites offline.
Both sites appeared to be back up this morning, however. A law enforcement official said that the FBI was investigating. Anonymous said ten websites in all were targeted and early Friday the sites for music publishing and licensing group, BMI and record company Universal Music were still down, however.
When the sites were visited, they said "This site is under maintenance. Please expect it to be back shortly." The hacker group announced its attentions on Thursday.
"We, Anonymous, are launching our largest attack ever on government and music industry sites. Lulz," the group said in a statement posted late Thursday on an associated Twitter account. "The FBI didn't think they would get away with this did they? They should have expected us."
The hacking group also posted personal information on former Connecticut Senetor Chris Dodd, chairman of the Motion Picture Association of America, one of the targeted sites.
A Justice Department spokesperson, who did not want to be identified, said its Web server was "experiencing a significant increase in activity, resulting in a degradation in service."
"The department is working to ensure the site is available while we investigate the origins of this activity, which is being treated as a malicious act until we can fully identify the root cause of this disruption," the spokesperson said.
The website errors came soon after various Twitter accounts associated with the collective took aim at the U.S. government. Anonymous' favorite weapon for these attacks is what's called a "distributed denial of service" (DDoS) attack, which directs a flood of traffic to a website and temporarily crashes it by overwhelming its servers.
Source: Swagg Security.
You can link to the Internet Security web site as much as you like.