Tuesday, February 19, 2013

This Is the Site Likely Responsible for the Recent Major Tech Company Hacks

Apple, Facebook, Twitter — all hacked. And there’s probably more to come.

In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised Web site specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.

The site is called iPhoneDevSdk, according to sources close to the Facebook hacking investigation. It’s a hub for many companies concentrated on the mobile space.

After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday.

When asked for comment on the site in question, Facebook referred us back to the company’s blog post from last week, without going into further detail.

Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the Web site, AllThingsD is providing the name to inform readers, developers and organizations interested in mobile development in order to keep them from becoming infected.
It is likely also the Web site responsible for the recent hack of Apple employee laptops, as the company announced on Tuesday. “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,” the company said in a statement to AllThingsD provided earlier this morning.

Apple did not immediately respond to a request for comment on whether or not the iphonedevsdk site was involved in its hack.

It could also be the common thread behind the recent Twitter hack, which potentially compromised the accounts of 250,000 Twitter users. In the language of Twitter’s blog post, head of information security Bob Lord reminded users to disable Java inside of their browsers, a hint that this could be related to the Facebook and Apple hacks.

Apple also released a security update software patch to users on Tuesday which addresses the Java exploit, another indication that the iPhoneDev site is responsible for the company’s hack.
Twitter did not respond to a request for comment.

The hack is different from many familiar modes of attacking individual users and companies. It’s called a “watering hole” attack, in that it’s a centralized, popular location which many people visit across multiple industries.

“Everyone knows about spearfishing now,” said Joe Sullivan, Facebook’s chief security officer, in an interview with AllThingsD last week. “But being able to target a site on the Internet — it’s a really interesting idea that you could target people from there. You don’t have to get someone to open the email or click on the link.”

Or as independent security researcher Ashkan Soltani told us last week: “Rather than attack individual developers, they’ve poisoned the well.”

The type of attack has been used in other recent high-profile hacks. In December of last year, a watering-hole hack was discovered on the Council of Foreign Relations website, a Washington, D.C.-based think tank whose influence is widespread in “journalist, business and education circles.”
But the attack on mobile developers is potentially even more worrisome: The iPhoneDevSDK website isn’t just for tech-focused companies working on mobile apps. It’s an iPhone-specific site that any organization interesteed in mobile could benefit from visiting. And as Facebook said in its recent blog post, “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”

The implications loom large. As the tide has shifted over the past few years and more people have moved to using smartphones and tablets for their computing needs, countless numbers of major companies and organizations have invested heavily in mobile application development. Imagine how many visited the site and could unknowingly be affected.

“It’s the type of forum that anyone who was building apps for mobile devices would visit,” Facebook’s Sullivan told AllThingsD. “It’s pretty popular for sharing tips, tricks, etc.”
So going forward, the question now isn’t what company is next, but rather who’s willing to admit it next?

“I truly believe we’re going to see quite a bit more of these annoucements as companies start to get smarter and look more closely at their systems,” Soltani told AllThingsD in a previous interview.
Now, “It’s not a matter of whether or not you’ve been compromised,” Soltani said. “It’s whether you have the expertise to tell.”

by Mike Isaac


Post a Comment