How Eastern European attackers hacked Apple

By , Feb 20, 2013

apple-security1Investigators now believe a group of sophisticated Eastern European criminal hackers are responsible for a cyberattack on Apple and other U.S. technology and media firms. Until today, those probing the computer break-ins thought China was behind the electronic assaults. In Apple’s case, malware placed on an iPhone developer website may have been used to ‘bait’ visitors, according to one report Wednesday.

According to Bloomberg, which anonymously cited people close to law enforcement, malware which other victims described as “sophisticated,” was placed on the popular developer forum to potentially gain access to data stored on corporate computers…

Tuesday Apple confirmed the attack, but said there was “no evidence that any data left Apple.” The company said the attackers exploited a vulnerability in the Java plug-in for browsers and issued a patch three hours later.

Investigators now have tracked one server they think was used by criminals in Russia or Eastern Europe. That server was part of a hosting company in the Ukraine, according to Bloomberg.

The changing focus of the investigation departs from growing suspicion that Unit 61398, an elite cyberunit of China’s People’s Liberation Army, was behind the attack. Tuesday, the New York Times – itself a victim of hackers – reported that the nation’s military hackers were targeting Western corporations.

China Peoples Liberation Army Unit 61398 building
American intelligence officials exposed this 12-story building on the outskirts of Shanghai as the headquarters of Unit 61398 of the People’s Liberation Army.

Apple’s infection began when employees visited the popular iPhoneDevSDK forum, falling victim to a security hole in their browsers. That tactic is known as a “waterhole” attack, since victims behave like animals drawn to a waterhole, according to RSA Security.

In this case, the enticement was early access to software surrounding the iPhone which developers could use to prep their warez for upcoming Apple gear.

Security experts also said the malware was likely not targeting Apple itself, but developers working for other companies which would then infect their computers.

MacRumors highlighted today a blog post today from iPhoneDevSDK owner Ian Sefferman who shares details on how the hackers compromised his web site to launch attacks on Facebook and Google.

What we’ve learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.

We’re still trying to determine the exploit’s exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it’s important to stress that we have no reason to believe user data was compromised.

The social networking giant announced last Friday it was the victim of hackers, who infected a website used by mobile developers.

iphonedevsdk

Twitter may have acted as the front door for this latest rash of hacking.

The service announced earlier this month that information on around 250,000 users may have been snagged via an attack.

The attack, which Twitter described as “very sophisticated,” may have provided hackers clues on how to launch subsequent assaults.

So far, Along with Apple, the New York Times, the Wall Street Journal, the Washington Post, Facebook and Twitter have acknowledged being hacked.

  • Share:
  • Follow:
  • http://twitter.com/Cesuva Matthew

    Now if the hackers would work on iOS 7 instead of OS X, I’d be a lot more impressed.

    • Damian W

      good point.

    • http://www.facebook.com/profile.php?id=1600159663 Glorin Chiourea

      they hacked java… not OS X…

      • http://www.facebook.com/profile.php?id=1600159663 Glorin Chiourea

        java is a standart product that’s mainly used in browsers

      • Luis Finke

        but not in ios. that would be javascript my friend

  • Pedro N

    East from Eastern Europe is called Asia.

    • Damian W

      lol…I like the way the article points out EASTERN europeans. Like if they were a different species from western europeans.

      • http://twitter.com/ThaiFighter8 Altintas Knockout

        Actually eastern europeans are balkan countries, which are totally different from west europeans. So there is a big difference

      • Damian W

        In terms of race and culture they are not reallly different. In terms of language they are.

        If you could tell what is the racial difference or any difference between polish man and a german Man. Since they are considered eastern and western. I would be glad if you explain it….

      • http://twitter.com/nAcolz Acolz

        In terms of culture they are different.

      • Damian W

        Of course everyone has differnet culture, this includes my neighbour behind the wall who likes to drink more beer than me. But i dont think he is overall so different. Btw, how are cuturally different two nations such as poland and germany?

  • http://www.facebook.com/Jhonny1x Jonathan Jaimes

    What a lie