Attacks/Breaches
2/10/2012
12:26 PM
Connect Directly
RSS
E-Mail
50%
50%

Apple Manufacturer Foxconn Hit By Hacktivists

Hacktivist group Swagg Security releases log-in credentials for the electronics manufacturing giant and its customers, numerous servers taken offline.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
A new hacktivist group has breached servers owned by Foxconn, the world's largest electronics manufacturer, and stolen usernames and passwords for numerous employees and customers.

The hacktivists, who call themselves Swagg Security--tagline: "hacking today for an entertaining tomorrow"--published the log-in credentials via Pastebin and BitTorrent. "Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly," according to a statement released by the group in its Pastebin post.

The 9to5 Mac blog said it verified that "these logins worked on more than one Foxconn server," but said that the affected servers now appear to be inaccessible. "We are certain that Foxconn admins are shutting down outside access; however, it is currently uncertain if any sensitive data leaked. The servers we see are mostly client intranets," it reported.

After the attack, a page on the Foxconn website advertising a selection of the services it provides for various customers, including Apple, HP, and Sony, was also offline.

[ Despite calls from Washington to keep jobs onshore, U.S. companies seem to be sending more tech work oversees. See India's Outsourcing Economy Booms. ]

Numerous technology giants outsource parts of their manufacturing operations to Foxconn. Also known as Hon Hai Precision Industry, the company is a key supplier for Acer, Apple, Cisco, Dell, Google, HP, Microsoft, Nintendo, Nokia, and Sony.

The manufacturer, however, has also been criticized for the quality of its work conditions. Notably, an explosion at an iPad factory in May 2011 killed two employees, while a raft of suicide attempts in 2010 led the company to increase employees' pay by 30%.

But Swagg Security said it hadn't hacked Foxconn to protest the working conditions. "Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an Iphone 5, we are not hacking for this reason," according to its Pastebin post. "We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?"

On a related note, Apple has recently been the focus of a number online petitions that are protesting what a New York Times investigation described as the "harsh conditions" at many Foxconn facilities, including "onerous work environments and serious--sometimes deadly--safety problems."

A petition drive hosted by Change.org is now calling on Apple to "protect workers making iPhones in Chinese factories" and has garnered more than 200,000 signatures. Corporate liability group SumOfUs, meanwhile, launched an online petition at the end of last month calling on Apple CEO Tim Cook to "overhaul the way [Apple's] suppliers treat their workers" when building the iPhone 5. It said the petition received 35,000 signatures within 24 hours of being announced.

In response to the criticism, Apple said in a statement, "We care about every worker in our worldwide supply chain," reported CNN. "We insist that our suppliers provide safe working conditions, treat workers with dignity and respect, and use environmentally responsible manufacturing processes wherever Apple products are made."

In this all-day Information & Technology virtual event, The Future of Multi-Channel Distribution, top business technologists, experts, and solution providers will discuss strategies, essential technologies and evolving regulator/legal issues around the next generation of multi-channel distribution best practices. When you register, you will gain access to live webcast presentations and virtual booths packed with free resources. It happens March 1. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JSMO000
50%
50%
JSMO000,
User Rank: Apprentice
2/10/2012 | 6:38:06 PM
re: Apple Manufacturer Foxconn Hit By Hacktivists
That article about Foxconn making 150k iPhones a day is from Sept 2010 before the 4s was announced... NOT the 5. Check your sources dude
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.