Attacks/Breaches
2/10/2012
12:26 PM
Connect Directly
RSS
E-Mail
50%
50%

Apple Manufacturer Foxconn Hit By Hacktivists

Hacktivist group Swagg Security releases log-in credentials for the electronics manufacturing giant and its customers, numerous servers taken offline.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
A new hacktivist group has breached servers owned by Foxconn, the world's largest electronics manufacturer, and stolen usernames and passwords for numerous employees and customers.

The hacktivists, who call themselves Swagg Security--tagline: "hacking today for an entertaining tomorrow"--published the log-in credentials via Pastebin and BitTorrent. "Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly," according to a statement released by the group in its Pastebin post.

The 9to5 Mac blog said it verified that "these logins worked on more than one Foxconn server," but said that the affected servers now appear to be inaccessible. "We are certain that Foxconn admins are shutting down outside access; however, it is currently uncertain if any sensitive data leaked. The servers we see are mostly client intranets," it reported.

After the attack, a page on the Foxconn website advertising a selection of the services it provides for various customers, including Apple, HP, and Sony, was also offline.

[ Despite calls from Washington to keep jobs onshore, U.S. companies seem to be sending more tech work oversees. See India's Outsourcing Economy Booms. ]

Numerous technology giants outsource parts of their manufacturing operations to Foxconn. Also known as Hon Hai Precision Industry, the company is a key supplier for Acer, Apple, Cisco, Dell, Google, HP, Microsoft, Nintendo, Nokia, and Sony.

The manufacturer, however, has also been criticized for the quality of its work conditions. Notably, an explosion at an iPad factory in May 2011 killed two employees, while a raft of suicide attempts in 2010 led the company to increase employees' pay by 30%.

But Swagg Security said it hadn't hacked Foxconn to protest the working conditions. "Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an Iphone 5, we are not hacking for this reason," according to its Pastebin post. "We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?"

On a related note, Apple has recently been the focus of a number online petitions that are protesting what a New York Times investigation described as the "harsh conditions" at many Foxconn facilities, including "onerous work environments and serious--sometimes deadly--safety problems."

A petition drive hosted by Change.org is now calling on Apple to "protect workers making iPhones in Chinese factories" and has garnered more than 200,000 signatures. Corporate liability group SumOfUs, meanwhile, launched an online petition at the end of last month calling on Apple CEO Tim Cook to "overhaul the way [Apple's] suppliers treat their workers" when building the iPhone 5. It said the petition received 35,000 signatures within 24 hours of being announced.

In response to the criticism, Apple said in a statement, "We care about every worker in our worldwide supply chain," reported CNN. "We insist that our suppliers provide safe working conditions, treat workers with dignity and respect, and use environmentally responsible manufacturing processes wherever Apple products are made."

In this all-day Information & Technology virtual event, The Future of Multi-Channel Distribution, top business technologists, experts, and solution providers will discuss strategies, essential technologies and evolving regulator/legal issues around the next generation of multi-channel distribution best practices. When you register, you will gain access to live webcast presentations and virtual booths packed with free resources. It happens March 1. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JSMO000
50%
50%
JSMO000,
User Rank: Apprentice
2/10/2012 | 6:38:06 PM
re: Apple Manufacturer Foxconn Hit By Hacktivists
That article about Foxconn making 150k iPhones a day is from Sept 2010 before the 4s was announced... NOT the 5. Check your sources dude
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.