Attacks/Breaches
2/10/2012
12:26 PM
50%
50%

Apple Manufacturer Foxconn Hit By Hacktivists

Hacktivist group Swagg Security releases log-in credentials for the electronics manufacturing giant and its customers, numerous servers taken offline.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
A new hacktivist group has breached servers owned by Foxconn, the world's largest electronics manufacturer, and stolen usernames and passwords for numerous employees and customers.

The hacktivists, who call themselves Swagg Security--tagline: "hacking today for an entertaining tomorrow"--published the log-in credentials via Pastebin and BitTorrent. "Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly," according to a statement released by the group in its Pastebin post.

The 9to5 Mac blog said it verified that "these logins worked on more than one Foxconn server," but said that the affected servers now appear to be inaccessible. "We are certain that Foxconn admins are shutting down outside access; however, it is currently uncertain if any sensitive data leaked. The servers we see are mostly client intranets," it reported.

After the attack, a page on the Foxconn website advertising a selection of the services it provides for various customers, including Apple, HP, and Sony, was also offline.

[ Despite calls from Washington to keep jobs onshore, U.S. companies seem to be sending more tech work oversees. See India's Outsourcing Economy Booms. ]

Numerous technology giants outsource parts of their manufacturing operations to Foxconn. Also known as Hon Hai Precision Industry, the company is a key supplier for Acer, Apple, Cisco, Dell, Google, HP, Microsoft, Nintendo, Nokia, and Sony.

The manufacturer, however, has also been criticized for the quality of its work conditions. Notably, an explosion at an iPad factory in May 2011 killed two employees, while a raft of suicide attempts in 2010 led the company to increase employees' pay by 30%.

But Swagg Security said it hadn't hacked Foxconn to protest the working conditions. "Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an Iphone 5, we are not hacking for this reason," according to its Pastebin post. "We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?"

On a related note, Apple has recently been the focus of a number online petitions that are protesting what a New York Times investigation described as the "harsh conditions" at many Foxconn facilities, including "onerous work environments and serious--sometimes deadly--safety problems."

A petition drive hosted by Change.org is now calling on Apple to "protect workers making iPhones in Chinese factories" and has garnered more than 200,000 signatures. Corporate liability group SumOfUs, meanwhile, launched an online petition at the end of last month calling on Apple CEO Tim Cook to "overhaul the way [Apple's] suppliers treat their workers" when building the iPhone 5. It said the petition received 35,000 signatures within 24 hours of being announced.

In response to the criticism, Apple said in a statement, "We care about every worker in our worldwide supply chain," reported CNN. "We insist that our suppliers provide safe working conditions, treat workers with dignity and respect, and use environmentally responsible manufacturing processes wherever Apple products are made."

In this all-day Information & Technology virtual event, The Future of Multi-Channel Distribution, top business technologists, experts, and solution providers will discuss strategies, essential technologies and evolving regulator/legal issues around the next generation of multi-channel distribution best practices. When you register, you will gain access to live webcast presentations and virtual booths packed with free resources. It happens March 1. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
JSMO000
50%
50%
JSMO000,
User Rank: Apprentice
2/10/2012 | 6:38:06 PM
re: Apple Manufacturer Foxconn Hit By Hacktivists
That article about Foxconn making 150k iPhones a day is from Sept 2010 before the 4s was announced... NOT the 5. Check your sources dude
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.