Attacks/Breaches
2/10/2012
12:26 PM
50%
50%

Apple Manufacturer Foxconn Hit By Hacktivists

Hacktivist group Swagg Security releases log-in credentials for the electronics manufacturing giant and its customers, numerous servers taken offline.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
A new hacktivist group has breached servers owned by Foxconn, the world's largest electronics manufacturer, and stolen usernames and passwords for numerous employees and customers.

The hacktivists, who call themselves Swagg Security--tagline: "hacking today for an entertaining tomorrow"--published the log-in credentials via Pastebin and BitTorrent. "Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly," according to a statement released by the group in its Pastebin post.

The 9to5 Mac blog said it verified that "these logins worked on more than one Foxconn server," but said that the affected servers now appear to be inaccessible. "We are certain that Foxconn admins are shutting down outside access; however, it is currently uncertain if any sensitive data leaked. The servers we see are mostly client intranets," it reported.

After the attack, a page on the Foxconn website advertising a selection of the services it provides for various customers, including Apple, HP, and Sony, was also offline.

[ Despite calls from Washington to keep jobs onshore, U.S. companies seem to be sending more tech work oversees. See India's Outsourcing Economy Booms. ]

Numerous technology giants outsource parts of their manufacturing operations to Foxconn. Also known as Hon Hai Precision Industry, the company is a key supplier for Acer, Apple, Cisco, Dell, Google, HP, Microsoft, Nintendo, Nokia, and Sony.

The manufacturer, however, has also been criticized for the quality of its work conditions. Notably, an explosion at an iPad factory in May 2011 killed two employees, while a raft of suicide attempts in 2010 led the company to increase employees' pay by 30%.

But Swagg Security said it hadn't hacked Foxconn to protest the working conditions. "Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an Iphone 5, we are not hacking for this reason," according to its Pastebin post. "We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?"

On a related note, Apple has recently been the focus of a number online petitions that are protesting what a New York Times investigation described as the "harsh conditions" at many Foxconn facilities, including "onerous work environments and serious--sometimes deadly--safety problems."

A petition drive hosted by Change.org is now calling on Apple to "protect workers making iPhones in Chinese factories" and has garnered more than 200,000 signatures. Corporate liability group SumOfUs, meanwhile, launched an online petition at the end of last month calling on Apple CEO Tim Cook to "overhaul the way [Apple's] suppliers treat their workers" when building the iPhone 5. It said the petition received 35,000 signatures within 24 hours of being announced.

In response to the criticism, Apple said in a statement, "We care about every worker in our worldwide supply chain," reported CNN. "We insist that our suppliers provide safe working conditions, treat workers with dignity and respect, and use environmentally responsible manufacturing processes wherever Apple products are made."

In this all-day Information & Technology virtual event, The Future of Multi-Channel Distribution, top business technologists, experts, and solution providers will discuss strategies, essential technologies and evolving regulator/legal issues around the next generation of multi-channel distribution best practices. When you register, you will gain access to live webcast presentations and virtual booths packed with free resources. It happens March 1. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
JSMO000
50%
50%
JSMO000,
User Rank: Apprentice
2/10/2012 | 6:38:06 PM
re: Apple Manufacturer Foxconn Hit By Hacktivists
That article about Foxconn making 150k iPhones a day is from Sept 2010 before the 4s was announced... NOT the 5. Check your sources dude
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2184
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

CVE-2014-3619
Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVE-2014-8121
Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

CVE-2014-9712
Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

CVE-2015-0658
Published: 2015-03-27
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.