The maker of iPhones, iPads, iPods, and Macintosh computers said it is working with law enforcement officials to hunt down the hackers, who appeared tied to a series of recent cyber attacks on US technology firms. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," Apple said in an email response to an AFP inquiry. The malicious software, or malware, took advantage of a vulnerability in a Java program used as a "plug-in" for Web-browsing programs. A "small number" of computer systems at Apple were infected but they were isolated from the main network, according the Silicon Valley-based company. "There is no evidence that any data left Apple," Apple said. Apple released a Macintosh computer operating system update that disables Java software that hasn't been used for 35 days or longer, as well as a tool for finding and removing the malware. Word of hackers hitting Apple came just days after leading social network Facebook said it was "targeted in a sophisticated attack" last month, but that it found no evidence any user data was compromised. Facebook said Friday that the malware came from an infected website of a mobile developer. "We remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," it said. It was unclear whether it was the same website blamed for the attack on Apple. Using a previously unseen tactic, the attackers took advantage of a flaw in Java software made by Oracle, which was alerted to the situation and released a patch on February 1, according to Facebook. The hackers appeared to be targeting developers and technology firms based on the website they chose to booby-trap with malicious code. "Facebook was not alone in this attack," the Northern California-based company said. "It is clear that others were attacked and infiltrated recently as well." Early this month Twitter said it was hammered by a cyber attack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen. "This attack was not the work of amateurs, and we do not believe it was an isolated incident," Twitter information security director Bob Lord said in a blog post at the time. Lord said there was an "uptick in large-scale security attacks aimed at US technology and media companies." The New York Times and The Wall Street Journal recently said they had been attacked by suspected Chinese hackers. The brazen cyberattacks on US media and technology firms have revived concerns over Chinese hackers, whom analysts say are likely linked to the secretive Beijing government. China's army controls hundreds if not thousands of expert hackers, according to a report Tuesday by a US Internet security firm that traced a host of cyberattacks to an anonymous building in Shanghai. Mandiant said its hundreds of investigations showed that groups hacking into US newspapers, government agencies, and companies "are based primarily in China and that the Chinese government is aware of them." The report focused on one group, which it called "APT1," for "Advanced Persistent Threat." "We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support," Mandiant said. It said the group was believed to be a branch of the People's Liberation Army and digital signatures from its attacks were traced back to the direct vicinity of a nondescript, 12-story building on the outskirts of Shanghai. China's foreign ministry rejected "groundless accusations" of Chinese involvement in hacking, saying China was itself a major victim, with most overseas cyberattacks against it originating in the United States. In his State of the Union address last week, US President Barack Obama said the potential ability of outsiders to sabotage critical US infrastructure was a major concern. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he said.
Hackers hit Apple in wake of Facebook attack
It's Not Just You: Chinese Hackers Are Terrible at Making Passwords, Too
When The New York Times and other news outlets reported being the victims of a massive, years-long cyberattack, it set off a rash of concerns about online security and personal Internet hygiene, reinforcing plenty of old, enduring lessons: Choose strong passwords; don’t click on links from strangers (or strange links from people you know); consider using different usernames for different online services.
Many Americans still don’t follow these security suggestions that can help protect them from online snooping and identity theft. But, evidently, neither do some Chinese hackers. In a bit of poetic justice, the identities of two of The Times’ hackers have become public, all because they got sloppy.
According to a report by Mandiant, the company The Times hired to investigate its security breach, one hacker who went by the handle "UglyGorilla" went around the Chinese Internet asking plainly whether China had a cyberarmy. In a lapse of personal security, UglyGorilla signed his name on the malware he wrote, on the domains he registered, and on Web forums.
“UG’s consistent use of the username 'UglyGorilla' across various Web accounts has left a thin but strong thread of attribution through many online communities,” the report read.
Investigators learned to identify hackers when the spies logged onto Facebook and Twitter, which are blocked to the rest of China by what has collaquially become known as the Great Firewall of China:
Like many Chinese hackers, APT1 attackers do not like to be constrained by the strict rules put in place by the Communist Party of China (CPC), which deployed the GFWoC as a censorship measure to restrict access to web sites such as google.com, facebook.com, and twitter.com. Additionally, the nature of the hackers’ work requires them to have control of network infrastructure outside the GFWoC. This creates a situation where the easiest way for them to log into Facebook and Twitter is directly from their attack infrastructure. Once noticed, this is an effective way to discover their real identities.
Another hacker identified by Mandiant went by the name of "DOTA." DOTA also had a tendency to spread his name around, creating Hotmail and Gmail accounts using variations of the same handle. Investigators were able to pinpoint the hacker’s location when, as part of a security check, Google sent DOTA a text message. The message contained a code that DOTA had to plug in on his browser to access his Google services -- a standard identity-protection feature called two-factor authentication. (By the way, if you don’t have two-factor authentication enabled, please do it now.)
DOTA’s big mistake was in telling Google to send the text message to a convenient phone number -- one that told Mandiant both what carrier the hacker was on (China Mobile) and where he was (Shanghai).
“The speed of DOTA’s response also indicates that he had the phone with him at the time,” said the report.
DOTA is also apparently a huge J.K. Rowling fan. In response to security questions like “Who is your favorite teacher?” DOTA’s answer would frequently come up as “Harry” and “Poter” (yes, with one T). Despite his skills at penetrating other people’s systems, DOTA was, it turns out, no wizard at personal or operational security.
It’s no small irony the everyday shortcuts users take and which subsequently open them up to hackers like DOTA and UglyGorilla, are the same traps that the two hackers fell into. Still, there’s another possibility: What if they wanted to be found?
While some countries go to great lengths to hide their attacks, China takes no such precautions, said Yael Shahar, an Israeli cybersecurity expert at the International Institute for Counter-Terrorism.
“They're very careful not to cover their tracks very well,” she told me, adding that it enhanced Chinese self-perceptions of “face” to leave a calling card. “It's a projection of power; it's not that they're trying to hide it.”
http://www.nationaljournal.com/tech...are-terrible-at-making-passwords-too-20130219
