Many companies likely affected by iOS developer forum compromise
iPhoneDevSDK administrators confirm that the site was compromised and hosted a zero-day exploit in January
IDG News Service - The administrators of a popular iOS developer Web forum called iPhoneDevSDK confirmed Wednesday that it had been compromised by hackers who used it to launch attacks against its users. Security experts believe the site served as a gateway for the recent attacks against Twitter, Facebook and Apple employees and that many other companies might be affected as well.
At the beginning of February, Twitter announced that it had been the target of an attack and that hackers might have accessed authentication data on 250,000 users.
"This attack was not the work of amateurs, and we do not believe it was an isolated incident," Twitter said at the time. "The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked."
Twitter did not reveal many details about the attack, but encouraged users to disable Java in their browsers, suggesting that the attack might have involved a Java vulnerability.
On Friday, Facebook revealed that its employees were also targeted in a sophisticated attack last month. "This attack occurred when a handful of employees visited a mobile developer website that was compromised," the company said in a blog post at the time. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops."
The company said that the exploit used a zero-day -- a previously unknown -- vulnerability in Java that was immediately reported to Oracle and patched in an emergency Java update on Feb. 1.
"Facebook was not alone in this attack," the company said at the time. "It is clear that others were attacked and infiltrated recently as well."
On Tuesday, Apple announced that a small number of the company's systems had been compromised and infected with malware. The attack involved an exploit for a vulnerability in the Java browser plug-in that was served from a website for software developers, the company said.
Later on Tuesday, citing an unnamed source close to Facebook's investigation into the attack, AllThingsD reported that the compromised website was likely iPhoneDevSDK.com, a community forum for iOS developers.
Ian Sefferman, one of the iPhoneDevSDK administrators confirmed Wednesday that the website had been compromised, but said that he learned about it from the press and not the affected companies.
"We were alerted through the press, via an AllThingsD article, which cited Facebook," he said in a message posted on the forum. "Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach."
"Immediately, we were in contact with Facebook's security team, including Joe Sullivan, Facebook's Chief Security Officer, and his team, to learn what they knew," he said. "We also contacted Vanilla, our amazing forum hosts, to ensure the problem was not with their software."
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts