Cyber attacks on Apple believed to stem from Eastern Europe, not China

Posted:
in General Discussion edited January 2014
While earlier reports suggested hackers who targeted Apple emanated from China, investigators now believe the criminals are instead based out of Eastern Europe.

Security


The attacks on Apple, Facebook, Twitter and others are now linked to "an Eastern European gang of hackers that is trying to steal company secrets," according to Bloomberg, citing unnamed people familiar with an ongoing investigation.

"Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine," the report said. "Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said."

An earlier report from The New York Times had instead linked recent attacks on companies like Facebook to the Chinese Army. It claimed that there was "little doubt" that an "overwhelming percentage of attacks on American corporations, organizations and government agencies" originate from a People's Liberation Army group known as "Unit 61398" based out of the outskirts of Shanghai.

Apple announced on Wednesday that some of its employees' laptops had been infected through a vulnerability in the Java plug-in for browsers. The company revealed that the same malware was used against a number of companies, but did not indicate what country the attacks may have originated from.

"We identified a small number of systems within Apple that were infected and isolated them from our network," the company said in a statement. "There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."

The attacks are believed to have occurred through an iPhone developer community website that was hosting malware. It's believed that the infected code made its way onto the computers of Apple, Facebook, Twitter and other companies utilizing a Java zero-day flaw.

The method used by the criminals is a so-called "watering hole attack," in which hackers compromise a popular website that many people visit and trust.

Apple on Tuesday pushed out an update for all OS X users that patches the exploit, and also removes the Java Web applet.
«1

Comments

  • Reply 1 of 30
    blastdoorblastdoor Posts: 3,563member


    Hmm... so here's my thought... 


     


    Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are. 

  • Reply 2 of 30
    What will all those who dumped on China say now?
  • Reply 3 of 30

    Quote:

    Originally Posted by Blastdoor View Post


    Hmm... so here's my thought... 


     


    Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are. 



     


    "Going after"


    "These people would be done"


     


    LOL!


     


    Hackers have messed with Google, Apple, Facebook, Oracle, the US government (the list goes on) and still they cannot be rooted out. $100M would change this?


     


    Just what are you dreaming about here? Are you one of those GOP politicians who thought Iraq and Afghanistan would be simple wars to be easily won in the face of the US military might? Have you watched too many movies?


     


    And what do you mean by "done"? Apple is going to send out drones?

  • Reply 4 of 30
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by Blastdoor View Post


    Hmm... so here's my thought... 


     


    Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are. 



    You have a great point....Apple has the funds to hire a cyber-army that could track and take these guys down. But once they engage in that activity. They will become the high profile target of every hacker and hacking group on the globe. Imagine the instant notoriety and bragging rights of hacking Apple. I don't think Apple wants this type of presence.

  • Reply 5 of 30

    Quote:

    Originally Posted by stelligent View Post



    What will all those who dumped on China say now?


     


    What because an "unnamed" source said different? 

  • Reply 6 of 30
    tbelltbell Posts: 3,146member
    Quote:
    Originally Posted by stelligent View Post

    What will all those who dumped on China say now?

     

    OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.
  • Reply 7 of 30
    plagenplagen Posts: 151member


    Can't do that. They have wasted all the drones bombing China.

  • Reply 8 of 30
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by TBell View Post


     

    OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.


    I agree with you there has been enough proof that our president has even started to identify China as the source of a ton of cyber attacks against US companies and infrastructure. This is serious stuff....

  • Reply 9 of 30
    geekdad wrote: »
    You have a great point....Apple has the funds to hire a cyber-army that could track and take these guys down. But once they engage in that activity. They will become the high profile target of every hacker and hacking group on the globe. Imagine the instant notoriety and bragging rights of hacking Apple. I don't think Apple wants this type of presence.

    Sounds like you don't think he has a great point.
  • Reply 10 of 30


    Originally Posted by geekdad View Post

    Imagine the instant notoriety and bragging rights of hacking Apple.


     


    It's almost as though this isn't already the case.

  • Reply 11 of 30
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by ankleskater View Post





    Sounds like you don't think he has a great point.


    no...he has a point Apple could hire an cyber army and track these guys down and make life extremely hard for them. That was his point. It is valid. But the side effects of that action would be extreme retaliation of the hacking community. Apple could not withstand that type of effort. It would interrupt business and cause them extreme harm in the long run. the best approach is what they are no doubt already doing. gather as much information as they can. Protect themselves as best they can. Turnover all information to our govenment and the agencies that exist to counter this type of effort.

  • Reply 12 of 30
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by Tallest Skil View Post


     


    It's almost as though this isn't already the case.



    Not yet....imagine the bragging rights of taking down apple.com.........Or posting online Apple sales figures.....or posting online any type pf private information gathered from a real serious security breach and compromise.......

  • Reply 13 of 30

    Quote:

    Originally Posted by Blastdoor View Post


    Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are. 



     


    Apple should leave the policing to the police. Focus on improving their systems so these kind of attacks and attack attempts go no where for Apple users so we have secure systems to work on.

  • Reply 14 of 30

    Quote:

    Originally Posted by TBell View Post


     

    OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.


     


    Not to mention that Bloomberg isn't exactly the fount of accurate reporting when it comes to tech things' particularly Apple. Who knows if their information is correct or complete. The attack might have come via an Eastern Europe IP but who knows if that was the first point or just a hop on a train of connections to hide the truth.

  • Reply 15 of 30


    So much for GG's claims that Apple must have lost data because the PLA hackers always took data. image

  • Reply 16 of 30
    Must be that rouge MI-6 agent who "bypassed the 23-layer genetic multi IPSec encryption with rotating 2048-bit hyper key firewall and tea cozy."
  • Reply 17 of 30
    tzeshantzeshan Posts: 2,351member
    I always feel that these so-called investigators like NY Times and Radiant corp are not real experts. Do they know that the INTERNET is designed to be traceable? How would a government like China take the risk to be traceable and thus accountable? I think these investigators all have a hidden motive of demonizing Chinese government. We are already in 2013 this cold war mentality (do people still remember this?) is still buried deep in some people's brain.
  • Reply 18 of 30
    stelligent wrote: »
    "Going after"
    "These people would be done"

    LOL!

    Hackers have messed with Google, Apple, Facebook, Oracle, the US government (the list goes on) and still they cannot be rooted out. $100M would change this?

    Just what are you dreaming about here? Are you one of those GOP politicians who thought Iraq and Afghanistan would be simple wars to be easily won in the face of the US military might? Have you watched too many movies?

    And what do you mean by "done"? Apple is going to send out drones?

    I believe a good many politicians signed off on the Iraq and Afghanistan debacles regardless of political affiliation. Though I am surprised you didn't try to sneak in a Fox News reference as well. Never heard that one before.
  • Reply 19 of 30
    hftshfts Posts: 386member
    plagen wrote: »
    Can't do that. They have wasted all the drones bombing China.
    Idiotic statement. You do realize that Russia could turn the US into a "glassed parking lot" in about an hour, if the US sent in their drones. Ever heard of nuclear weapons?
  • Reply 20 of 30
    dysamoriadysamoria Posts: 3,430member
    tzeshan wrote: »
    I always feel that these so-called investigators like NY Times and Radiant corp are not real experts. Do they know that the INTERNET is designed to be traceable? How would a government like China take the risk to be traceable and thus accountable? I think these investigators all have a hidden motive of demonizing Chinese government. We are already in 2013 this cold war mentality (do people still remember this?) is still buried deep in some people's brain.

    Exactly. Because "socialism is bad" is the excuse for demonizing anyone. Sigh. Not much has changed in the world regarding differing government and market ideas. Frankly, China has done quite well by getting so much industry reliance installed there from the "most powerful and advanced nations of the world." War is obsolete when you can conquer by marketing and business. Well, obsolete to those that can accomplish dominance without firing a shot. There are a lot of insecure idiots just waiting for an excuse to start shooting. More.
Sign In or Register to comment.