Alleged Foxconn hack allowed bogus orders to be placed for vendors

Posted:
in General Discussion edited January 2014


A "Greyhat" hacking group announced this week that it had successfully hacked contract manufacturer Foxconn and released usernames and passwords for vendors that could be used to place fraudulent orders for companies like Apple and Microsoft.



Swagg Security published a statement (via MacRumors) on Wednesday taking credit for hacking the company's servers. The group cited "the hilarity that ensues when compromising and destroying an infrastructure" as the reason for its actions.



They did, however, also state that they were "considerably disappointed" with the inhuman working conditions at Foxconn and were also "slightly interested in the existence of an Iphone 5," but they denied that those were reasons for their hack.



"We aim to to reshape your perspectives, our perspectives, by the inducing of entertainment. A unique approach to spreading a unique philosophy which brings the sought after tranquility. In a way we are "hacktivist", but in our own views we are Greyhats," the group wrote.



Swagg Security alleged that it had bypassed Foxconn's firewall "almost flawlessly." Using several hacking techniques and a couple of days time, the hackers reportedly dumped "most of everything of significance," including usernames and passwords. According to the group, the leaked passwords "could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel, and Dell."



Foxconn administrators eventually took down services.foxconn.com, the hacking group noted on Twitter late Wednesday, quipping that one too many orders had been placed.



AppleInsider contacted Foxconn for confirmation that a security breach took place, but the company responded that it does not comment on matters of "internal network security."



Foxconn has been under scrutiny as of late after reports from The New York Times and CNN claimed the company is committing labor abuses against its workers. The backlash against the company are expected come to a head on Thursday when an activist group holds a demonstration outside of Apple's new Grand Central Terminal store and delivers petitions calling for Apple, one of Foxconn's biggest clients, and Foxconn to improve working conditions at the manufacturer's facilities.



[ View article on AppleInsider ]

Comments

  • Reply 1 of 8
    Right. I'm sure it'll still be hilarious when you hacktivists are in jail.
  • Reply 2 of 8
    Quote:
    Originally Posted by LighteningKid View Post


    Right. I'm sure it'll still be hilarious when you hacktivists are in jail.



    It would be worth it if it stopped another ipad plant from having an explosion.
  • Reply 3 of 8
    Quote:
    Originally Posted by Russell View Post


    It would be worth it if it stopped another ipad plant from having an explosion.



    You probably mean well so I'm not going to reply to that.
  • Reply 4 of 8
    asciiascii Posts: 5,936member
    Not a very secure choice of password Apple!
  • Reply 5 of 8
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by ascii View Post


    Not a very secure choice of password Apple!



  • Reply 6 of 8
    jragostajragosta Posts: 10,473member
    Quote:
    Originally Posted by LighteningKid View Post


    Right. I'm sure it'll still be hilarious when you hacktivists are in jail.



    I can't understand how they can avoid jail time. They just publicly announced that they committed a felony.



    And I don't care if they're unhappy with Foxconn's working conditions. It's illegal and wrong. No gray about it at all.



    Jerks.
  • Reply 7 of 8
    MarvinMarvin Posts: 15,310moderator
    Quote:
    Originally Posted by ascii View Post


    Not a very secure choice of password Apple!



    It might explain why they leave encryption passwords in the open in their OS.



    id: APPLE

    pw: foxconn2



    I imagine the 2 was only added after the signup said the password had to have at least one number in it.



    Not that these login details would actually allow you to place a multi-million unit order of course. It's not like ordering pizza for someone where Tim arrives at the doors of Apple HQ to find a million boxes, saying to the courier 'I didn't order these'.



    The best they could be used for is checking order progress on the next iPad but it seems they haven't leaked any meaningful info at all.



    Quote:
    Originally Posted by jragosta


    I can't understand how they can avoid jail time. They just publicly announced that they committed a felony.



    It's not like they are a registered, trading security company. The whole point is you don't know who they are.
  • Reply 8 of 8
    lilgto64lilgto64 Posts: 1,147member
    it's not Greyhat - the original statement was that they are Asshats.



    I am quite sure there are plenty of folks do are unable to see the hilarity in an security breach.



    And regardless of their intention the outcome may include consequences that they did not anticipate.



    Oh the whole it does not sound like a very serious problem (in terms of number of people affected, or any financial impact) - but should serve as a good wake up call to anyone who hears about it to review their own security policies.
Sign In or Register to comment.