Peek-a-boo: Apple’s in the Loop

0
720
Spread the love

Well, well, well, look whos back.

In June arabiangazette reported that Lulz Security though claimed to sail off into the oblivion might come back, under a different name.

Voila! Here they are.

It was apparent that LulzSec had no intentions of turning over a new leaf just another disguised one. It had said that it hopes the anti-security movement continues on without it, that the movement manifests itself into a revolution. As promised it is keeping to its end of the bargain.

New Hacks

“AntiSec,” a hacking campaign that includes hackers from both the online vigilante group Anonymous and hackers from the now-defunct Lulz Security, posted a document containing a link to a supposed Apple server along with a list of 26 administrative usernames and passwords.

They got the login names and encrypted passwords of the root and admin user. According to the hackers the data was stored in the user-table of the MySQL database. Apparently, AntiSec was able to gain access to Apple’s information by making use of a security flaw found in the software used by many companies to power their servers, although no mention was made about the software’s name.

The same hacker group already reported yesterday that they retrieved logins and passwords from a Dutch dating site called Pepper.nl.

Not New

Apple isnt unused to hacker attention: the company has played an ongoing cat-and-mouse game with iOS modders over the past few years, as they attempt to open up devices like the iPhone, iPod touch and iPad to unofficial software and remove carrier SIM locks.

However, its a big step from that to attempting to break into company servers and extract information.

It is also rumoursed that that Lulz Security (before it went under) said they were able to hack iCloud “Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?

We then switched to root ammunition rounds. And we rooted… and rooted… and rooted… After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck.”

The Apple data does not look to have prompted any personal information leaks, so far, as with Sonys huge PlayStation Network hack that saw 77m accounts compromised.

AntiSec

The Tweet read:

“Not being so serious, but well: http://t.co/DOE7Aeh | #Apple could be target, too. But don’t worry, we are busy elsewhere. “#AntiSec

The hash tag speaks more than anything else. This is obviously phase two of the AntiSec movement and it is defiantly our friends who had sailed away. We understand from the Tweet that the group did not take the Apple hacking seriously which is obvious as this website was mainly used by Apple for providing surveys for their customers. However it definitely is a hidden threat as it may do so in the future.

That elsewhere includes leaking Australian election data, the database from the pepper.nl dating site and more, all part of the so-called AntiSec hack campaign.

Apple is yet to comment publicly on the alleged hack, though it seems the AntiSec attention has moved on to other potential subjects.

Tech experts that arabiangazette spoke to all tell people to take care their personal data and passwords. It is the same advice again, change passwords and make it more complex. Dont keep the same passwords for all accounts.

It is apparent that a new wave of hacking is to be unleashed.

The dating site and Apples survey sites are just a reminder to every big corporation that they are not alone in the underbelly of the tech.

Source: wsj, dailymac, slashgear

Facebook Comments