Skip to main content

Filed under:

Cyber criminals exploit Java vulnerability to hack Apple, Facebook, and Twitter

Share this story

Twitter, Facebook, and Apple have all been the victim of recent attacks by hackers. While US newspapers have been fending off attacks allegedly originating in China, however, these attacks have come from a different source altogether. A criminal group in Russia or Eastern Europe is reportedly to blame, having gained access to the machines utilizing a zero-day vulnerability in Java. New revelations are coming almost daily at this point, and you can find them all right here.

  • Greg Sandoval

    Feb 27, 2013

    Greg Sandoval

    Foreign hackers steal more than a terabyte of data per day in ongoing cyberwar

    Two decades after computer security began generating billions by selling expertise and software designed to protect unwanted network intrusions, experts say those networks are more vulnerable than ever. Florida-based Internet security firm Team Cymru said in a report released today, shared exclusively with The Verge, that analysts there uncovered a massive overseas hacking operation that is making off with a terabyte of data per day. Some of the victims include military and academic facilities and a large search engine. The report doesn't identify who might be behind the attacks, but Team Cymru director Steve Santorelli conceded that, given the amount of resources behind the attacks, it is obvious the group is state-sponsored. "This is Internet theft on an industrial level," said Santorelli, a former detective with Scotland Yard.

    The United States is under siege. Team Cymru's report follows on the heels of similarly damning research issued last week by security firm Mandiant, a document that could be read as an indictment of the entire cyber-security sector. Mandiant detailed how a group of cyber commandos employed by China has electronically raided the computer networks of hundreds of American companies over several years to pilfer precious trade secrets. In a story about the Mandiant findings, The New York Times reported that Washington now believes China also has the ability to use the internet to sabotage water supplies, shut down power stations and hobble our financial system.

    Read Article >
  • Janus Kopfstein

    Feb 22, 2013

    Janus Kopfstein

    After so many hacks, why won't Java just go away?

    Java Duke by Project Kenai
    Java Duke by Project Kenai

    If you've been paying any attention to the security breaches hitting Apple, Facebook, Twitter, NBC, and others these past few weeks, you've probably noticed a common culprit: our poor old pockmarked friend, Java.

    As a web plugin, Oracle's aging code deployment platform has practically been a revolving door for widespread malware attacks recently, and for years the general consensus has often been that its risks have outgrown its usefulness. After spending a week Java-free back in 2010, PCMag's Larry Seltzer concluded that the Java platform as a whole "is pretty clearly a failure, and all that remains of it is a big fat attack surface on your computer."

    Read Article >
  • Carl Franzen

    Feb 20, 2013

    Carl Franzen

    Website allegedly behind hacks of Facebook, Apple, and Twitter says it's 'clean now'

    Facebook Security
    Facebook Security

    The owner of iPhone developer website iPhoneDevSDK says his team has patched a security hole behind malware that infected employee computers at Facebook, making the developer site safe to visit again.

    "It is clean now," said Ian Sefferman, iPhoneDevSDK's owner and operator, in an email to The Verge. Sefferman and his colleagues are still trying to figure out exactly what went wrong and how to keep their site and its 200,000 registered users secure from hackers in the future. Malware found on employee computers at Apple and Twitter also may have come from the site while it was compromised.

    Read Article >
  • Jeff Blagdon

    Feb 20, 2013

    Jeff Blagdon

    Apple, Facebook, and Twitter hacks reportedly originated in Eastern Europe

    The recent attacks on Apple’s systems originated in Russia or Eastern Europe, and are linked to similar attacks on Facebook and Twitter, say new reports from Reuters and Bloomberg. The goal of the attacks is said to be company secrets and intellectual property to be sold on the black market, unlike the the state-sponsored attacks coming out of China, which have instead focused on government secrets and national infrastructure.

    In all cases, employees’ computers were compromised after accessing the mobile developer website iphonedevsdk.com, which exploited a vulnerability in the Java browser plugin. While the precise location and nationality of the attackers is unknown, investigators have discovered at least one server in use by the criminal group in the Ukraine.

    Read Article >
  • Chris Welch

    Feb 19, 2013

    Chris Welch

    Apple and Facebook hacks traced to mobile development site, says AllThingsD

    Apple Retina MacBook Pro 15 STOCK
    Apple Retina MacBook Pro 15 STOCK

    AllThingsD is reporting that the culprit behind high-profile hacks targeting Apple and Facebook is "likely" a website called iPhoneDevSDK. The site, which is a hub for iOS and mobile development discussion, was reportedly injected with malicious code according to the report. Employees at Facebook apparently visited the iPhoneDevSDK website in recent weeks, just prior to a hack that the social network made public last Friday. AllThingsD suspects the same developer resource is responsible for an intrusion that comprised "a limited number" of Apple's internal computers. An exploit affecting Oracle's Java plugin served as a gateway for attackers in both instances. A discussion thread at MacRumors suggests that iPhoneDevSDK has encountered malware issues numerous times.

    Read Article >
  • T.C. Sottek

    Feb 19, 2013

    T.C. Sottek

    Apple releases Java update to eliminate malware threat

    Apple Retina MacBook Pro Stock
    Apple Retina MacBook Pro Stock

    Apple has released a new version of Java meant to plug a vulnerability that can be exploited to install malware on user's computers. The company made an unprecedented announcement this morning, admitting that hackers had effectively infected a "small number" of its computers after employees visited a website for software developers that contained the malicious code. Apple says it isolated those computers from its network, and promised that it would release a support tool today to patch the vulnerability. The update uninstalls Apple's Java applet plugin from all browsers, as well as the Java Preferences application, which it says is no longer needed to configure the applet's settings.

    Users can obtain the Java update through Apple's support website, or by using the Software Update tool for OS X.

    Read Article >
  • T.C. Sottek

    Feb 19, 2013

    T.C. Sottek

    Apple says it was attacked by hackers, will issue malware removal tool today

    apple iphone logo stock 1020
    apple iphone logo stock 1020

    In a statement provided to The Verge, Apple says that hackers infected a "small number" of its computers in an attack that exploited a Java vulnerability. As Reuters originally reported, the company says "there was no evidence that any data left Apple," and no user information is said to have been compromised. Apple says the rare security breach utilized the same malware that was recently used to target Facebook and other companies. Despite being a high-profile target, the situation is highly unusual for Apple, and the company says it is working with law enforcement to track down those responsible.

    "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," the company said in its statement. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network."

    Read Article >
  • Nathan Ingraham

    Feb 15, 2013

    Nathan Ingraham

    Facebook hacked, but has found 'no evidence' that user data was compromised

    Facebook Security
    Facebook Security

    As one of the largest sites on the internet, there's no doubt that Facebook is a prime target for hackers. It looks like some of those hackers were apparently successful — Facebook has just admitted that its systems were targeted last month in a "sophisticated attack." However, the company was quick to point out that "we have found no evidence that Facebook user data was compromised." It sounds like users have no need to worry at this point, but Facebook is continuing to work with its internal engineering teams, security teams at other companies targeted by the attack, and law enforcement officials in an effort to make sure such an attack doesn't happen again.

    As for the attack itself, Facebook says that a "handful" of employees visited a mobile developer website that had been compromised — the site hosted a zero-day exploit that installed malware on those employees' laptops. The malware bypassed the Java sandbox protections; once Facebook reported the vulnerability to Oracle, the company responded with a patch on February 1st to correct the flaw. Facebook said that the laptops were all running up-to-date virus protection software and they immediately fixed the machines and notified law enforcement.

    Read Article >
  • Bryan Bishop

    Feb 2, 2013

    Bryan Bishop

    Twitter also hacked this week, up to 250,000 accounts may have been compromised

    twitter censorship
    twitter censorship

    It's been a rough week for security breaches, and Twitter has just announced it was a victim of attacks this week as well. In a blog post, the company states that during this past week it detected "unusual access patterns" that led it to uncover unauthorized attempts to access user's data. Twitter even discovered one attack as it was happening, and was able to shut it down shortly thereafter. However, Twitter's post-mortem revealed that the perpetrators of the attack may have had access to account information for approximately 250,000 different users. According to the company, "usernames, email addresses, session tokens and encrypted/salted versions of passwords" would have been available.

    Twitter has reset the passwords and revoked session tokens for all such accounts; affected users should be receiving emails notifying them of the reset shortly. Users wil be required to create new passwords from scratch.

    Read Article >