By Alyssa Newcomb
@alyssanewcomb
Follow on Twitter
Feb 20, 2013 3:18pm
A string of hacking attacks at high-profile US companies has security experts and officials worried that the hackers are using information gained to plan even more sophisticated attacks.
Facebook announced it “was targeted in a sophisticated” attack last month, beginning a spate of high-profile hackings. The Twitter accounts of Burger King and Jeep were taken over by hackers earlier this week, just weeks after the site announced 250,000 user passwords had been compromised in an attack.
And on Tuesday, Apple confirmed the same hackers who went after Facebook had accessed a small number of Apple employees’ Macintosh computers.
The Apple, Facebook and Twitter attacks could be related to an Eastern Europe operation, according to reports from Bloomberg and Reuters.
“That part of the world is without a doubt the most prolific and advanced center for criminal hacking on the planet,” said Robert Siciliano, McAfee online security expert.
The social media hacks are separate from the alleged Chinese cyber espionage attacks detailed in a report released by Mandiant, a Virginia-based cyber security firm.
While there is a lot to sort out, here is what we know:
Apple and Facebook
No data was stolen in the Apple and Facebook hackings, according to both companies.
Security experts told ABC News that the only information likely compromised was on the personal computers of those employees whose machines were infected.
Both attacks used a vulnerability in Java, the software used to show much of the content on Web browsers. Because of that vulnerability, the Department of Homeland Security released a statement last month urging computer users to disable the software in browsers.
Apple said that its operating systems do not ship with Java installed. If a user installs Java, Apple’s software will automatically disable it if it has been unused for 35 days. Apple will also be releasing a new update that will help against Java threats.
On Tuesday, Apple released an updated Java malware removal tool.
“The more data that these criminal hackers have, the more insight they have to the code of these different tech companies and how they do what they do and who the people on the inside are,” Siciliano said. ”All this intelligence is everything they need to build better hacking tools.”
Twitter announced on Feb. 1 that 250,000 user passwords had been compromised, and said it had taken swift action, requiring a password reset before any hacked handle can be accessed again.
The breach was reportedly Twitter’s largest data compromise to data, though the number of affected Twitter handles accounted for less than 0.125 percent of the service’s 200 million active tweeters.
In a separate incident, the Burger King Twitter account @BurgerKing was hacked on Monday, with the logo, name and background page changed to McDonald’s.
The hacker posted tweets that Burger King had been sold to McDonald’s and the account had been taken over by McDonald’s employees. “We just got sold to McDonalds! Look for McDonalds in a hood near you @DFNCTSC,” the hacker tweeted at 12:01 p.m. ET. @DFNCTSC is likely an account set up by the hacker. Several of the posts used obscenities or racial epithets.
On Tuesday, Jeep became the second brand name to fall victim to a hacker, with a prankster taking over the account and suggesting the car company had been purchased by Cadillac.
Some unconfirmed reports suggested the Burger King hack had been perpetrated by the hacking group known as Anonymous.
Twitter is reportedly considering two factor authentication in order to help prevent hacks like Burger King and Jeep.
China
A report released by Mandiant, a Virginia-based cyber security firm, alleges a specific Chinese military unit is likely behind a cyber attack campaign that has stolen “hundreds of terabytes of data from at least 141 organizations” since 2006, including 115 targets in the U.S.
Mandiant’s report was released a week after President Obama said in his State of the Union address that America must “face the rapidly growing threat from cyber attack.”
“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he said.
Read More: Report Fingers Chinese Military Unit in US Hack Attacks
Protecting Online Privacy
President Obama pushed cyber security to the forefront last week, signing an executive order that will allow government agencies to work with private companies to tackle cyber threats.
Industries based in the U.S. will be asked to create voluntary standards for protecting information, while the federal government will commit to sharing cyber threat data with companies.
After the spate of hackings, Siciliano says personal users should be concerned and take precautions.
“When you have criminal hackers going after public-facing, consumer-oriented companies, the end game is to hack the public,” he said.
Read More: 10 Tips to Protect Yourself Online
ABC News’ Joanna Stern and Lee Ferran contributed to this report.
No comments:
Post a Comment