See more...

Hacker Collective AntiSec Strikes at Apple, Internal Usernames and Passwords Compromised

Just last week, we brought to you a news that the notorious hacker collective, LulzSec have officially disbanded after almost 2 months of hacking several high profile companies such as Sony and AT&T and as well as several gaming companies and forums. But just when we thought that LulzSec's hacking spree is over, enter AntiSec, a hacker group formed which mainly comprised of Anonymous and LulzSec members. Their latest victim this time around is none other than Apple.

According to a report by The Wall Street Journal, AntiSec allegedly broke into Apple's servers and retrieved about 26 administrative usernames and passwords and as usual, leaked them online for people to download. According to a tweet just this Sunday from @AnonymousIRC, a known Twitter account operated by Anonymous, AntiSec is claiming responsibility for the recent attack on Apple.

Not being so serious, but well: | #Apple could be target, too. But don't worry, we are busy elsewhere. #AntiSec

Anonymous Tweet
As of this writing, Apple hasn't made any official announcement with regards to this security attack, maybe because they are still not sure what are the damages caused by the breach.

The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.” A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.

Based on the attack and the information that was stolen, this security breach of Apple will only affect internal login credentials and fortunately not a single Apple IDs or accounts from consumers were compromised. While this may seem to be quite a harmless attack from AntiSec, the group also claimed responsibility for breaching into the server of yet-to-be-launched iCloud service of Apple:

Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy flee. Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going? We then switched to root ammunition rounds. And we rooted… and rooted… and rooted…After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database password which we proceeded to shift silently back to our storage deck.

LulzSec and Anonymous
AntiSec is now the new hacking group that's supposedly to replace the now disbanded LulzSec, which as mentioned before is a group that is mostly comprised of Anonymous and former LulzSec members. In the past, Anonymous have been organizing attacks to prominent organizations with the motives that are usually either political or social. In contrast, LulzSec organizes security attacks that are either random or by granting a request by phone and it is all in the name of "lulz". AntiSec was formed last month after LulzSec was officially banded after a 50-day operation.

While both these attacks from Apple are seemingly harmless, both LulzSec and Anonymous have conducted numerous security attacks that caused quite a significant amount of damage. The most notable one is this year's "Operation Sony", a coordinated attack on the PlayStation Network which caused 3 weeks of downtime and millions of user accounts which includes passwords, credit card numbers, home addresses etc are allegedly compromised. As if that wasn't enough, Sony experienced further attacks, to which LulzSec claimed responsibility, over the month of May. Sony suffered a total of about $173 million in damages as it tries to reinstate PSN and for customer refunds. [via TheWallStreetJournal]

Contact Us for News Tips, Corrections and Feedback

Related posts

Leave a message...