Few facts and many assumptions, have emerged since Facebook revealed on Friday that it had been hacked.
Sadly the facts are few: Both Facebook and Apple claim staff laptops were infected by visiting a site on mobile development. The malware argeted Java plug-ins running in the browser. But with reports circulating purporting to say more, SocialTimes asked Facebook for further details (we were pointed to the same blog post we’d already reported on) and scoured the news reports to see what’s actually in them.
Apple was hacked by the same perpetrators.
Despite a headline from Reuters indicating that Apple and/or Facebook had confirmed that they their hackers were the same, the reporting does not indicate that either company has said as much.
AllThingsD says that website was likely iPhoneDevSDK. Facebook told Ars Technica that the malware would work on Macs or PCs. Apple said its Macs were infected.
Very likely to be the case, but unprovable without confirming that the malware and the website were identical.
Twitter said in its disclosure that, “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.” These claims are self-interested and should be taken with a grain of salt. The timing of Facebook and Apple’s disclosures shortly after Twitter’s is suggestive, but major companies are under constant assault from hackers, so the timing could just as easily reflect either coincidence or those companies taking advantage of Twitter’s announcement to release their own bad news.
Facebook pointed in its announcement to other recent hacks that had been attributed to the Chinese. But it made no substantive claim that the hackers were the same or related. A New York Times article today went into more detail about the hacks attributed to the Chinese, and said that some targeted big American companies in “20 industries, from military contractors to chemical plants, mining companies and satellite and telecommunications corporations.” The companies were not named. The method of attack described by Facebook and Apple is not mentioned.
Although both Facebook and Apple have noted how sophisticated the attacks against them were, the evidence they’ve provided for that doesn’t fully substantiate the assertions, which are clearly self-interested. Java browser plug-ins are widely known to be vulnerable: This isn’t cutting edge stuff.
The companies have repeatedly hinted at such involvement and mentioned their cooperation with law enforcement. They may be using these hints to deflect their own security shortcomings, or they may be trying to allude to something which they’ve been asked by officials to avoid stating outright.
Possible but unsubstantiated.
Bloomberg reports that the hackers are criminals based in Eastern Europe, relying on anonymous sources. The sources say the malware used has been linked to Eastern European hackers. It’s possible, based on the timing of the reports, that Bloomberg asked security researchers what kind of malware they’d found on the site conjectured by AllThingsD to be the mobile development site distributing the malware. Such bootstrapping seems ill-advised. (Bloomberg has also repeatedly reported that Facebook is on the verge of putting out its own phone, citing anonymous sources. Fool me once, the boy who cried wolf: We’re skeptical.)
Without more information on who the sources are, whether they had access to the malware that infected Apple and Facebook and how they tie it to European gangs, it’s impossible to say.