High-profile tech companies have been falling like dominoes in a series of hacks that in recent days targeted Apple and Facebook, but investigators seeking to discover the origins of the attacks have served up conflicting reports.
Just days after Facebook revealed that its systems were "targeted in a sophisticated attack," Apple on Tuesday said that it too had been the victim of hackers. The Cupertino-based tech giant said its computers were attacked by the same online miscreants who targeted Facebook and as with the earlier attack, no data appears to have been stolen in the Apple hack.
Earlier this month, Twitter also said that it detected "unusual access patterns" on its network, which indicated that attackers might have accessed the user data of approximately 250,000 users.
But who is attacking these companies and where are the attacks coming from?
Some investigators have pointed the finger at China — specifically to a prolific group of computer hackers traced to a government-backed military building in Shanghai. According to a new report from Mandiant, the People's Liberation Army Unit 61398 is located "in precisely the same area" as a section of APT1, an advanced persistent threat group that has stolen hundreds of terabytes of data from at least 141 organisations worldwide.
Case closed? Not quite. Bloomberg has reported that recent cyberattacks on some 40 companies, including Apple, Facebook, and Twitter, were the work of "an Eastern European gang that is trying to steal company secrets."
The news agency cited unnamed sources "familiar with the matter" as saying that investigations into the hacks had led them to suspect a Russian or Eastern European group of criminals using "at least one server" tracked to a Ukraine-based hosting company because the type of malware used in the Apple attack "suggest[s] it is the work of cyber criminals rather than state-sponsored espionage from China."
Interestingly, though Apple is only the latest company to go public with the fact that it was hacked, it was the "first to discover" the attacks were taking place, according to Bloomberg.
One area where agreement appears to be coalescing is over the way the malware made its way into Apple's systems, and possibly to those of Facebook and other companies as well.
Bloomberg pointed to the iPhone developer site iphonedevsdk.com as the origin of the malware, which exploits a zero-day Java vulnerability in the browsers of people visiting the site. Employees of Apple and other companies are believed to have visited iphonedevsdk.com and had their computers infected.
Apple, in reporting the hack earlier in the day, did not name a specific website as the origin of the malware that "infected a limited number of Mac systems" but did refer to a "website for software developers" as the threat's origin.
But All Things D also reported Tuesday that iphonedevsdk.com was the site in question, citing its own unnamed sources "close to the Facebook hacking investigation." After publishing its report, All Things D received a statement from site owner Ian Sefferman, who told the tech site:
"We're investigating Facebook's reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We're actively ensuring that is not the case. Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement. Our users' security is incredibly important to us and we'll be sure to follow the investigation through to completion."
Meanwhile, as many outlets reporting on this ongoing story have urged readers, it's probably wise not to visit iphonedevsdk.com until this issue is cleared up.
In other hacking related news, Burger King suffered an embarrassing security breach earlier this week - an attack that has been linked with Anonymous and its affiliate, Lulzsec.