Feeds

back to article Hackers claim to have penetrated Foxconn backdoor

It had to happen eventually. Controversial hardware manufacturer Foxconn was reportedly hacked late on Wednesday and a heap of staff email log-ins and intranet credentials posted online which could allow third parties to lodge fraudulent orders. In a lengthy message posted to Pastebin, hacking group Swagg Security claimed the …

COMMENTS

This topic is closed for new posts.
Coat

Disgusted

I think it's outrageous, the way these workers are treated like slaves just to make shiny stuff for decadent Westerners.

Sent from my iPhone

22
0
Anonymous Coward

"is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?" -- Quite. A bit like a Prison Guard watching a fresh script kiddie getting his first gang raping in prison.

2
6
Silver badge

"script kiddie"

I'm not aware of any free or purchased scripts which can compromise a firewall-based system such as Foxcon's without major penetration testing and refinement (usually noticeable) or being run internally.

I know it makes shit-tier sysadmins (such as many Reg ACs) feel cool to think they're somehow skilled beyond the people who make them look like idiots so perhaps this unwarranted name-calling is related?

6
3
FAIL

@dogged

I love how you say firewall-based as if that, instantaneously makes the site more secure. It doesn't, they still need to open ports to the outside world and you can distribute the penetration test across a bot net to avoid detection.

There are several worms and general attack tools that try multiple attack vectors such as common php/iis/asp programming errors and password guessing on any open port (ssh, ftp, smtp-sasl,pop3) that takes a password. My server logs are stuffed full with the resulting warnings even though each host can only try 4 times before being blocked.

1
0
Silver badge

@Gerhard

Agreed completely, and that's kind of the point. Any competent admin will do their best to lack that shit down as far as is possible given the company's requirements.

In suggesting that those who cracked Foxcon simply bought or downloaded a script, our AC above is actually mocking their network, not the crackers. And the thing is, if Foxcon were THAT easy to crack, somebody (likely some environmental group or ethical labour campaigners) would have done it long ago.

A firewall is like any other wall. If it stays up for a long period of time without any unauthorized individuals getting through, you've done it well. If you've done it well, getting past it is not trivial (from the outside).

0
1
Silver badge

IE6?

However, according to their Twitter feed the hackers gained access to Foxconn’s systems via an “outdated vulnerability” in a version of Internet Explorer which was being used internally by the company.

So they are using IE6 and Active X in the management suite then?

Unfortunately the Active X bit is likely to be true, as historically, this was the preferred login mechanism for East Asian banks.

2
0
Gold badge

IE6 is widely used in China as many people run dodgy copies of XP and Microsoft lock them out of later versions with WGA.

1
0
Anonymous Coward

Yep...

...we all know how secure Microsoft's products are!

3
5
Silver badge

oh ffs

Honestly. Somebody's running a 10 year old system and that's Microsoft's fault now.

Some people should not be allowed keyboards, ever.

8
3
Thumb Down

Shame on paste bin...

I'm surprised that paste bin would accept logs of usernames and passwords when the only motivation for the attack was just for kicks. No political motive, no ethical motive, no moral motive. They hacked them "cos we can".

That's not what paste bin is for, is it?

0
1
Anonymous Coward

Correct

Well except for porn sites logins, but still there may be a moral objective in that. Just depends on your moral values.

1
0

really

I take it you have no idea what pastbin is. Pastbin is for quickly passing around large amounts of text for cases such as support requests and if they took the time to accept or deny things then it would be useless for the task it was designed for.

Given their history you can bet they will take down the logs as soon as they find out about them but complaining they didn't block them in the first place is just unreasonable.

0
0
Paris Hilton

Perhaps...

.they'll do the "ethical thing" and manipulate the HR/Payroll system therefore enabling Foxconn's "slave labour force" to earn a decent wage..

Paris: Because there's no such thing as too much disposable income

0
2
Anonymous Coward

Or better yet, fire them all!

Free the slaves!

0
0

This post has been deleted by a moderator

Silver badge
Facepalm

Wild speculation? We have it!

"So my best guess at this stage would be that the attackers managed to upload something malicious on the [services.foxconn.com] server and somehow used that to gain access."

They could also have used Psy powers.

1
1

I Still Marvel

That one application can so frequently and kindly serve as entry point to entire corporations.

Where do I want to go today? A dark satanic mill, please.

0
0
Anonymous Coward

Meh

Doesn't look like anything very interesting

0
0
Silver badge
Devil

Get a load of this then

http://www.washingtonpost.com/blogs/checkpoint-washington/post/hackers-release-call-between-fbi-and-scotland-yard/2012/02/03/gIQAtT8CnQ_blog.html

0
0
g e
Silver badge

Lots of emails?

Including ones where Apple acknowledge they know all about conditions at FC and cynically discuss how best to look like they're doing something while keeping costs down and production up?

Someone somewhere must be feeling a bit nervous, I'm sure.

0
2
Pint

Iron ring of firewalls good; security in depth not so good.

if yer a bean counter.

Beer - to remind me of lunchtime.

0
0
FAIL

Hacktivists?

Wow...that is giving some pretty big leeway. Hacktivists promote righting a wrong, fighting the good fight, not "the hilarity that ensues when..."

2
0

Petition

Is it still to late to sign the Petition? Also is it available online.

Could someone enlighten me, please?

Many thanks.

0
0
This topic is closed for new posts.