Every year, Microsoft hosts an invitation-only conference on the world’s most dangerous hackers. It’s a chance for law enforcement to mingle with security researchers and banks, technology companies, credit-card processors, oil producers, and others on the long list of victims being rifled by criminal hacking groups and Chinese cyberspies. This year’s event is happening this week in Barcelona, Spain.
Among the attendees are representatives of Facebook, who will have a lot to talk about, starting with how the company was hacked. According to a Facebook announcement last week, the computers of some of the company’s key employees were infected when they visited a mobile developer’s website.
The Facebook attack turns out to be far more extensive than has been disclosed. According to two people familiar with the company’s investigation, more than 40 companies were also attacked, including Twitter, which announced earlier this month that its servers had been compromised, and Apple, which disclosed a hacker breach today, admitting the breach but assuring investors that none of its intellectual property had been stolen.
Employees at the companies were first infected when they visited the iPhone developers site. (Warning: Do not visit the site, because it may still be compromised with malware.) The site is called iphonedevsdk.com, which the hackers had infiltrated and used to implant malware via a security flaw in the victims’ browsers. The security firm RSA calls this a “waterhole attack,” one of the newest hacker tricks befuddling the defenders of corporate networks. Like a jungle predator sitting at a waterhole, the hackers don’t always know which sort of prey might wander by. But by putting their malware on a popular iPhone developers site, the hackers were virtually guaranteed some tasty possibilities—software developers, technology companies, or a smorgasbord of consumer-product companies building mobile apps.
The majority of victims have yet to come forward, but investigators say the attack has all the hallmarks of cyber-espionage, with the hackers seeking source code, technology, and other corporate secrets. User data from the social media sites could also be used to target employees of technology-rich companies, a far more valuable use for it than fencing the account passwords for a few hundred bucks apiece.
When the attack on Facebook and Apple was first disclosed, many observers—including me—assumed that it originated in China, as in the episodes described by me and Dune Lawrence in the current cover story of Bloomberg Businessweek. But it looks like this attack came from Eastern Europe. It appears the Russian mafia—or an equally scary organization—is getting into the game of industrial espionage in order to sell company secrets to the highest bidder. The buyer could be a competitor in Asia, Brazil, or Europe, or the startup down the street.
You no longer need a spy agency to steal the next hot technology. You just need a big enough bank account.