The owner of the mobile developer Web site, iPhoneDevSDK, which was compromised by hackers and used to inject malware onto the computers of high-profile companies, including Facebook and Apple, only learnt of his site's involvement via media reports.
iPhoneDevSDK administrator Ian Sefferman published a blog post on Wednesday stating that, prior to seeing the reports that pointed the finger at the site, neither Facebook nor law enforcement had attempted to contact iPhoneDevSDK.
Only after seeing an AllThingsD report with details about the site's involvement, Sefferman contacted Facebook. He says the site has been working with Facebook's security team since.
Sefferman said: "What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site.
"That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain users' computers... We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on 30 January 2013."
Bloomberg has reported that sources close to the investigation have indicated the type of malware used in these attacks suggests it is the work of cyber criminals rather than state-sponsored espionage. It is estimated that about 40 companies have been affected.
Sources say they have reason to suspect an Eastern European group of cyber criminals who are trying to "steal company secrets" using at least one server traced back to a Ukrainian hosting company.
In separate statements, both Apple and Facebook said they did not have any evidence to suggest user data was compromised during the hacks. Apple workers' Macintosh computers were infected with the malicious software when they, like the Facebook employees, visited a mobile developer Web site.
The software infected Macs by exploiting a flaw in a version of Oracle's Java software which is used as a plug-in on Web browsers. There is also a version of the malware that infects computers running Microsoft's Windows operating system.
While it has not been confirmed by Twitter, it has been said the attack that saw the data of 250 000 Twitter accounts being compromised was a result of the same Java vulnerability that led to the Facebook and Apple hacks.
Share
