Apple under attack: developer portal targeted

Dispite having a world famous brand, millions of supporters and perhaps unlimited resources, not even Apple is impervious from cyber attack, a  problem that is of growing concern in many boardrooms. Apple has been forced to apologise to  loyal app makers after its developer website was targeted by hackers, disrupting services in the run-up to the release of its latest iPhone OS. Though Apple responded swiftly to the intrusion, it has  admitted that some of the developers’ data – such as names and addresses – may have been taken, in encrypted format.

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website,” Apple said in a note posted to the members section of its developers website.  Roger Thompson, chief emerging threat researcher at ICSA Labs speaking to Bloomberg had this to say:

“Unless it turns out the breach was worse than they’re saying, this won’t have much impact,”. “If it’s just e-mail addresses, developers will think ‘gosh, we may get some spam.’”

In a reactive comment to Apple under attack Ryan Rubin, managing director of Protiviti, a risk and business consulting firm said:

Whilst this is certainly a risk to Apple, there may be further risks relating to the motive behind this attack. There are also concerns as to whether the attackers were after specific nuggets of information that could be used to support future attacks on software deployed on this platform. For example, data, intellectual property and/or security settings relating to the content of apps and their libraries stored on the system. “We continue to see hackers going after weaker links in the security chain. Could this be part of a wider campaign to target Apple IOS users and their applications?”

Looking at the bigger picture, the reality is, advanced cyber attacks being made by state-sponsored cyber terrorists can take months to control even after being detected an IT security company was warned.

Alex Fidgen, Director at MWR InfoSecurity, made the comment following the publication of the Annual Report 2012-2013 from the Intelligence and Security Committee which indicated that cyber espionage had resulted in Ministry of Defence data being stolen.

Fidgen said: “Attacks targeting Government departments or industry suppliers can remain undetected and active for up to a year, so the problem becomes endemic. Furthermore, it can take months to control these attacks meaning that, during this time, huge amounts of information can be downloaded by the attacking party.”

“State sponsored activity is directly interested in the geo-political decisions being undertaken by governments and associated organisations.” “However, this is part of the larger picture of increased cyber espionage activity by one state versus another. While the report focuses mostly on UK Government departments being targeted, this picture is being played out daily amongst commercial organisations”.

Fidgen added: “A large number of organisations lack the understanding or, in the case of the Government, the capacity to deal with sophisticated attacks and their growing volume.” “Complex networks involving suppliers and partners are a challenge to security and were not built to defend against the attacks that are now being witnessed on a weekly basis.”

He ended: “The sophistication of these attacks is such that each time more organisations are being targeted. Information is being taken from each and pieced together to provide the final goal for the attacker.”

I am not suggesting the Apple attack was state sponsored merely the implications. Media outlets are reporting alledgedly, a Turkish security researcher named Ibrahim Balic is claiming to have been behind the breach, although he says that the intention was to demonstrate a leak in Apple’s security system, rather than acquire user information.