Rising Computer Hack Attacks Prompt Concern
(NEW YORK) — A string of hacking attacks at high-profile U.S. companies has security experts and officials worried that the hackers are using information gained to plan even more sophisticated attacks.
Facebook announced it “was targeted in a sophisticated” attack last month, beginning a spate of high-profile hackings. The Twitter accounts of Burger King and Jeep were taken over by hackers earlier this week, just weeks after the site announced 250,000 user passwords had been compromised in an attack.
And on Tuesday, Apple confirmed the same hackers who went after Facebook had accessed a small number of Apple employees’ Macintosh computers.
The Apple, Facebook and Twitter attacks could be related to an Eastern Europe operation, according to multiple reports.
“That part of the world is without a doubt the most prolific and advanced center for criminal hacking on the planet,” said Robert Siciliano, a McAfee online security expert.
The social media hacks are separate from the alleged Chinese cyber espionage attacks detailed in a report released by Mandiant, a Virginia-based cyber security firm.
While there is a lot to sort out, here is what we know:
Apple and Facebook
No data was stolen in the Apple and Facebook hackings, according to both companies. Security experts told ABC News that the only information likely compromised was on the personal computers of those employees whose machines were infected.
Both attacks used a vulnerability in Java, the software used to show much of the content on Web browsers. Because of that vulnerability, the Department of Homeland Security released a statement last month urging computer users to disable the software in browsers.
Apple said that its operating systems do not ship with Java installed. If a user installs Java, Apple’s software will automatically disable it if it has been unused for 35 days. Apple will also be releasing a new update that will help against Java threats.
Twitter announced on Feb. 1 that 250,000 user passwords had been compromised, and said it had taken swift action, requiring a password reset before any hacked handle can be accessed again.
The breach was reportedly Twitter’s largest data compromise to date, though the number of affected Twitter handles accounted for less than 0.125 percent of the service’s 200 million active tweeters.
In a separate incident, the Burger King Twitter account @BurgerKing was hacked on Monday, with the logo, name and background page changed to McDonald’s.
The hacker posted tweets that Burger King had been sold to McDonald’s and the account had been taken over by McDonald’s employees.
On Tuesday, Jeep became the second brand name to fall victim to a hacker, with a prankster taking over the account and suggesting the car company had been purchased by Cadillac.
Some unconfirmed reports suggested the Burger King hack had been perpetrated by the hacking group known as Anonymous.
Twitter is reportedly considering two factor authentication in order to help prevent hacks like Burger King and Jeep.
A report released by Mandiant, a Virginia-based cyber security firm, alleges a specific Chinese military unit is likely behind a cyber attack campaign that has stolen “hundreds of terabytes of data from at least 141 organizations” since 2006, including 115 targets in the U.S.
Mandiant’s report was released a week after President Obama said in his State of the Union address that America must “face the rapidly growing threat from cyber attack.”
Protecting Online Privacy
Obama pushed cyber security to the forefront last week, signing an executive order that will allow government agencies to work with private companies to tackle cyber threats.
Industries based in the U.S. will be asked to create voluntary standards for protecting information, while the federal government will commit to sharing cyber threat data with companies.
After the spate of hackings, Siciliano says personal users should be concerned and take precautions.
“When you have criminal hackers going after public-facing, consumer-oriented companies, the end game is to hack the public,” he said.
Copyright 2013 ABC News Radio