Foxconn Hacked, Personal Info Leaked
Internal data of Foxconn was hacked and leaked online in light of recent reports of the company's poor working conditions.
The Chinese plant, responsible for assembling 40 percent of all consumer electronic devices, including Apple's iPhone, had personal data stolen and uploaded online by a group called Security Swagg.
More specifically, the data dump contains ID information and IP addresses of Foxconn's global sales managers, and e-mail lists and customer purchases from partners around the globe. Along with Apple, Intel, Microsoft and IBM also uses the Chinese factory for its electronic assembly.
While the group has taken responsibility for the theft, it said the motivation for the action was not entirely based on news reports (including this January New York Times article) of employee dissatisfaction. "Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an iPhone 5, we are not hacking for this reason," said Security Swagg, in an online message
According to 9To5Mac, which was the first outlet to report on the hack, Security Swagg was able to gain access to the company's network using an unpatched vulnerability in Internet Explorer.
The hacker group also provided more details on how the attack was executed: "Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly. Of course with funding ourselves we did have our limitations. But with several hacking techniques employed, and a couple of days in time, we were able to dump most of everything of significance."
Security Swagg, which appears to be relatively new to the hacker scene, has many similarities to the group LulzSec, in that its main motivation for hacking is not for political or social reasons (like Anonymous), but purely to cause chaos for its own entertainment.
"We believe there is no reality in hacktivism, even with good intentions. We know those who claim to be 'hacktivists' that inside of you, a suppressed part of you, enjoys playing a part in the anarchist event of hacking of an infrastructure," the group wrote.
Responding to questions on the attack, Foxconn told Computerworld that the company "does not comment on matters of internal network security."