The Innocent-Looking Site That Helped Hack Apple And Facebook

AllThingsD reports that at least some of the major cyber attacks reported in the last week, including those that affected employees' computers at Apple and Facebook, may have originated at a site called iPhone Dev SDK. As D (and other sites) note in their stories, you shouldn't visit this site for obvious reasons — at the time of writing, it's down anyway.

But here's what a recent archive of the site looks like opened from within a secure Linux virtual machine:

Not so threatening-looking, right?

The site, which has been active for at least four years as an enthusiast forum, was likely hijacked: either exploited at a basic level to take over certain users' browsers, or hacked in a more human way. (The site is a resource for developers, on which users often ask each other to test early versions of software. It's easy to imagine spreading malicious software this way, or initiating a phishing attack.)

Facebook's own report on the attack last week pointed to a browser-based exploit, however, which implies that the malware was delivered through the site's code, not through software uploaded to its forums. In other words, the site's operators may not have known about it.

An administrator for the site has not responded to a request for comment.

Visit the source: http://www.buzzfeed.com/jwherrman/the-innocent-looking-site-that-helped-hack-apple-and-faceboo
Article author: jwherrman