By Dan Ilett, 3 May 2006 11:50
NEWS
Apple's Korean online store has been defaced by a hacker.
The attack, carried out by someone working under the name 'Dinam', who claimed in his post to be Turkish, was brought to the attention of silicon.com last Thursday.
The defacement was removed from Apple's website shortly after silicon.com alerted the company.
Apple has subsequently refused to comment on the matter.
Jason Hart, CEO of security company Whitehat UK, told silicon.com: "The defacer has managed to get administrator access to the web server."
Although Hart suspected the hacker was after little more than "self-gratification" through vandalising the site, he said Apple should communicate what happened to its customers to end speculation.
Hart said: "The worst thing Apple can do is not tell customers what has happened. It's like all the big companies though - they're constantly having to defend themselves as they're being probed all the time."
The defacement - which took the form of a dozen lines of code posted to the apple.co.kr homepage - was documented on hackers' forum zone-h.org, which said Dinam attacked a Mac OSX server running Apache.
Richard Starnes, president of the Information Systems Security Association UK, said: "Defacements are not that big a deal provided the customer data has not been disclosed or they have suffered an economic impact.
"Defacements just tend to be embarrassing. But we know Apple is a good company and takes defacements seriously."
Comments
There are 6 comments. Join the discussion
1. Martin Lukes
Defacement IS 'that big a deal." It is criminal damage. It it NOT just a bit of fun, a harmless prank, a schoolboy misdemeanour. It is damage to someone else's property done by someone who is now costing the site owner money.
I'd guess Apple probably have enough money to fix this,some of it being mine, but that isn't the issue. Hacking is a criminal offence. The sooner we start jailing people for it instead of smiling indulgently and wondering at how clever the young folk are these days, the sooner everyone else can get back to work.
Hacking isn't smart, big or clever. Let's prove it.
2. anonymous too
If Apple can't come clean about a simple defacement, it begs the question what else are they keeping quiet about?
Apple, grow up: "we got defaced, we fix the flaw in Apache, no personal information was lost...... move along, nothing to see". Was that so difficult?
3. anonymous
So if you are a hacker, seeking to add the holy grail of attacks to your resume, why would attack an obscure site like the Korean AppleStore, rather then the US AppleStore? Clearly it is because you found an opportunity on the Korean servers that didn't exist on any of Apple's other servers. This clearly suggests a management problem, not an inherent security risk. If there was a real security hole to be found, why not hack the U.S. site where many more people would see your work?
4. anonymous
So if you are a hacker, seeking to add the holy grail of attacks to your resume, why would attack an obscure site like the Korean AppleStore, rather then the US AppleStore? Clearly it is because you found an opportunity on the Korean servers that didn't exist on any of Apple's other servers. This suggests a management problem, not an inherent security risk. If there was a real security hole to be found, why not hack the U.S. site where many more people would see your work?
5. anonymous ..
Hello ...
i think thats Apple Should have More Security For Them Server's , Such as Any big Company , There is no need To hack any of U.S Apple Server !
it's Just Owned And They have to Fix This physical Hack like any of Big Company's Server "Got" owned ..
So i think the Important port in this Defaced to let them growup with Security Update Daley .
Best Regard's.
6. Moe
Maybe because personal information did leak out is why they are not saying anything?
[Ed note: There's nothing to suggest personal information was disclosed.]