Attackers Breached Foxconn, Dumped Data For Fun

By Fahmida Y. Rashid  |  Posted 2012-02-08

A group of hackers appear to have breached and extracted information from Foxconn's network. Foxconn Electronics has not confirmed the breach.

Attackers breached Foxconn Electronics, a Shenzen, China-based company responsible for manufacturing Apple's iPhone, and extracted data from the servers, according to a Feb. 8 post on text-sharing site Pastebin. @SwaggSec claimed responsibility for the breach on its Twitter account.

The Pastebin post also included a link to the torrent file containing the leaked data. The torrent has yet to be analyzed, but it appears to contain user names and passwords. SwaggSec gave "consent" to others to "scavenge" through the torrent file to find user names and passwords that may work on other sites.

"The passwords inside these files could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel and Dell," SwaggSec wrote in the post. These companies are known Foxconn customers.

Foxconn had an "appropriate firewall" but SwaggSec was able to bypass it "almost flawlessly." The post mentions the breach occurred over several days and the group used several different techniques. SwaggSec's Twitter feed has a post from Jan. 26 claiming one of their victims was running an outdated and unpatched version of the Internet Explorer Web browser. It is not clear whether there were other victims, but it is likely the post refers to Foxconn.

While SwaggSec enjoys "exposing governments and corporations," it appears the group attacked Foxconn just for fun. The "statement" on Pastebin references reports of inhuman conditions suffered by Foxconn workers and the recent rumor of an iPhone 5 launch. The group was "considerably disappointed" about the working conditions, but SwaggSec is not "hacking a corporation for such a reason," the statement said. "We are slightly interested in the existence of an iPhone 5, we are not hacking for this reason," the group added.

"The more prominent reason is the hilarity that ensues when compromising and destroying an infrastructure," according to the statement.

Even hacktivists with good intentions have a small part that enjoys feeling the "menacing satisfaction" that comes from a successful attack, the group claimed.

"But to us and many others, the destruction of an infrastructure, the act of destruction that does not affect an individual, brings a sense of newfound content, a unique feeling, along with a new chance to start your own venture," SwaggSec wrote on the post.

The sentiment is very similar to the statements made by LulzSec, a group of six hackers that wreaked havoc through cyber-space for a little over two months last year. The group insisted its activities were carried out for fun, to "entertain" and supposedly was not financially motivated.

LulzSec disbanded in June. Some of the members, including Topiary, Kayla and T-flow have been arrested. Others who have not yet been caught are believed to be still active under the Anonymous banner.

SwaggSec's icon, a sketch of a person wearing a top hat, is drawn in a style similar to LulzSec.

Rocket Fuel