back to article Hackers claim to have penetrated Foxconn backdoor

It had to happen eventually. Controversial hardware manufacturer Foxconn was reportedly hacked late on Wednesday and a heap of staff email log-ins and intranet credentials posted online which could allow third parties to lodge fraudulent orders. In a lengthy message posted to Pastebin, hacking group Swagg Security claimed the …


This topic is closed for new posts.
  1. Zog The Undeniable


    I think it's outrageous, the way these workers are treated like slaves just to make shiny stuff for decadent Westerners.

    Sent from my iPhone

  2. Anonymous Coward
    Anonymous Coward

    "is the hilarity that ensues when compromising and destroying an infrastructure. How unethical right?" -- Quite. A bit like a Prison Guard watching a fresh script kiddie getting his first gang raping in prison.

    1. dogged

      "script kiddie"

      I'm not aware of any free or purchased scripts which can compromise a firewall-based system such as Foxcon's without major penetration testing and refinement (usually noticeable) or being run internally.

      I know it makes shit-tier sysadmins (such as many Reg ACs) feel cool to think they're somehow skilled beyond the people who make them look like idiots so perhaps this unwarranted name-calling is related?

      1. Gerhard Mack


        I love how you say firewall-based as if that, instantaneously makes the site more secure. It doesn't, they still need to open ports to the outside world and you can distribute the penetration test across a bot net to avoid detection.

        There are several worms and general attack tools that try multiple attack vectors such as common php/iis/asp programming errors and password guessing on any open port (ssh, ftp, smtp-sasl,pop3) that takes a password. My server logs are stuffed full with the resulting warnings even though each host can only try 4 times before being blocked.

        1. dogged


          Agreed completely, and that's kind of the point. Any competent admin will do their best to lack that shit down as far as is possible given the company's requirements.

          In suggesting that those who cracked Foxcon simply bought or downloaded a script, our AC above is actually mocking their network, not the crackers. And the thing is, if Foxcon were THAT easy to crack, somebody (likely some environmental group or ethical labour campaigners) would have done it long ago.

          A firewall is like any other wall. If it stays up for a long period of time without any unauthorized individuals getting through, you've done it well. If you've done it well, getting past it is not trivial (from the outside).

  3. John G Imrie


    However, according to their Twitter feed the hackers gained access to Foxconn’s systems via an “outdated vulnerability” in a version of Internet Explorer which was being used internally by the company.

    So they are using IE6 and Active X in the management suite then?

    Unfortunately the Active X bit is likely to be true, as historically, this was the preferred login mechanism for East Asian banks.

    1. Giles Jones Gold badge

      IE6 is widely used in China as many people run dodgy copies of XP and Microsoft lock them out of later versions with WGA.

      1. Anonymous Coward
        Anonymous Coward


        ...we all know how secure Microsoft's products are!

        1. dogged

          oh ffs

          Honestly. Somebody's running a 10 year old system and that's Microsoft's fault now.

          Some people should not be allowed keyboards, ever.

  4. ForthIsNotDead
    Thumb Down

    Shame on paste bin...

    I'm surprised that paste bin would accept logs of usernames and passwords when the only motivation for the attack was just for kicks. No political motive, no ethical motive, no moral motive. They hacked them "cos we can".

    That's not what paste bin is for, is it?

    1. Anonymous Coward
      Anonymous Coward


      Well except for porn sites logins, but still there may be a moral objective in that. Just depends on your moral values.

    2. Gerhard Mack


      I take it you have no idea what pastbin is. Pastbin is for quickly passing around large amounts of text for cases such as support requests and if they took the time to accept or deny things then it would be useless for the task it was designed for.

      Given their history you can bet they will take down the logs as soon as they find out about them but complaining they didn't block them in the first place is just unreasonable.

  5. Mondo the Magnificent
    Paris Hilton


    .they'll do the "ethical thing" and manipulate the HR/Payroll system therefore enabling Foxconn's "slave labour force" to earn a decent wage..

    Paris: Because there's no such thing as too much disposable income

    1. Anonymous Coward
      Anonymous Coward

      Or better yet, fire them all!

      Free the slaves!

  6. Destroy All Monsters Silver badge

    Wild speculation? We have it!

    "So my best guess at this stage would be that the attackers managed to upload something malicious on the [] server and somehow used that to gain access."

    They could also have used Psy powers.

  7. Muckminded

    I Still Marvel

    That one application can so frequently and kindly serve as entry point to entire corporations.

    Where do I want to go today? A dark satanic mill, please.

  8. Anonymous Coward
    Anonymous Coward


    Doesn't look like anything very interesting

    1. Destroy All Monsters Silver badge

      Get a load of this then

  9. g e

    Lots of emails?

    Including ones where Apple acknowledge they know all about conditions at FC and cynically discuss how best to look like they're doing something while keeping costs down and production up?

    Someone somewhere must be feeling a bit nervous, I'm sure.

  10. IT Hack

    Iron ring of firewalls good; security in depth not so good.

    if yer a bean counter.

    Beer - to remind me of lunchtime.

  11. schubb


    Wow...that is giving some pretty big leeway. Hacktivists promote righting a wrong, fighting the good fight, not "the hilarity that ensues when..."

  12. Inselaf


    Is it still to late to sign the Petition? Also is it available online.

    Could someone enlighten me, please?

    Many thanks.

This topic is closed for new posts.

Other stories you might like