Sunday, 6 February 2011

Tens of thousands of hacked iTunes accounts are now for sale

    Hacked iTunes accounts are available for sale across China at prices starting as low as a few dollars. These hacked account details, include credit card details, were being made available for sale via China's largest retail website, Taobao. An original report in the Global Times claimed around 50.000 hacked accounts were being peddled on Taobao at prices ranging from one to 200 yuan. Thousands of accounts have been sold over the past several months, it said. AFP has confirmed the claims.
    The retailer claimed it takes all reasonable and necessary steps to protect consumers. Hacked iTunes accounts are sold with the admonition to use them for just 24-hours.

    “At this time, we have not received any information from Apple or any other principal related to the iTunes accounts indicating that these products either violate our listing rules or infringe on the IP of others,” the company said, as reported by AFP.

    Well we're probably going to see a lot more Vietnamese books being sold/bought in record numbers but the question at hand is, what really makes iTunes such a good target; what happened to Amazon, Paypal, Ebay?
  1. Safari and Mac are easy to hack - under 10 seconds!
  2. Mac users are unaware of Malware - thanks to Apple's own advertising
  3. Safari is a fat hog that spies on you - you can't be sure that anything you ever type into Safari will stay secure
  4. iPhone apps that steal email and password are already quite common
  5. iTunes that gives away your personal info for free 
  6. iTunes policy - even if no one spends more than 5$/month, spending 1000$ at once will cause no alert
  7. Apple that is always reluctant to cooperate with your bank when frauds are reported

How does the hacking go from here on?
  • If they got your email from an app, most likely brute force will be used (a program/script that tries random combinations on your account - can take from a few hours to week but it can be run in background so it will only disturb you to alert you when the job is done.
  • If you were detected as using Safari on a Malware website, be sure that if you're not infected instantly, they will hack you via your logged IP and either get all your details from Safari or use your own Mac to do the fraud.

   You could say that the culprit here are the careless users (and you will if you're a fanboy), but let's face it, no one uses the same password for e-banking and for pr0n sites. The real culprit here, is the Mac OS X platform itself.
   OS X is has nothing to do with previous versions of Mac OS. When Motorola failed as a CPU manufacturer, Apple hand no choice but switching to an X86 Platform. What they did was buying An ancient OS from the 90's that had mainly and industrial and accountability role and turn it into OS X. 
   NeXTstep had the advantage of being a multiplatform OS (could run both on Motorola and X86 CPUs) and allowed apple to quickly port the modest amount of Mac software that was available.

    As it seems bringing an OS from the 90's, that was either not consumer intended or a great failure, to the web 2.0 age with a redesigned UI doesn't provide much security, but instead does provide an explanation of why everything OS X based (Macs, Servers, iTunes, AppStore, iPhones) is so easy to hack. However most Apple devs deny

Via: Global Times, BBC, MacWorld