WASHINGTON, February 20, 2013 — Apple admitted Tuesday that its Macintosh computers had been the targets of the same hackers who’d hit Facebook only last week.
In a company statement, Apple said that the company “…has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
In an apparently unrelated hack attack, Jeep’s Twitter account was also vandalized, with unofficial Tweets from that account sending out hoax news announcements that Jeep was going to be sold to Cadillac–absurd on the surface as neither brand is an independent company. Cadillac quickly and vehemently denied any association with the Jeep Twitter hack.
A variety of online sites later claim to have isolated the Jeep hack attack to a single hacker known as iThug–allegedly a “DJ from New England” according to Gizmodo—who was purportedly taking responsibility for the attack, as evidenced by the existence of an iThug hashtag included in some of the fake @Jeep tweets. Gizmodo claims that iThug’s “Twitter account (@guhti_) has been suspended, also observing that Twitter could easily stop all this hacking by adding two-factor authentication. But that hasn’t happened yet.
A similar attack on Burger King’s site had transpired Monday and may have also originated from the same source.
Complicating matters with regard to the Burger King and Jeep attacks, the Chicago Tribune site reported that later, “in what appears to have been a marketing stunt, the @MTV and @BET Twitter accounts featured page headers claiming that those accounts had been hacked, though none of the tweets resembled those of the @Jeep and @BurgerKing attacks. After the accounts’ pages were quickly restored to normal, @MTV tweeted, “We totally Catfish-ed you guys. Thanks for playing!”
“Catfish,” the Trib report helpfully explained, “is an MTV show in which participants learn whether their online romances are with real people or with fake online personas. MTV and BET are owned by Viacom.” How about that for corporate responsibility?
With regard to the more serious Apple hack—which, while dangerous, was apparently not widespread—Apple has already determined that the malware that infected a “limited number of Mac systems” entered these systems through a vulnerability in the Apple compliant Java plug-in for Mac (and presumably iPhone and iPad) browsers. Apple noted in an additional statement that it would shortly release a Java malware removal tool that would ferret out and remove any existing malicious code if found.
A few months ago, concerned about Java vulnerabilities, Apple removed the once included Java applet and associated code in successive updates to its currently supported OS X Unix-based operating system due to Java’s increasingly apparent vulnerabilities. Since then, Macintosh users who desire or need Java—now an Oracle product due to that company’s acquisition of Java originator Sun—have had to download updated versions of the plugin and associated software from an Oracle website.
Oracle has reacted swiftly to the recent Mac attack, making a new and presumably patched version of its Java Mac plugin available for download this morning. (You may access info and the current patch version here.)
UPDATE: According to InformationWeek Security, “In other Java security news, Apple Tuesday released an update that patches 30 Java flaws in the version of Java 6 that Apple maintains for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and later, OS X Lion Server v10.7 and later, and OS X Mountain Lion 10.8 and later.”
Where are all these cyber war/hack attacks coming from? According to Reuters, “computer security firm Mandiant said that attacks on more than 100 U.S. companies in the past few years were the work of a unit within the Chinese military.
“‘It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,’ the report said.
“Chinese officials denied the report, but the country was already believed to be the epicenter of much of the cyber espionage in the world, with Google Chairman Eric Schmidt even calling the country the ‘most sophisticated and prolific’ cyberthief threatening foreign companies in a new book.”
The intense activities of military or government hackers based in China are not exactly news. The U.S. government has long singled out China as a primary source of hacking and cyber war activities aimed at both the government and private industry, one aim of which, at least, is the theft of key U.S. technologies. It’s only in recent years, however, that this kind of industrial espionage has become more blatant.
Apple’s (AAPL) stock wasn’t appreciably damaged when the Mac hacking incident went public, with its stock Apple stock dropped 17 cents yesterday, closing at $459.99 at the end of yesterday’s regular trading. The stock is down again this morning, a drop attributed to rumors that it’s cutting back on iPhone 5 production, resulting in a rumored hiring freeze at Chinese contractor Foxconn which manufactures the phone. Problem is, Apple could also be preparing to ramp up to produce a rev of the iPhone 5 a bit later this year, which could also be a reason to whittle down potential inventory of the current phone.
More on Office Depot (hearts) OfficeMax:
Both companies made it official this morning: they’re headed down the aisle together after they crunch all the paperwork and make sure the Feds are happy. Add to this action the recent Buffett-induced Heinz takeover, and we may have more stocks moving on rumor in the weeks and months ahead, so stay tuned.
This morning’s market barometer:
The market is meandering this morning, dribbling slightly to the downside on the kind of light trading volume that’s become customary over the last several years. Lower reported housing starts added a negative tone prior to this morning’s opening trade, but starts tend to drop off a bit in winter under any circumstances. So offering this as an excuse for market tone is just a space filler for financial reporters who have to fill column inches. Ditto the usual wait for the latest Fed report, which should be a non-event.
A more likely pair of culprits for this morning’s weakness is the dynamic duo of the onrushing U.S. budget sequester, which is now virtually guaranteed to happen on March 1; and the simple exhaustion of the current rally, dependent as it is on the Fed’s ongoing exercise in QE Infinity. Most of our investment services point to a rally that’s just about run out of near-term steam, so the March 1 sequester, whether it happens or not, may just be the excuse the market need to tack a breather–or a dive.
In any event, we continue with our current tactic of slowly selling off winners with a decent profit while holding or adding to holdings of high-yielding MLPs and REITs while looking to acquire selected utilities like First Energy (FE) and American Water Works (AWK) on weakness.
We’ve also established a very small position in SH (the S&P 500 short ETF) with plans to add to it if and when the market turns sour. SH is actually not a very reliable hedge, as it moves more slowly than it should. But the leveraged S&P short, SDS, is too volatile at the moment and is also unjustified in a market that still maintains an upside bias no matter how precarious.
Stay safe, go for yield, but always be prepared to re-examine your thesis. To twist a line from Yeats, “this is no market for old men.”
Disclaimer: The author of this column maintains several active trading and investment portfolios and owns residential and investment real estate.
Any positions mentioned above describe this author’s own investment decisions and should not be construed as either buy or sell recommendations. The current market is highly treacherous and all investors travel at their own risk, so caution should be exercised at all times.
Illustrations, charts, commentary, and analysis are only the author’s view of current or historical market activity and don’t constitute a recommendation to buy or sell any security or contract. Views, indications, and analysis aren’t necessarily predictive of any future market or government action. Rather they indicate the author’s opinion as to a range of possibilities that may occur going forward.
References to other reporters, analysts, pundits, or commentators are illustrative only and do not necessarily represent an endorsement of such individuals’ points of view. If specific investment vehicles are mentioned in any article under this column heading, the author will always fully disclose any active or contemplated investments in said vehicles.
Follow Terry on Twitter @terryp17