Impact of EA Games hack on Apple shows ripple effect of attacks

EA Games server hacked to redirect users to phishing page requesting Apple ID and password

The recent hacking of an EA Games server demonstrates how the compromised system of one company can be used to bypass the strong security of another, in this case Apple.

[Fake Tor app has been sitting in Apple's App Store for months, Tor Project says]

The attackers who compromised the EA server set up a phishing site that targeted Apple accountholders. PCs calling the servers were redirected to a sign-in page that tried to trick the computers' users into providing their Apple ID and password.

If given, the victims were shown a second form asking for their full name, credit card number, expiration date, verification code, date of birth, phone number and mother's maiden, all useful information for fraudsters. After submitting the details, victims were redirected to the legitimate Apple sign-in page.

The phishing site, reported Wednesday by Netcraft, was taken down the same day by EA.

"We have found it, we have isolated it, and we are making sure such attempts are no longer possible," the company said in a statement emailed to the media. "Privacy and security are of the utmost importance to us."

Such site compromises are not unusual, but what was interesting about this attack was how the hackers used EA to try to steal credit card information and personal data from Apple customers.

"It is an interesting systemic risk challenge as organizations that may have weaknesses that are exploited in their systems can have downstream impact on other organizations that may have strong security," Stephen Boyer, co-founder and chief technology officer for BitSight Technologies, said. "That's one of the big takeaways from this incident."

The compromised server was used by two websites in the domain, Netcraft reported. The server is used to host a calendar based on WebCalendar 1.2.0.

Released in September 2008, that particular WebCalendar version has several security vulnerabilities, which had been addressed in subsequent releases, Netcraft said.

"It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application," the company said.

Companies that run old versions of Web-facing software greatly increase the chances of a security breach, experts say. Hackers actively look for old software as a possible entry point into a corporate network.

EA Games has also been the target of phishing attacks. Netcraft reported finding a site set up to look like it was from EA's Origin game site. The bogus site, which had been online more than a week, tried to steal email addresses, passwords and security questions from EA customers.

Earlier this year, an apparent denial of service attack against EA's Origin servers caused connectivity and login problems, according to Netcraft.

In 2013, BitSight found multiple incidents in which EA servers hosting the company's websites had been compromised and were being used to download malware and participate in denial of service attacks, according to Boyer. He declined to say how many times EA servers were compromised through out the year, but said the systems were eventually cleaned.

[Enterprises advised to exercise care in using Apple products]

EA was not alone in battling attacks last year. A BitSight study released in February found that between 68 percent and 82 percent of Standard & Poor's 500 companies had an "externally observable security event" at any given time in the year.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecuritydata breachEA Games

More about AppleApple.EA GamesNetcraftOrigin

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts