Impact of EA Games hack on Apple shows ripple effect of attacks

The recent hacking of an EA Games server demonstrates how the compromised system of one company can be used to bypass the strong security of another, in this case Apple.

[Fake Tor app has been sitting in Apple’s App Store for months, Tor Project says]

The attackers who compromised the EA server set up a phishing site that targeted Apple accountholders. PCs calling the servers were redirected to a sign-in page that tried to trick the computers’ users into providing their Apple ID and password.

If given, the victims were shown a second form asking for their full name, credit card number, expiration date, verification code, date of birth, phone number and mother’s maiden, all useful information for fraudsters. After submitting the details, victims were redirected to the legitimate Apple sign-in page.

The phishing site, reported Wednesday by Netcraft, was taken down the same day by EA.

“We have found it, we have isolated it, and we are making sure such attempts are no longer possible,” the company said in a statement emailed to the media. “Privacy and security are of the utmost importance to us.”

Such site compromises are not unusual, but what was interesting about this attack was how the hackers used EA to try to steal credit card information and personal data from Apple customers.

“It is an interesting systemic risk challenge as organizations that may have weaknesses that are exploited in their systems can have downstream impact on other organizations that may have strong security,” Stephen Boyer, co-founder and chief technology officer for BitSight Technologies, said. “That’s one of the big takeaways from this incident.”

The compromised server was used by two websites in the EA.com domain, Netcraft reported. The server is used to host a calendar based on WebCalendar 1.2.0.

Released in September 2008, that particular WebCalendar version has several security vulnerabilities, which had been addressed in subsequent releases, Netcraft said.

“It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application,” the company said.

Companies that run old versions of Web-facing software greatly increase the chances of a security breach, experts say. Hackers actively look for old software as a possible entry point into a corporate network.

EA Games has also been the target of phishing attacks. Netcraft reported finding a site set up to look like it was from EA’s Origin game site. The bogus site, which had been online more than a week, tried to steal email addresses, passwords and security questions from EA customers.

Earlier this year, an apparent denial of service attack against EA’s Origin servers caused connectivity and login problems, according to Netcraft.

In 2013, BitSight found multiple incidents in which EA servers hosting the company’s websites had been compromised and were being used to download malware and participate in denial of service attacks, according to Boyer. He declined to say how many times EA servers were compromised through out the year, but said the systems were eventually cleaned.

[Enterprises advised to exercise care in using Apple products]

EA was not alone in battling attacks last year. A BitSight study released in February found that between 68 percent and 82 percent of Standard & Poor’s 500 companies had an “externally observable security event” at any given time in the year.