How Apple Used An Irish Ghost Company To Avoid Paying Taxes On $78 Billion

from cultofmac.com

As part of expert testimony at today’s Senate Sub-Committee Hearing to Examine Offshore Profit Shifting and Tax Avoidance by Apple Inc., Professor J. Richard Harvey has made a compelling case that the tax system Apple is taking advantage of needs to have its loopholes closed.
Harvey — a distinguished Professor of Practice at Villanova University’s School of Law — says that while what Apple has done is acceptable under current International tax law, it still widely uses tax tricks and gimmicks to avoid paying what it fully owes.

“What Apple has done is acceptable under current International tax laws,” said Harvey. “In some extent, Apple is not as aggressive as others, but at the end of the day, Apple funnelled 64% of its earnings into Ireland… and paid very little tax on it.”
Referring to Apple’s statement yesterday, Harvey said that when he read Apple say they “do not use tax gimmicks,” he fell off his chair.
“Apple funnelled $78 billion over four years into an Irish subsidiary with zero employees. If that’s not a tax gimmick, I don’t know what you should call it.”
How Apple was able to do this, Harvey says, is due to the U.S.’s adoption of arms-length pricing, which allows companies to shift income into other countries if that income is derived from a joint effort and joint intellectual property. “It’s true for companies making a cure for cancer, or an iPhone or iPad.” In Apple’s case, they shifted their intellectual property and income derived from it to non-existent entities overseas.
So Apple entered a cost sharing agreement with its own Irish subsidiary, and paid less than 0.05% on taxes in over $78 billion in income.
“Is it right that Apple can transfer this to an affiliate with no employees and very little presence?”
Harvey suggests that Apple cut a deal off-the-books with the Irish government to pay essentially no tax in four years.

“Apple has roughly 60% of global sales outside of the U.S., but Apple only allocates 6% of profits to rest of the world. The way they accomplish this is by paying very small sales commisions in other countries to reduce their tax burden. It’s not illegal, but it’s a gimmick.”
Harvey says that the real question is what to do about all of this. Apple is doing nothing illegal, he says, but what’s legal here is an issue. “Something needs to be done when so much income can be allocated to an entity with no substance.”
Harvey’s recommendation was that Congress should demand greater transparency and higher reporting standards on U.S. multinationals about where and how much they pay taxes overseas. “It needs to be administerable.”

New Mac Malware Breezes Past Gatekeeper Because It’s Signed By An Apple Developer ID

from cultofmac.com
A new Mac malware has been found in the wild that allowed attackers to steal data and install unauthorized apps on a compromised machine. What makes this malware different than other recent Mac malware, though, is that it breezes right past Gatekeeper… and the people behind it might have been gunning for the life of their malware victim.
Known security researcher and privacy activist Jacob Applebaum discovered the malware — which is being called OSX/KitM.A by Finnish antivirus firm F-Secure — on the laptop of a human rights activist at the Oslo Freedom Forum earlier this week.
KitM.A got on the machine as a result of a spear phishing attack, which is a phishing attack in which specific individuals (instead of a wider range of victims) are targeted. The malware takes screenshots of what is happening on the Mac amd sends them to servers in the Netherlands. It can also download and install other malware, executing commands on behalf of attackers and manipulating the network activity monitor so that its presence remains undetected.
What’s so interesting about this specific malware is that it was signed by a valid Apple Developer ID. This means that it just blew past Gatekeeper, OS X Mountain Lion’s anti-malware firewall that is supposed to keep out just this sort of program. But it also means that Apple can just revoke the app’s certificate, killing it instantly on all computers with Gatekeeper turned on. And hopefully, it means that the attackers behind this particularly insidious form of malware can be tracked down and prosecuted, because they’ve left a signature: their own Apple Developer ID.
Applebaum said that he may publish more details on the attack once he ascertains the threat to the victim’s life. Someone was gunning for him, after all, and given what’s going on in Angola these days, that’s a sensible precaution.

New Mac Malware Takes Screenshots And Uploads Them Without Permission

from cultofmac.com
A new piece of Mac malware has been discovered. The virus installs itself as “macs.app” and silently takes screenshots to then upload to shady servers. It doesn’t appear to be very widespread at the moment.
The malware was uncovered on an African activist’s Mac at the Oslo Freedom Forum, an annual event dedicated to “exploring how best to challenge authoritarianism and promote free and open societies.”
Once installed, macs.app runs in the background and repeatedly takes screenshots. Each image is then stored in an unsuspecting folder in the user’s home directory. From there, the screenshots are uploaded to “securitytable.org” and “docsforum.inf,” which are both unavailable domains.
Unlike most Mac malware, a valid Apple Developer ID is associated with macs.app to get it past Gatekeeper, Apple’s security system in OS X Mountain Lion. The ID is assigned to Rajender Kumar. Apple has the ability to revoke the ID’s privileges, and then this malware would assumedly be dead in the water.
A malicious tool that only takes screenshots to upload is pretty unique, so this is likely not part of a larger attack.

Hackers To Manage Your Apple ID, If Caught From Phishing Bait

from blog.trendmicro.com
Phishers appear to have concentrated their fire on a relatively new target: Apple IDs. In recent days, we’ve seen a spike in phishing sites that try to steal Apple IDs.
Upon looking at the URLS, we noted that there was a consistent pattern to the URLs of these phishing sites. They are under a folder named ~flight. Interestingly, trying to access the folder itself will load the following page:



Technically, the sites were only compromised, but not hacked (as the original content was not modified). It’s possible, however, that the sites may be hacked or defaced if the site stays compromised.

As mentioned earlier, the directory contains pages that spoof the Apple ID login page fairly closely:



We’ve identified a total of 110 compromised sites, all of hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area. Almost all of these sites have not been cleaned.



The graph above shows the increase in phishing sites targeting Apple IDs. We’ve seen attacks targeting not only American users, but also British and French users. Some versions of this attack ask not only for the user’s Apple ID login credentials, but also their billing address and other personal and credit card information. It will eventually result in a page that states that access has been restored, but of course the information has been stolen. One can see in the sample page below how it asks for credit card information:



Users may be redirected to these phishing sites via spam messages that state that the user’s account will expire unless their information is subject to an “audit”, which not only gets users to click on the link, it puts them in a mindset willing to give up information.



One way to identify these phishing sites, is that the fake sites do not display any indications that you are at a secure site (like the padlock and “Apple Inc. [US]” part of the toolbar), which you can see in this screenshot of the legitimate site:



The screenshot above is from Chrome, but Internet Explorer and Firefox both have similar ways to indicate secure sites.

For the phishing messages themselves, legitimate messages should generally have matching domains all around – where they were sent from, where any links go to, etcetera. Mere appearance of the email isn’t enough to judge, as very legitimate-looking emails have been used maliciously. We also encourage users to enable the two-factor authentication that Apple ID recently introduced, for added protection.

In case you’re using mobile devices to manage your Apple ID or other parts of your online activities, you may read our ebook about avoiding bad mobile URLs to help protect yourself. We have blocked all sites and messages related to these attacks.

Mac malware found in malformed Word documents

from nakedsecurity.sophos.com

Our friends at F-Secure have blogged today about a boobytrapped Word document, that appears to be designed to infect computer systems running Mac OS X.

The malicious Word file, examined by the experts in SophosLabs, claims to be about the "6th International Uyghur Women's Seminar & 1st World Uyghur Women's Congress", run by the International Uyghur Human Rights & Democracy Foundation.



Vulnerabilities, exploited in malformed Word documents, install malicious code onto the recipients' computer and a legitimate-seeming Word file with content relevant to the victim is displayed as a smoke screen.

It's clear that the attack is targeted against Uyghur Mac users, and we have seen similar attacks in the past.

Sophos products detect the malware as OSX/Agent-AADL and Troj/DocOSXDr-B.

The obvious question people are likely to ask is... are China to blame for this attack? After all, we have seen several attacks in the past which have targeted minority groups in the country.

There's no 100% proof connecting this attack with the-powers-that-be in Beijing, but you would be a brave man to bet against it.

All Mac users need to keep in mind that its important that all computers, regardless of operating system, are properly secured - and to be on their guard against attacks.

Whether it's likely that you aren't in China's good books or not, there are more and more cybercriminals investigating how they might infect the many Mac computers out there.

It is true that there is much less malware for OS X than there is for Windows, but that's not going to make you feel any better if you end up targeted in an attack like this.

Mac users, just like Windows users, need to ensure that they install the latest security patches and keep their software properly up-to-date.

If you're not already doing so, run anti-virus software on your Macs. If you're a home user, there really is no excuse at all as we offer a free anti-virus for Mac consumers.

iPhone more vulnerable than Android, BB, and WP combined

from phonearena.com

Security is always a hot topic with mobile platforms, but most of the time the focus is on Android and the malware issues that exist for the platform if you don't use the Google Play Store. But, a new study shows that maybe we should pay more attention to the iPhone's security issues, because the study claims that the iPhone has more security vulnerabilities than Android, BlackBerry, and Windows Phone combined.

The study was conducted by SourceFire, which analyzed vulnerabilities from the Common Vulnerabilities and Exposures (CVE) data and National Vulnerability Database (NVD) over the past 25 years. Yves Younan, senior research engineer at SourceFire's Vulnerabilities Research Team and author of the report, said that the results were "surprising", especially since despite Apple constantly releasing security fixes with each update, CVE continue to grow year over year.

According to the study, the iPhone has 210 vulnerabilities, which adds up to 81% of mobile phone platform vulnerabilities in the four platforms studied. Android has just 24 known vulnerabilities, Windows has 14, and BlackBerry has 11, which combined rounds out the remaining 19%. The study didn't extend to fringe systems like Symbian, bada, and the rest. To be fair, these numbers are a cumulative total since 2007, but even removing 2007 from the mix, iPhone still has 205 vulnerabilities to Android's 24.

Younan's theory to explain the results is that cybercriminals can't get at users through the iTunes App Store, and have to work harder to find iPhone vulnerabilities, so more are found. Whereas, because Android is an open platform, that makes it easier for criminals to attack the platform.

Of course, he doesn't mention that only 0.5% of malware comes through the Google Play Store, so criminals still have to find ways to get Android users to sideload infected apps. It is still very possible that Android simply has fewer vulnerabilities because it is open-source (which tends to be more secure), and the only real serious vulnerability with Android is that users are allowed to screw things up if they aren't careful.

New Apple Security Exploit Lets Someone Reset Your Password

from mashable.com

"That was easy..."

UPDATE: Apple's password-reset system currently appears to be down.

An Apple account exploit allows anyone with your email address and date of birth to reset your Apple ID and iCloud account password.


First reported by The Verge, the exploit uses Apple’s own tools to break into accounts, using a modified URL and entering someone’s date of birth of Apple’s iForgot page. Directions on how to take advantage of the vulnerability were published in a step-by-step tutorial.

On Thursday, Apple launched two-step verification for Apple ID and iCloud account passwords. When set up, two-step verification would prevent someone from using the vulnerability to access accounts.

Much like the two-step verification process for other services, Apple's two-step-verification verifies your identity when your account is accessed from a new device.

Verification is done using another one of your devices, such as your iPhone. For instance, if you buy a new computer and sign into iCloud on it, Apple will send a numerical code to your iPhone via text message. You take the numerical code sent to your phone, and enter it into your computer to verify you are in fact who you say you are.

You can, and should, set up two-step verification on your Apple accounts now.