Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident

[code-m]

Yes to the bank analogy. There is no wiggle room, breaking and entering. Whether jail time ensues is up to the legal system, but said person will be charged with a crime.

I don’t know how contradictory it could be downloading 90 gig of data could be. That is what makes this a more serious crime. It doesn’t matter even if he downloaded a folder called “Tim cooks favorite jokes”. It’s not any less of a criminal offense.

Let’s rethink this for a second, replace an individual teen with foreign government agency. Now Apple says nothing was compromised, yet the court says otherwise. The actions for this example foreign government agency says did something wrong, yet Apple says nothing was compromised. If nothing was compromised then why the trial and jail time.

What concerns me is not the age or the individual, what concerns me is that if someone in this situation got in weather their intent as nefarious or not, whose mistake was not covering their tracks that let to them gettting caught, what can be said of a foreign government agency where certain laws are not respected or have any reach.

We can point blame at an individual who is reachable by the law, however this incident does not provide a reassuring feeling that other foreign agencies are getting away with something and not being reported by Apple, if this is their position for an incident that was trialed in a court of law.

I am not sure if my point is being clearly understood. If Apple says nothing wrong done, then why trial this teenager. I\f the court is right then Apple is not being truthful. If Apple is not being truthful then what other agencies have broken into Apple, where the law has no reach. Something does not add up.

 

[boomer11]

Stealing a pen from a bank is a successful bank robbery.

But sure let’s pretend like there’s not this thing called scale, and that it’s totally unimportant.

how is stealing a pen from a bank the same thing? was the bank actively hiding the pen in the vault?

 

[I7guy]

Let’s rethink this for a second, replace an individual teen with foreign government agency. Now Apple says nothing was compromised, yet the court says otherwise. The actions for this example foreign government agency says did something wrong, yet Apple says nothing was compromised. If nothing was compromised then why the trial and jail time.

What concerns me is not the age or the individual, what concerns me is that if someone in this situation got in weather their intent as nefarious or not, whose mistake was not covering their tracks that let to them gettting caught, what can be said of a foreign government agency where certain laws are not respected or have any reach.

We can point blame at an individual who is reachable by the law, however this incident does not provide a reassuring feeling that other foreign agencies are getting away with something and not being reported by Apple, if this is their position for an incident that was trialed in a court of law.

I am not sure if my point is being clearly understood. If Apple says nothing wrong done, then why trial this teenager. I\f the court is right then Apple is not being truthful. If Apple is not being truthful then what other agencies have broken into Apple, where the law has no reach. Something does not add up.

Not sure there is anything to rethink. You are focusing on the content, however Apple is focusing on the action. It’s not the content but the action that makes this criminal. I’m cannot condone turning a criminal into a victim.

The legal system will deal with this as they may. Committing a victimless crime, of which this is an example and then turning the criminal into a victim serves nobody. Maybe the kid should be taught a hard lesson so he has a more productive life.

 

[mi7chy]

He gained access to Apple's mainframe which is the heart of all of customer payment transactions so in-store payment terminals, online web store, app store, Apple Pay, etc.

https://www.theage.com.au/national/...puter-network-court-told-20180816-p4zxwu.html

The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.

 

[code-m]

Not sure there is anything to rethink. You are focusing on the content, however Apple is focusing on the action. It’s not the content but the action that makes this criminal. I’m cannot condone turning a criminal into a victim.

The legal system will deal with this as they may. Committing a victimless crime, of which this is an example and then turning the criminal into a victim serves nobody. Maybe the kid should be taught a hard lesson so he has a more productive life.

Please don’t misunderstand what I am saying, by no means am I saying or implying the individual is a victim. What I am saying is that Apple or the court is being untruthful. If the court is saying that this individual did something wrong and 90GB of data was obtained, then I completely understand the wrongdoing. Apple on the other hand is saying no data was compromised. So either the court is untruthful or Apple, both cannot be truthful.

If Apple is being untruthful, what else are we not being informed of. Does one really believe that foreign governments are not targeting large corporations that hold a lot of data. If an individual who is a teen got in and taken something (contrary to Apple’s claim) then what are more refined and experienced hacker individual or state hackers getting away with. If Apple truly being transparent, if so then the courts are going after something for testing a companies data security system.

I will use this as an example:

We know “jay-walking” is against the law, however many people do it anyhow (not all, many). The authorities can easily charge and trial these “jay-walkers” for breaking the law. However the authorities and courts do not trial these types of law breakers. One is it harming anyone, even though it is against the law, the extent of the damage and three was it intentional. It is easy to say yes to the first and third, however the second the extent of the damage may not be worth the cost to go to court and the amount of people partaking in this form of law breaking.

If you believe for a second that corporations, government agencies, etc security is not being tested on a daily basis then you are wrong. Does that mean the courts should chase and trial all these people for testing companies security. It is the companies responsibility to secure users data, and this situation if we believe the courts then Apple failed. If Apple has not been compromised then the courts are persecuting an individual for being curious.

As mentioned you cannot have it both ways. the important question here is who is telling the truth, either it is the court or Apple. To put things into perspective I have been a victim of financial hacking couple times in a span of six months, of no fault of my own. Does that mean I leave my bank that I have been doing business with for over 20+ years, or was it better for them to acknowledge the breach and offer a third-party service to monitor my account activity for 5 years.

There is room for improvement for Apple here, rather than bury its head in the sand and say nothing happened. Or we have a bigger problem where the courts are wasting tax payers money for trialing invidivuals for no crime committed.

So what is it, do you believe Apple or the Court.

 

[I7guy]

Please don’t misunderstand what I am saying, by no means am I saying or implying the individual is a victim. What I am saying is that Apple or the court is being untruthful. If the court is saying that this individual did something wrong and 90GB of data was obtained, then I completely understand the wrongdoing. Apple on the other hand is saying no data was compromised. So either the court is untruthful or Apple, both cannot be truthful.

It is possible that there are customer files on a corporate server where there are no PII (personally identifiable information). It seems there is a definition of customer files that needs interpretation. Maybe the customer files contained some unique identifying number and the songs downloaded from itunes. We don't know the details, but these are customer files with an internal identifying number, but the files can't be used for any nefarious reason since there is no TIN, address or cc information.

Even so, the action is criminal. And one can't really make a determination if apple is being "untruthful" or not. According to the article kid hacked into corporate server and downloaded files, unless there is something untruthful about that, I can't comment further.

If Apple is being untruthful, what else are we not being informed of. Does one really believe that foreign governments are not targeting large corporations that hold a lot of data. If an individual who is a teen got in and taken something (contrary to Apple’s claim) then what are more refined and experienced hacker individual or state hackers getting away with. If Apple truly being transparent, if so then the courts are going after something for testing a companies data security system.

If you are saying, other entities hacked into apples corporate server as well as this kid and therefore the kid shouldn't be charged, that's just conjecture. Even so, it doesn't make the kids' action, any less criminal.

I will use this as an example:

We know “jay-walking” is against the law, however many people do it anyhow (not all, many). The authorities can easily charge and trial these “jay-walkers” for breaking the law. However the authorities and courts do not trial these types of law breakers. One is it harming anyone, even though it is against the law, the extent of the damage and three was it intentional. It is easy to say yes to the first and third, however the second the extent of the damage may not be worth the cost to go to court and the amount of people partaking in this form of law breaking.

If you believe for a second that corporations, government agencies, etc security is not being tested on a daily basis then you are wrong. Does that mean the courts should chase and trial all these people for testing companies security. It is the companies responsibility to secure users data, and this situation if we believe the courts then Apple failed. If Apple has not been compromised then the courts are persecuting an individual for being curious.

As mentioned you cannot have it both ways. the important question here is who is telling the truth, either it is the court or Apple. To put things into perspective I have been a victim of financial hacking couple times in a span of six months, of no fault of my own. Does that mean I leave my bank that I have been doing business with for over 20+ years, or was it better for them to acknowledge the breach and offer a third-party service to monitor my account activity for 5 years.

There is room for improvement for Apple here, rather than bury its head in the sand and say nothing happened. Or we have a bigger problem where the courts are wasting tax payers money for trialing invidivuals for no crime committed.

So what is it, do you believe Apple or the Court.

Jaywalking, to use your example, while against the law, takes up police manpower to issue tickets for something where no real crime was committed. Of course, the jaywalker could get hit by a car and it has happened in busy cities.

Hacking into a corporate server, government server, private server, is illegal and subject to criminal prosecution by various laws in different jurisdictions. You keep saying Apple is untruthful, but this is conjecture on your part. As I said previously, even downloading a folder called "Tim Cook's favorite jokes" from a hacked, compromised corporate server is criminal.

Whether the kid gets prosecuted is another matter altogether, but what the kid did is criminal and somehow he got caught. As I have read the article those are the facts.

 

[code-m]

It is possible that there are customer files on a corporate server where there are no PII (personally identifiable information). It seems there is a definition of customer files that needs interpretation. Maybe the customer files contained some unique identifying number and the songs downloaded from itunes. We don't know the details, but these are customer files with an internal identifying number, but the files can't be used for any nefarious reason since there is no TIN, address or cc information.

Even so, the action is criminal. And one can't really make a determination if apple is being "untruthful" or not. According to the article kid hacked into corporate server and downloaded files, unless there is something untruthful about that, I can't comment further.


If you are saying, other entities hacked into apples corporate server as well as this kid and therefore the kid shouldn't be charged, that's just conjecture. Even so, it doesn't make the kids' action, any less criminal.


Jaywalking, to use your example, while against the law, takes up police manpower to issue tickets for something where no real crime was committed. Of course, the jaywalker could get hit by a car and it has happened in busy cities.

Hacking into a corporate server, government server, private server, is illegal and subject to criminal prosecution by various laws in different jurisdictions. You keep saying Apple is untruthful, but this is conjecture on your part. As I said previously, even downloading a folder called "Tim Cook's favorite jokes" from a hacked, compromised corporate server is criminal.

Whether the kid gets prosecuted is another matter altogether, but what the kid did is criminal and somehow he got caught. As I have read the article those are the facts.

However according to Apple, most user data (possible all) is encrypted. If you break into Apple’s servers and downloaded encrypted users data, yes it is a crime to break into Apple (you got caught), however that does not say much about Apple’s security and the data is encrypted so there is no use to the hacker as it is useless. What happens if this teenager did not leave any tracks, where the authorities would not know who it is and later publishes information of Apple’s flawed security.

Please do not have a false sense of security. I prefer the companies I deal with are truthful vice telling me one narrative while the actions taken by the legal system is another. Nonetheless, we both agree that there is not much information released. I would hate to find out months if not years from now that Apple was indeed breached and their were trying to save face. This has happened several times with their hardware and software.

 

[I7guy]

However according to Apple, most user data (possible all) is encrypted. If you break into Apple’s servers and downloaded encrypted users data, yes it is a crime to break into Apple (you got caught), however that does not say much about Apple’s security and the data is encrypted so there is no use to the hacker as it is useless. What happens if this teenager did not leave any tracks, where the authorities would not know who it is and later publishes information of Apple’s flawed security.

Please do not have a false sense of security. I prefer the companies I deal with are truthful vice telling me one narrative while the actions taken by the legal system is another. Nonetheless, we both agree that there is not much information released. I would hate to find out months if not years from now that Apple was indeed breached and their were trying to save face. This has happened several times with their hardware and software.

The two narratives are not mutually exclusive as in my example. Now if Apple is lying, as to right now we don’t know that, that’s a different story.

But right now the two narratives are synchronized as we don’t know if those customer files contained any PII.

I don’t have a false sense of security, I’m stating apppke had a flaw, kid hacked in and got caught. The courts narrative and apple’s narrative are not mutually exclusive. Apple is under an obligation to come clean about what happened if PII is involved.

 

[code-m]

The two narratives are not mutually exclusive as in my example. Now if Apple is lying, as to right now we don’t know that, that’s a different story.

But right now the two narratives are synchronized as we don’t know if those customer files contained any PII.

I don’t have a false sense of security, I’m stating apppke had a flaw, kid hacked in and got caught. The courts narrative and apple’s narrative are not mutually exclusive. Apple is under an obligation to come clean about what happened if PII is involved.

Due to the lack of full disclosure, just wait out for further details.

Apple had a flaw, teenager got in, took something (presumably) got caught. Apple’s response nothing was broken into. Who to believe? What if the teenager did not get caught? What if there are more attacks and those entities are not caught?

This does brings into question Apples transparency on private data which are valid request from the government, however what about non-valid (hacking) flaws.

Good thing I don’t use Apple’s iCloud or Google Drive (or is it Google 1).

 

[I7guy]

Due to the lack of full disclosure, just wait out for further details.

Apple had a flaw, teenager got in, took something (presumably) got caught. Apple’s response nothing was broken into. Who to believe? What if the teenager did not get caught? What if there are more attacks and those entities are not caught?

This does brings into question Apples transparency on private data which are valid request from the government, however what about non-valid (hacking) flaws.

Good thing I don’t use Apple’s iCloud or Google Drive (or is it Google 1).

I believe you are misinterpreting the details. Apple said: “ no customer data was comprised “. That does not equate to no customer data was downloaded. I already gave an example above about what could theoretically be in a file that contains customer data but no PII.

However you a free to view apple’s transparency anyway you want. If you don’t believe or trust them, that is certainly your right. I don’t believe they can be 100% transparent due to a variety of factors, but as a public company flat out lying will get them in a heap of trouble.

 

[gruntersdad]

No Job. Take away all of his electronics. If he works for
Apple he will be selling their info next. No slap on the wrist. NO jail time if he shows Apple how he did what he did.

 

[mib1800]

The two narratives are not mutually exclusive as in my example. Now if Apple is lying, as to right now we don’t know that, that’s a different story.

But right now the two narratives are synchronized as we don’t know if those customer files contained any PII.

I don’t have a false sense of security, I’m stating apppke had a flaw, kid hacked in and got caught. The courts narrative and apple’s narrative are not mutually exclusive. Apple is under an obligation to come clean about what happened if PII is involved.

Or you can keep telling yourself "apple is the most secure" over and over...then eventually to you this incident never happened...

 

[fathergll]

I wonder if Apple intentionally left something "exposed" as a honey pot for attempted attacks. Just monitor that area and arrest them before they can continue. Kinda' like leaving an alarmed briefcase full of cash in front of the safe, you know?

No that would be stupid. Unless Apple tells us otherwise their security was compromised by a 16 year old. That is not good for PR.

 

[I7guy]

Or you can keep telling yourself "apple is the most secure" over and over...then eventually to you this incident never happened...

I don’t have to tell it to myself, I know it. My iphone hasn’t mailed out my photos to random individuals.

 

[DailySlow]

In a statement, Apple has confirmed that no personal data was compromised by a 16-year-old student from Melbourne, Australia who admitted to hacking into Apple's internal servers on multiple occasions over one year.

The Guardian:Australian publication The Age reported that the teen downloaded some 90GB of confidential files, and accessed customer accounts, storing information in a folder on his computer named "hacky hack hack." It's unclear exactly what he downloaded during the series of network intrusions.

The student, who cannot be publicly named due to his age and notoriety in the hacking community, reportedly pleaded guilty to his actions in an Australian Children's Court this week, with sentencing deferred until next month. His lawyer later told police that the teen "dreamed of" working for Apple.

The teen reportedly had a method of accessing Apple's servers that "worked flawlessly" on multiple occasions--until he was caught.

The international investigation began when Apple detected the unauthorized access, contained it, and alerted the FBI. The allegations were passed on to the Australian Federal Police, which executed a search warrant on the teen's home last year, and found the software that had enabled the hacking on his laptop.

Article Link: Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident

He HAS been spotted tooling around Melbourne with his learners permit in a cherry 1968 Mustang GT, though.

 

[Darmok N Jalad]

You got amnesia or what?

Didn't apple intentionally throttle cpu so your older phones become slower.

You don't need to answer. You going to toe the apple line and say it is done because of battery blah blah....when no other phones needed to do that

Yeah, what Apple did there was crappy, mainly from the lack of a toggle or announcement. I replaced my 6S battery myself, as it was desperately in need of it. 8 months later, it’s performing like new.

Don’t android phones slow down on their own due to something clogging in the cache partition, or has that been fixed? I recall the slow down hitting in the 6 month to 1 year range when I still had an android phone.

 

[mi7chy]

Yeah, what Apple did there was crappy, mainly from the lack of a toggle or announcement. I replaced my 6S battery myself, as it was desperately in need of it. 8 months later, it’s performing like new.

Don’t android phones slow down on their own due to something clogging in the cache partition, or has that been fixed? I recall the slow down hitting in the 6 month to 1 year range when I still had an android phone.

Besides the secret Apple throttling my iPads and iPhones have slowed down with iOS updates.

As for Android, I have a device running non-stop with over 12,000 hours uptime and another with over 5,000 hours uptime since I bought it last year without slowing down.

 

[dk001]

Besides the secret Apple throttling my iPads and iPhones have slowed down with iOS updates.

As for Android, I have a device running non-stop with over 12,000 hours uptime and another with over 5,000 hours uptime since I bought it last year without slowing down.

Wow!!
What devices are they if I may ask?

Using a Razer and I have seen no change (at the 7 month point)

 

[Flight Plan]

Give the child a job for Apple when he gets out of jail, lol.

OMG no! All that does is incentivize bad behavior.

The only thing compromised is the kid's future

Yes it will. Good luck getting any kind of a job that requires a clearance.

Sounds like this kid is a bit of genius, maybe he should be given a job at Apple instead of a prison sentence. Just saying

"Just Saying" that this is the worst, most awful idea.

Maybe immigrate to the us and work for the nsa.

Okay, I was wrong in my comment above. THIS is the worst, most awful idea!

Sort of a bad incentive to set.

"Sort of?" It's DEFINITELY a bad precedent!

He’s so young. He will probably end up making more money than anyone I know one day.

Maybe, maybe not. I know several companies that couldn't hire him now. "Couldn't", as in "we have rules against hiring you because you did this, and it doesn't matter how long ago it was".

From a public POV, I’d agree but behind the scenes I’d definitely look into it. Many tech companies will employ caught hackers to prevent future hacks. You can’t really stop hacks unless you have hacked or understand the process.

You'd look into it "behind the scenes"? And how will you explain the loss of your government contracts or customer lawsuits to your stockholders, lawyers, and the judges?

You have to stay far away from people like this, especially if you are a company officer, have government contracts, and you want to stay out of jail.

It shows that any company is vulernable to a hack. This is a serious issue for every industry and goes beyond your LOL’s and knee slapping.

I agree, this is no joke. If I were Apple, I'd be seeking a prison term for the violator, and if he's a minor, I'd be including the parents, guardians, and even the kid's rugby coach in the suit. This needs to be painful, if there's ever going to be a hope for it to stop someday.

He got it, that’s all that matters. If he got in, it’s a hack. Unauthorized entry in something you don’t have access too is a hack.

Okay, but so what? Apple hardens their systems and closes the barn door. This part already happens. THEN makes the violator pay. Dearly. Hard time, high fines. This is the vital "part B" that SHOULD happen.

I'd imagine that even if he was able to break through Apple's firewall, he would still have trouble with decrypting the data regardless of the quantity and size. Just collecting 90 GB worth of encrypted data doesn't mean that he was able to actually decipher and read it.

That said, it is troubling... and if a kid can do it, then what is stopping professional and seasoned hackers from doing the same?

Decryption is probably not possible. But there should still be mucho pain dealt out from this. Because without that, others will see the slap on the wrists and won't be deterred.

no, dozens of companies will look to hire him as a security expert, the same as many previous elite hackers.

No they won't; where do you get that?

well hacking their servers is one way to get your foot in the door. Lots of companies, and even the government, hire people who hacked them as cybersecurity experts.

Again, a fallacy. What is your source?

Make his punishment, so many hours of unpaid labour, showing how he got in and giving ideas on how to stop others, then a job after that, if he wants it.

Too light of a sentence. Should be many years hard time and NO JOB AFTER GETTING OUT. Make it known, make it public, and then stick to it.

Many security firms hire career thieves to test out their products. Surely this sort of thing isn't news to you?

Source please? If I heard of any security firm doing this, I would make sure my company doesn't use them. And we'll tell them why.

 

[galangel]

I wonder if Apple intentionally left something "exposed" as a honey pot for attempted attacks. Just monitor that area and arrest them before they can continue. Kinda' like leaving an alarmed briefcase full of cash in front of the safe, you know?

we all do it , its very simple trick so in case a file or a software get hacked or get false positive by AV we simply change the bait

 

[ipponrg]

You'd look into it "behind the scenes"? And how will you explain the loss of your government contracts or customer lawsuits to your stockholders, lawyers, and the judges?

You have to stay far away from people like this, especially if you are a company officer, have government contracts, and you want to stay out of jail.

I don’t think you understand how security works. Much of this type of hiring you usually don’t hear about publicly. All the major tech companies do this to some degree. It takes an unusual mind to be able to circumvent modern day security mechanisms. If this kid was able to do it to Apple, I wouldn’t be surprised if there are more that we haven’t heard of.

And as a FYI and an example, the federal government eventually hired Frank Abagnale who stole a lot of money. Read up on his role in the US after the hiring

 

[antonis]

Just Apple security’s pride was compromised. Ya know, because they were hacked by a child.

By a child, for over a year's period, with 90gb of data downloaded.
Embarrassing for any other company. Now, for the richest company in the world, with tech as their business, claiming that security is one of their top concerns, I'd say it's...

 

[I7guy]

By a child, for over a year's period, with 90gb of data downloaded.
Embarrassing for any other company. Now, for the richest company in the world, with tech as their business, claiming that security is one of their top concerns, I'd say it's...

How do you think these guys felt?

https://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it/

 

[dialogos]

I don't think you know what encrypted means.

It's got nothing to do with preventing a hack. It prevents the hacker from reading any data from the hack.

In all likelihood the data the kid download was encrypted, which means totally useless to him, just data blocks he can't make sense of - and if it wasn't encrypted then it wasn't important.

So you feel safe if someone hacks your data even if they're encrypted? Maybe in a few years there's going to be a more sophisticated algorithm to break this encryption. Who would like someone to access his encrypted data in the next years if not now?

Encryption is an important layer of security but not enough. Apple should be more transparent about what happened.

If a kid can hack Apple I'm assuming that organizations, other people, governments etc hack their servers and access our data. It just doesn't get on the news.

 

[lec0rsaire]

You just know that this guy was trying to get some nudies. He probably got tired of the 1st fappening batch.