Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Melbourne Teen Pleads Guilty to Hacking Apple Servers and Accessing Customer Accounts [Updated]

loby said:
No it is not secure. Hacking can come from within.
Click to expand...

If you turn on two-factor authentication, there supposedly is no way for anyone else to access your data.
https://support.apple.com/en-us/HT204915

Without two-factor authentication, your iCloud password can be reset (by Apple), and potentially someone else could access your data.

loby said:
Some of Apple’s storage needs are also sub-contracted out I heard. (I heard they use Amazon servers- I could be wrong).
Click to expand...

It is well known that Apple store ENCRYPTED iCloud data at Google, Microsoft and Amazon. The data stored there is just as useful as when it traverses the internet, you need to have your encryption keys to access your data, and those keys are NOT stored outside of Apple (and with two-factor authentication, stored only on your devices).

loby said:
Anyone know where you report possible hacking to Apple? I had a document on my cloud hacked and it could be an inside job. Someone wrote a comment in my document that could only be accessed from an administrator at Apple or their sub-contracted company.

How do I know this happened? One, the way the comment was written. Two, I am the only one who has access to my account (I keep all devices with me since I travel for work). I go to countries that really don’t speak English. Three: my account was not hacked from outside (I use to be in security and a network admin. So i know how the game is played internally).

Anyone know the email address to Apple security so I report this type of activity?

Thanks.
Click to expand...

How could you NOT find this?
https://support.apple.com/en-us/HT201220
 
  • Like
Reactions: Duane Martin and decafjava
rturner2 said:
No. This is unacceptable. Apple advertised iCloud as secure. Clearly it’s not.
Click to expand...

First of all, where does it say iCloud was compromised? It says Apple Secure Network, which I assume is Apples internal work system for employees.

Secondly, part of Apples privacy and security policy revolves around on-device processing and minimizing data collection. For precisely this reason. If Apple doesn’t HAVE your data, there’s nothing for hackers to collect on Apples servers.

If anything, this just legitimizes Apples entire approach to security and privacy. They never claimed to be impenetrable. All of their security practices revolve around the fact that they COULD be compromised, and they don’t want to leave the gate keys lying around in their possession.

Most of you commenting here really don’t have much knowledge on the topic, so maybe reserve judgement?
 
  • Like
Reactions: mwd25, imlovinit, Damian. and 2 others
apolloa said:
I love all these posts praising the criminal and the crime, If a 16 year old held a bank up at gunpoint and stole your information would you praise them then too? I mean you must do if you hold criminals in such high esteem....

Don’t worry, I’m sure the organised gangs they sell your stolen data on to put it to good use.
Click to expand...

All these people praising the kid are doing so because the alternative is that Apple failed big time with their security. It is better in their opinion to believe that a mastermind hacked Apple.
 
  • Like
Reactions: apolloa
StellarVixen said:
I think we need more info on how did this exactly happen.

If a 16 year old found a way to exploit some kind of weakness, and hack the Apple's servers, then that is embarrassing. Especially for a company who is "all about security".

apolloa is a troll most of the time, but he is right on this one.
Click to expand...

Haha thanks, I’m not a troll either, I certainly don’t go around calling a criminal who knows exactly what they are doing, intelligent, or apologise and excuse them!
People seem to believe hacking isn’t a crime, it’s all fine, or bless it’s a child, but these hackers then go onto the dark web, sell that data on, and then your bank account is cleared out, or you are signed up for services you never wanted, your identity is stolen and you have a mountain of debt, all because some kid stole your information, but let’s apologise for the criminal and admire their intelligence...
[doublepost=1534439233][/doublepost]
macfacts said:
All these people praising the kid are doing so because the alternative is that Apple failed big time with their security. It is better in their opinion to believe that a mastermind hacked Apple.
Click to expand...

Rather then Apple like most corporations pay as little as possible for security. I agree with hat statement. But it will just be seen as anti Apple trolling.. evaluate people refuse to accept Apple is a business and won’t like most spend money on anything unless absolutely necessary, in fact if I recall, they didn’t introduce two step authentication until after those celebrity accounts were hacked. I could be wrong in that though.

[doublepost=1534439503][/doublepost]
Winni said:
You're still talking about KIDS there, so your demand to "throw them in jail for life" is absolutely unreasonable; actually it is unreasonable to a point where we it is almost insane. Remember that you're talking about CHILDREN there that only possess very limited accountability for what they do -- and this kid whose life you want to destroy did not kill or injure ANYBODY. He's not Al Capone or Pablo Escobar. Hell, he's not even Donald Trump. He's just a teenage kid who wanted to test his own limits and maybe impress a girl somewhere with his hacking skills -- or impress Apple and have that weird dream of getting hired because he's so damn good at what he does. These things have actually happened in the past, believe it or not -- in the past, some hackers actually got hired by the companies they broke in to. So it's not in the realm of fantasy.
Click to expand...

A 16 year old knows EXACTLY what they are doing and right from wrong. If they steal thousands of people’s personal information that is meant to be secure, they should be tried and charged as such.
[doublepost=1534439695][/doublepost]
genovelle said:
Actually, banks are hacked all the time and then send notifications alerting their clients of the breech. Amazon’s Servers and AWS servers have been breeched and have even exposed other companies data in the process.

Apple rarely has this issue but chooses to minimize the amount and types of data they keep on their servers. This is also why they decided to give the encryption keys to the customers instead of maintaining a master key.
Click to expand...

I said my bank not any bank, and I want proof Amazon was hacked please. If you are stating it as a fact.
 
Last edited:
FFR said:
Both iCloud and gmail were targeted in the celeb hack.

The Apple haters never seem to mention that gmail was also compromised.

Hmmm...
Click to expand...

The difference is Google doesn't build a huge chunk of their advertising around security whereas Apple does. That's the problem with promising something like total security when things like this happen.
 
  • Like
Reactions: apolloa
DakotaGuy said:
The difference is Google doesn't build a huge chunk of their advertising around security whereas Apple does. That's the problem with promising something like total security when things like this happen.
Click to expand...

Neither google nor Apple can can secure against a user giving his password to an malicious attacker.


But the fact remain only Apple is called out for it. Doesn’t seem fair when both gmail and iCloud were phished.

Google just builds a huge chunk of their revenue on user generated data not really the same.
 
  • Like
Reactions: Burningtime and mwd25
SoN1NjA said:
Wow, so young, wish I was that smart

Also crazy that it went through all of those tunnels — Apple, FBI, Australia police — and they still got him
Click to expand...
You are a member of MacRumors. That is a good start. ;)
[doublepost=1534447619][/doublepost]
rturner2 said:
No. This is unacceptable. Apple advertised iCloud as secure. Clearly it’s not.
Click to expand...
Apple advertising as secure, does not equate to there never ever being any type of problem like this.
 
  • Like
Reactions: Burningtime, SoN1NjA and BigMcGuire
keysofanxiety said:
Except if it was phishing and not an actual hack. People far too often get the two mixed up when they're completely different. I agree we need more information.

Apolloa, as ever, has grabbed the pitchfork with the mouth-watering prospect of anti-Apple rhetoric and assumed the worst without any facts. That doesn't make them right, just consistent with negative comments on every single article.

I'll reserve judgement until I have further information, though my first suspicion is that it wasn't an actual "hack".
Click to expand...

Every article that you’ve read you mean.... not every article I post in, not by a looonnngggg way. You also have a funny idea if ‘anti Apple’.
 
I don't recall ever in the past reading any news that iCloud had been genuinely breached. Sure there were the celebrity phishing things that happened a few years ago, but that was user error and not a genuine breach of iCloud. If this news today represents a true breach, then this is a big deal and really worrisome. I figured iCloud was impenetrable.
 
  • Like
Reactions: Burningtime
@apolloa Don't know why you're raging all over these comments regarding security. Sit down and hear what I have to say for a moment.

1. Absolutely NOTHING is hackproof until computers learn to make their own security algorythm. All made man software has a backdoor or flaw which can be exploited with time and effort.
2. Most hackers that get arrested either get hired by the company that was hacked or join the military. It takes a special kind of person to break security and most companies spends millions in hiring the best minds. This also prevents hackers from spreading information on how they hacked a company.
3. If you're disappointed with Apple's security software, find another company. I hear the Android folks love people like you.
4. You are nobody special so if you are going to live a paranoid life regarding your "personal" info, take it elsewhere

Your pitchfork "throw em in jail" mentality is the reason why society doesn't progress.
 
  • Like
Reactions: Burningtime
chinito77 said:
@apolloa Don't know why you're raging all over these comments regarding security. Sit down and hear what I have to say for a moment.

1. Absolutely NOTHING is hackproof until computers learn to make their own security algorythm. All made man software has a backdoor or flaw which can be exploited with time and effort.
2. Most hackers that get arrested either get hired by the company that was hacked or join the military. It takes a special kind of person to break security and most companies spends millions in hiring the best minds. This also prevents hackers from spreading information on how they hacked a company.
3. If you're disappointed with Apple's security software, find another company. I hear the Android folks love people like you.
4. You are nobody special so if you are going to live a paranoid life regarding your "personal" info, take it elsewhere

Your pitchfork "throw em in jail" mentality is the reason why society doesn't progress.
Click to expand...

Thanks, you do realise your ideology here is to reward crime and criminals. It’s backwards thinking in modern society and why crime is on the rise, award the criminals, disrespect the victims..
The majority of people don’t believe punishing criminals for crime as ‘pitchfork mentality’ but basic requirements in the modern world to protect them, what their taxes pay for. You don’t understand why I and others would ‘rage’, because your more then happy to reward criminals for the crimes they commit. The perfect opposite of the saying ‘crime doesn’t pay’.
 
@apolloa, WOW, you are clearly the sensative type. Cyber crimes is not the in same category as murderers, rapist, and drunk drivers but of course a common folk like yourself would lump all crimes as one. This is how things work in the cyber security world, which I have witness firsthand from years of working at various tech companies.
Only in cyber security, can hacking sometimes lead to a job.
 
chinito77 said:
@apolloa, WOW, you are clearly the sensative type. Cyber crimes is not the in same category as murderers, rapist, and drunk drivers but of course a common folk like yourself would lump all crimes as one. This is how things work in the cyber security world, which I have witness firsthand from years of working at various tech companies.
Only in cyber security, can hacking sometimes lead to a job.
Click to expand...

WOW, so you only class certain acts as actual crimes, thank God you don’t make up the laws! Their is a reason he went to court for trial for his CRIMES, you seem to be claiming they aren’t real crimes. Tell me, where would you draw the line with hackers, when they steal your money, your data, your medical records, all your private photos.. you seem to have an awful lot of sympathy for these criminals and there crimes because you’ve worked for some tech companies, even though the majority of courts and countries see them as just that, criminals, thief’s, the law has a distinctly opposite view to you.

Also your analogy is utterly flawed, a murder can affect one life and family, the same with a drunk driver, a hacker can affect millions.
 
Last edited:
rturner2 said:
No. This is unacceptable. Apple advertised iCloud as secure. Clearly it’s not.
Click to expand...

We don’t know which ‘servers’ or what kind of system and user login details at Apple were hacked. Somehow I doubt it was actual iCloud user accounts. Could have been a separate system or the A/C controls or something.
 
  • Like
Reactions: Burningtime
realjerk said:
If you turn on two-factor authentication, there supposedly is no way for anyone else to access your data.
https://support.apple.com/en-us/HT204915

Without two-factor authentication, your iCloud password can be reset (by Apple), and potentially someone else could access your data.



It is well known that Apple store ENCRYPTED iCloud data at Google, Microsoft and Amazon. The data stored there is just as useful as when it traverses the internet, you need to have your encryption keys to access your data, and those keys are NOT stored outside of Apple (and with two-factor authentication, stored only on your devices).



How could you NOT find this?
https://support.apple.com/en-us/HT201220
Click to expand...

Yes I have "two-factor authentication on.....

Just received another message from the "Hacker" in my document. It is an inside job....will report it to Apple...
 
loby said:
Yes I have "two-factor authentication on.....

Just received another message from the "Hacker" in my document. It is an inside job....will report it to Apple...
Click to expand...

Very impressive...the hacker is on the Macrumor's forum and a user. Apple is now aware of this and is looking into it.
 
BasicGreatGuy said:
Loby, unless you are trying to be funny, it would be best to edit your post, in my opinion. If you have proof of such, you should contact the MR staff.
Click to expand...

I will....I am not being funny. I will contact the staff of Macrumors.
 
Burningtime said:
LOL. If you buy the most secure vault in the world for your money but you don't close the door properly are you gonna blame the vault?
Click to expand...
Quoting the original sourse (The Age):

The purpose was to connect remotely to the company’s internal systems.”
The major international investigation was sparked when Apple contacted the FBI, who passed the allegations on to the AFP.
The AFP found the software that had enabled the hacking had been installed on the teen’s laptop.
Further analysis found that the schoolboy successfully accessed “authorised keys” as part of his offending.
Authorised keys grant log-in access to users and are said to be extremely secure

Does it sound like the teenager simply obtained a password of a regular iCloud user via phishing? Does it?
 
now i see it said:
If a teenage boy can break into Apple servers using a laptop in his bedroom, one can only imagine the capabilities of a nation state with unlimited budget and resources.
Click to expand...
And that’s exactly certain foreign countries are doing actively and secretly. They also have all the money to drive PR machine to whatever direction they want. Hacking for them is way too naive and easy. They want much more.
 
realjerk said:
If you turn on two-factor authentication, there supposedly is no way for anyone else to access your data.
https://support.apple.com/en-us/HT204915

Without two-factor authentication, your iCloud password can be reset (by Apple), and potentially someone else could access your data.
Click to expand...

When I took my iPad to the Apple store Genius Bar they asked me to login to my iCloud account and switch off ‘find my phone’. I had two-factor authentication switched on and I was surprised to never receive any message like I normally do. Does Apple Genius Bar somehow bypass this and if so how and why?

This has always puzzled me as I always receive a message when changing anything or when I login in on a new device etc. I should have asked them at the time.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back