Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Melbourne Teen Pleads Guilty to Hacking Apple Servers and Accessing Customer Accounts [Updated]

loby said:
I will....I am not being funny. I will contact the staff of Macrumors.
Click to expand...
BasicGreatGuy said:
Loby, unless you are trying to be funny, it would be best to edit your post, in my opinion. If you have proof of such, you should contact the MR staff.
Click to expand...

Also, I have had "FileVault" activated for some time and have a virus protector (creditable) on my system, plus "two-step-verification". How can someone get into one of my saved documents that is in iCloud and purposely add a sentence?

I actually had a conversation with the person inside the document. ? Pretty impressive hacking.
 
Millah said:
First of all, where does it say iCloud was compromised? It says Apple Secure Network, which I assume is Apples internal work system for employees.

Secondly, part of Apples privacy and security policy revolves around on-device processing and minimizing data collection. For precisely this reason. If Apple doesn’t HAVE your data, there’s nothing for hackers to collect on Apples servers.

If anything, this just legitimizes Apples entire approach to security and privacy. They never claimed to be impenetrable. All of their security practices revolve around the fact that they COULD be compromised, and they don’t want to leave the gate keys lying around in their possession.

Most of you commenting here really don’t have much knowledge on the topic, so maybe reserve judgement?
Click to expand...
You are just concocting this stuff based on Apple PR. You are mixing up user data and privacy. Even if we were just talking about privacy, your data might be more secure on a server (say, Google's server) managed by a professional team than on a personal device of a user who does not have a background in security. Also, your private data on your own device is protected by the software from the same company (Apple). What makes you think that iOS security is any better than the security of Apple own servers? If anything one would expect the opposite is more likely.
 
  • Like
Reactions: apolloa
loby said:
Also, I have had "FileVault" activated for some time and have a virus protector (creditable) on my system, plus "two-step-verification". How can someone get into one of my saved documents that is in iCloud and purposely add a sentence?

I actually had a conversation with the person inside the document. ? Pretty impressive hacking.
Click to expand...
Change your password and add a different trusted device. It doesn’t have to be Apple.
 
supercoolmanchu said:
We don’t know which ‘servers’ or what kind of system and user login details at Apple were hacked. Somehow I doubt it was actual iCloud user accounts. Could have been a separate system or the A/C controls or something.
Click to expand...

From the article. Doesn’t state what data but he did steal customers data, over the course of a year, before Apple stopped him which is a bit of a key thing, he got away with it for a year before Apple caught him... I wouldn’t call that the best security you can have. According to the article he boasted about his hacks all the time and was ‘well known’ in the hacking community.

http://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html

The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.

The Children’s Court heard on Thursday that he had downloaded 90gb of secure files and accessed customer accounts.

The teen’s defence lawyer said his client had become so well known in the international hacking community that even mentioning the case in detail could expose him to risk.

He then used Whatsapp to communicate his offending to others.

The ongoing access continued until Apple eventually detected his presence and he was blocked.
 
apolloa said:
From the article. Doesn’t state what data but he did steal customers data, over the course of a year, before Apple stopped him which is a bit of a key thing, he got away with it for a year before Apple caught him... I wouldn’t call that the best security you can have. According to the article he boasted about his hacks all the time and was ‘well known’ in the hacking community.

http://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html

The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.

The Children’s Court heard on Thursday that he had downloaded 90gb of secure files and accessed customer accounts.

The teen’s defence lawyer said his client had become so well known in the international hacking community that even mentioning the case in detail could expose him to risk.

He then used Whatsapp to communicate his offending to others.

The ongoing access continued until Apple eventually detected his presence and he was blocked.
Click to expand...
There is an update to the original article which contradicts this.
[doublepost=1534495823][/doublepost]
falainber said:
Quoting the original sourse (The Age):

The purpose was to connect remotely to the company’s internal systems.”
The major international investigation was sparked when Apple contacted the FBI, who passed the allegations on to the AFP.
The AFP found the software that had enabled the hacking had been installed on the teen’s laptop.
Further analysis found that the schoolboy successfully accessed “authorised keys” as part of his offending.
Authorised keys grant log-in access to users and are said to be extremely secure

Does it sound like the teenager simply obtained a password of a regular iCloud user via phishing? Does it?
Click to expand...
Many on this thread are confusing the "fappening" which was phishing with what the hacker in the OP did. Bother are different.
 
apolloa said:
I love all these posts praising the criminal and the crime, If a 16 year old held a bank up at gunpoint and stole your information would you praise them then too? I mean you must do if you hold criminals in such high esteem....

Don’t worry, I’m sure the organised gangs they sell your stolen data on to put it to good use.
Click to expand...

Man very well said. i have to confess, that did make me think again. 5*
 
MacBH928 said:
What year is this, 1983?
A 16 year old can breach into the system made by PhD carrying people who have worked for decades in the IT security field? Like 6 years ago this kid was watching cartoons, how can he gain enough knowledge to breach in the only $1T company in the world?
Click to expand...

Welcome to the world of computer security.
These systems are incredibly complex and there are dozens of possible attack vectors in any moderately sized web app. All it takes is to find one.
 
So apparently this happened last year and according to Apple no customer data was compromised.
 
If no customer data was compromised, that means he did not go on to sell them, and probably just pulled it of for the fame. This is exactly how most security researchers are born. The hacker mentality is helping the IT world immensely and is what's driving it forward. The hacker mentality is what created Apple (remember that Jobs and Wozniak were both phreaks, THROW THEM IN JAIL!). The hacker mentality and community is what allowed Linux to be born and thrive (and currently dominate the world).
In computer security, you don't get to be a great white hat without ever being a black/grey hat. It's just how it works. The IT world is a totally different beast. Disrespecting it and suppressing the hacker mentality won't get you far.
 
"the teen was a fan of the company and had "dreamed of" working for Apple"

So much for THAT dream? Did he not know he could just apply when he's old enough? Hacking Apple is not the way to get into Apple. Sure he's smart but very stupid.
 
so thaaaat s why my itoonies keeps playing INXS, Men at work and Golden Earring constantly.
at least I'm happy the hacker was from aussie, not the "Detroit's H8 mile"
 
  • Like
Reactions: decafjava
pipis2010 said:
I think it just proves that nothing is unhackable , or Apple isn’t investing as much as we would have thought on security...
Click to expand...

I think they are just lazy to build a new secure systems. I see ATMs running Windows XP sometime, and I heard credit cards still run on mainframes built on software from the 70s.

it is probably just more lucrative to make use of the old systems and let the consumer take the punch when his data gets breached.

Toutou said:
Welcome to the world of computer security.
These systems are incredibly complex and there are dozens of possible attack vectors in any moderately sized web app. All it takes is to find one.
Click to expand...

well if what you say is true then we can assume that no software is secure and hence stuff like money transfer, health data, personal picture storage should not be used on the internet including accessing your bank accounts. Imagine waking up one day and all your personal pictures from your Google Drive was hacked by a security flaw breached by a 16 year old kid and now the whole world know your life details including all your family members and the insides and outsides of your house.
 
MacBH928 said:
well if what you say is true then we can assume that no software is secure and hence stuff like money transfer, health data, personal picture storage should not be used on the internet including accessing your bank accounts. Imagine waking up one day and all your personal pictures from your Google Drive was hacked by a security flaw breached by a 16 year old kid and now the whole world know your life details including all your family members and the insides and outsides of your house.
Click to expand...

You're saying it like it's something outrageous and unbelievable, but you're stating the obvious and the "doom scenario" I'm supposed to imagine wouldn't surprise me at all.
No software is secure. This is literally the most important idea in computer security, that no software is secure.

Anything you upload to the cloud unencrypted you're basically handing out to the world. I do have some photos and other documents on Google Drive, but I'm aware of the risks and don't put anything sensitive there.

Any data you send through HTTP you're handing out to the world, as any unencrypted communication over the internet is trivially easy to intercept and analyze. That's why sensitive data like internet banking always go through HTTPS.
 
apolloa said:
From the article. Doesn’t state what data but he did steal customers data, over the course of a year, before Apple stopped him which is a bit of a key thing, he got away with it for a year before Apple caught him... I wouldn’t call that the best security you can have. According to the article he boasted about his hacks all the time and was ‘well known’ in the hacking community.

http://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html

The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.

The Children’s Court heard on Thursday that he had downloaded 90gb of secure files and accessed customer accounts.

The teen’s defence lawyer said his client had become so well known in the international hacking community that even mentioning the case in detail could expose him to risk.

He then used Whatsapp to communicate his offending to others.

The ongoing access continued until Apple eventually detected his presence and he was blocked.
Click to expand...

The story was updated, and I was like super totally right.

For your own future reference and life in general:

Poor sources of reliable technical data:
-Breaking Press reports
-Defense Attorneys

Now you know and can apply this to all future ‘information’ you absorb and can also re-evaluate what you think you already know.

And remember, learning is fun!
 
  • Like
Reactions: decafjava and FFR
apolloa said:
Wow, Apples services are so secure after all the celebrity accounts that were hacked, that a teenager can hack them.

Perhaps they can spend some of those billions and trillion dollar market cap on, security..

Actually this is a serious issue for Apple as lots of people rely on them for security and privacy, and if that’s seen to be weak still then it may lose sales.
Click to expand...
I blame all these tech companies that tout being unhackable. Quit saying stupid things like that publicly. Security of your data should remain private so much that you don't even mention it.
 
  • Like
Reactions: apolloa
GGJstudios said:
False. The article did not state that customer data was compromised. In fact, Apple has clearly stated:
Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident
Click to expand...

The fact is though the article that was posted several days ago and is linked in this story DID state it, it has since been amended as of today. Please note when my comment was posted.

EDIT: Incorrect, it did not actually claim "customer" data was stolen.

[doublepost=1534525657][/doublepost]
supercoolmanchu said:
The story was updated, and I was like super totally right.

For your own future reference and life in general:

Poor sources of reliable technical data:
-Breaking Press reports
-Defense Attorneys

Now you know and can apply this to all future ‘information’ you absorb and can also re-evaluate what you think you already know.

And remember, learning is fun!
Click to expand...

Thanks but I’ll stick to relying on media sources and court case information rather then random forum posters.
 
Last edited:
GGJstudios said:
False. The article did not state that customer data was compromised. In fact, Apple has clearly stated:
Apple Says No Personal Data Was Compromised in Australian Teenager Hacking Incident
Click to expand...
The Age article say this: "
Further analysis found that the schoolboy successfully accessed “authorised keys” as part of his offending.
Authorised keys grant log-in access to users and are said to be extremely secure."

As I understand this dude got the keys that let him log in as [any] other user. Perhaps he did not do it but not because he could not just because he didn't want to.
 
falainber said:
The Age article say this: "
Further analysis found that the schoolboy successfully accessed “authorised keys” as part of his offending.
Authorised keys grant log-in access to users and are said to be extremely secure."

As I understand this dude got the keys that let him log in as [any] other user. Perhaps he did not do it but not because he could not just because he didn't want to.
Click to expand...
Remember "user" does not necessarily mean "iCloud subscriber" or anyone in the public, but more likely means Apple employee user accounts, through which they log into Apple's internal systems.
 
FFR said:
Both iCloud and gmail were targeted in the celeb hack.

The Apple haters never seem to mention that gmail was also compromised.

Hmmm...
Click to expand...
Google doesn't run around telling everyone that their systems are the most secure thing ever invented.
 
Toutou said:
This is literally the most important idea in computer security, that no software is secure.
.
Click to expand...

yes, but most people assume that security is strong enough that it will take a group of professionals working for sometime to be able to break into a system... not a highschooler with a computer.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back