Apple says no customer information involved in hack by Australian teen

Posted:
in General Discussion edited August 2018
Apple on Friday commented on recent revelations that an Australian teen gained unauthorized access to its corporate computer network, saying the hack did not compromise customer data despite reports claiming the boy accessed customer accounts.


Apple's "global command" data center in Mesa, Ariz. | Source: The Republic


On Thursday, The Age reported a 16-year-old Melbourne boy, whose name is not being made public because he is a juvenile, conducted a series of attacks on Apple's computer systems over the course of a year.

In all, the hacker collected some 90 gigabytes of secure files and accessed customer accounts, according to court statements. The teen lodged a guilty plea when in Children's Court on Thursday.

Apple security personnel "discovered the unauthorized access, contained it, and reported the incident to law enforcement," a company spokesman told Reuters on Friday.

"We ... want to assure our customers that at no point during this incident was their personal data compromised," the spokesman said.

According to The Age, Apple notified the U.S. Federal Bureau of Investigation upon discovering the hack, and the law enforcement body handed the case over to the Australian Federal Police.

A raid of the boy's suburban home last year yielded two Apple laptops, a mobile phone and a hard drive associated with the hack. According to statements heard in court, the serial numbers of the laptops and the mobile phone's IP address matched those of devices that accessed Apple's systems.

While details of the intrusion are at this point unknown, the teen was reportedly able to remotely access Apple's secure network through highly protected "authorized keys" and software installed on at least one laptop. Over the course of a year, the boy gleaned some 90GB of data from Apple's servers, which was subsequently stored in a file named "hacky hack hack."

Media is just now learning about the hack thanks to the teen's court appearance. Apple was said to be "very sensitive about publicity" regarding the incident and successfully kept word of the case out of the public eye.
«1

Comments

  • Reply 1 of 25
    mattinozmattinoz Posts: 1,016member
    Story icon shows New Zealand flag but teen is Australian. 
    lamboaudi4SpamSandwich1983[Deleted User]space2001watto_cobramld53acornchip
  • Reply 2 of 25
    welshdogwelshdog Posts: 1,657member
    So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.
    Soliracerhomie3lamboaudi4radarthekat[Deleted User]watto_cobracornchip
  • Reply 3 of 25
    Rayz2016Rayz2016 Posts: 4,556member
    Unsurprising. 

    If the hack had involved customer accounts then the company would’ve been obliged to make the hack public to warn customers. 

    However, the fact he had access to “authorised keys” seems to indicate that Apple is leaking somewhere. The network is secure, but some procedure somewhere is not. 
    welshdoglamboaudi41983randominternetpersonwatto_cobracornchipjony0
  • Reply 4 of 25
    Why are you showing the flag of New Zealand?   :D
    freethinking1983[Deleted User]mattinozwatto_cobracornchip
  • Reply 5 of 25
    larryjwlarryjw Posts: 337member
    welshdog said:
    So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.
    When you say you had access to credit card info, what info? What is the “anything” you could do?
    watto_cobra
  • Reply 6 of 25
    ...might this potentially be a canary in a coal mine...?
    edited August 2018
  • Reply 7 of 25
    Somehow I tend to believe such a statement from Apple. As opposed to most other big corporations. Trust doesn’t come me from nothing. Neither does lack thereof. 
    randominternetpersonwatto_cobraclaire1
  • Reply 8 of 25
    s.metcalf said:
    Why are you showing the flag of New Zealand?   :D
    The two always get confused. NZ had a referendum in 2016 to change the flag to something unique but the conservatives won 😒


    dysamoria
  • Reply 9 of 25
    prokipprokip Posts: 145member
    What is it with you frigin Americans?  Do you know so l little about the rest of the world that you don't  even know the difference between the Australian and New Zealand flags.  It's not like we just dropped out off the sky last week.  Our country and our flag has been on the map for over a hundred years.  We have fought every war for that entire [eriod along side you yanks.  Surely that deserves a bit of R.E.S.P.E.C.T.  (may Aretha rest in peace.)
    Sheeesh !!
    (Where is DED when you need him?  He wouldn't have been so ignorant...)
  • Reply 10 of 25
    lkrupplkrupp Posts: 6,782member
    ...might this potentially be a canary in a coal mine...?
    Yep. Apple is doomed™
    StrangeDayswatto_cobraclaire1cornchip
  • Reply 11 of 25
    lkrupplkrupp Posts: 6,782member
    Who to believe? The initial report about the teen accessing customer data or Apple saying no customer data was compromised? Where did the initial report get its information from? The police, the teenager, who? Do you see how shit like this takes on a life of its own? Comments here already assuming customer data was compromised with nothing more than a single report which Apple has now refuted. Who’s telling the truth? All I know is Apple is in deep legal trouble IF they are found to be lying. The journalist or reporter who typed up the initial report gets a free pass for being wrong. See how a “free press” works? 

    For what it’s worth I believe Apple because they have most to lose by lying about it. 
    randominternetpersonwatto_cobra
  • Reply 12 of 25
    prokipprokip Posts: 145member
    Oh that's clever Appleinsider editors.  Replace the mistaken New Zealand flag in the form of an apple symbol originally on this story with a black Apple symbol.

    Even more ignorance from you guys.  Do you know what is the most fierce competition between Australia and New Zealand.  It happens in the game of rugby.  And it most well known in something called the Bledisloe Cup.  Now guess what the New Zealand rugby team is called... wait for it... the ALL BLACKS !!!   No truly.  I am not making this stuff up.

    So dear Appleinsider editors you have insulted we Australians twice.  Well done!

    Anyway to fix this thing I give you our proud Aussie flag:



    NO FIX IT.  Don't hide your stuff up.
  • Reply 13 of 25
    StrangeDaysStrangeDays Posts: 7,069member
    ...might this potentially be a canary in a coal mine...?
    What on earth are your handwringing about?
    watto_cobra
  • Reply 14 of 25
    welshdogwelshdog Posts: 1,657member
    larryjw said:
    welshdog said:
    So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.
    When you say you had access to credit card info, what info? What is the “anything” you could do?
    I could see all the info for the credit card - as if I had it in my hands. I could have written it all down. Also had access to iCloud and iTunes passwords for the purpose of resetting them when the customer could not. Very detailed information in there.
    watto_cobradysamoria
  • Reply 15 of 25
    gatorguygatorguy Posts: 20,267member
    welshdog said:
    larryjw said:
    welshdog said:
    So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.
    When you say you had access to credit card info, what info? What is the “anything” you could do?
    I could see all the info for the credit card - as if I had it in my hands. I could have written it all down. Also had access to iCloud and iTunes passwords for the purpose of resetting them when the customer could not. Very detailed information in there.
     :warning: 
    I wouldn't have expected that.
    Anyway, long weekend for me starting in an hour or so. Out of sight out of mind and all that.
    edited August 2018
  • Reply 16 of 25
    maestro64maestro64 Posts: 4,476member
    Here is the key statements

    "90 gigabytes of secure files"

    and

    "We ... want to assure our customers that at no point during this incident was their personal data compromised"

    Yes the kid got his hands on customer data, but since it was "secure" ie, it was encrypted, the data was not "compromised" so Apple can assure people that their data is not out in the wild.
    edited August 2018 watto_cobra
  • Reply 17 of 25
    prokip said:
    What is it with you frigin Americans?  Do you know so l little about the rest of the world that you don't  even know the difference between the Australian and New Zealand flags.  It's not like we just dropped out off the sky last week.  Our country and our flag has been on the map for over a hundred years.  We have fought every war for that entire [eriod along side you yanks.  Surely that deserves a bit of R.E.S.P.E.C.T.  (may Aretha rest in peace.)
    Sheeesh !!
    (Where is DED when you need him?  He wouldn't have been so ignorant...)
    Settle down!  I'm Australian and I thought it was funny.  No need to get so upset (maybe angry even) about it.
    edited August 2018 watto_cobraclaire1mattinoz
  • Reply 18 of 25
    avon b7avon b7 Posts: 3,444member
    maestro64 said:
    Here is the key statements

    "90 gigabytes of secure files"

    and

    "We ... want to assure our customers that at no point during this incident was their personal data compromised"

    Yes the kid got his hands on customer data, but since it was "secure" ie, it was encrypted, the data was not "compromised" so Apple can assure people that their data is not out in the wild.
    In that case it could perfectly be out in the wild. Just encrypted.

    I'd be sleeping more easily knowing it is encrypted but a little concerned that someone could be trying to crack the files open.

    As there have been no calls for users to change passwords it might also be the case that there was nothing sensitive enough in the data to merit any further action beyond locating and prosecuting the kid.
  • Reply 19 of 25
    s.metcalf said:
    prokip said:
    What is it with you frigin Americans?  Do you know so l little about the rest of the world that you don't  even know the difference between the Australian and New Zealand flags.  It's not like we just dropped out off the sky last week.  Our country and our flag has been on the map for over a hundred years.  We have fought every war for that entire [eriod along side you yanks.  Surely that deserves a bit of R.E.S.P.E.C.T.  (may Aretha rest in peace.)
    Sheeesh !!
    (Where is DED when you need him?  He wouldn't have been so ignorant...)
    Settle down!  I'm Australian and I thought it was funny.  No need to get so upset (maybe angry even) about it.
    New Zealand, eh? I understand that’s near Middle Earth.
    watto_cobra
  • Reply 20 of 25
    lkrupp said:
    ...might this potentially be a canary in a coal mine...?
    Yep. Apple is doomed™
    ...your point, not mine...?

    ...might this potentially be a canary in a coal mine...?
    What on earth are your handwringing about?

    ... how would we feel if it was oh say pick a random example some foreign hostile country agency that had gained access ... ?
    edited August 2018
Sign In or Register to comment.