So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later. I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac. I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher. Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.
When you say you had access to credit card info, what info? What is the “anything” you could do?
I could see all the info for the credit card - as if I had it in my hands. I could have written it all down. Also had access to iCloud and iTunes passwords for the purpose of resetting them when the customer could not. Very detailed information in there.
In your position, why would you need to have this credit card info?
Regarding passwords, you are saying you could see the user’s clear text password? Certainly this knowledge is unnecessary to merely reset a password.
If a teenager could break into Apple's "secure" private network and download 90 GB over the course of an entire year without being detected, imagine what a government agency (foreign or domestic) could do. They are probably logged in and downloading all kinds of sensitive information as you read this.
"We ... want to assure our customers that at no point during this incident was their personal data compromised"
Yes the kid got his hands on customer data, but since it was "secure" ie, it was encrypted, the data was not "compromised" so Apple can assure people that their data is not out in the wild.
In that case it could perfectly be out in the wild. Just encrypted.
I'd be sleeping more easily knowing it is encrypted but a little concerned that someone could be trying to crack the files open.
As there have been no calls for users to change passwords it might also be the case that there was nothing sensitive enough in the data to merit any further action beyond locating and prosecuting the kid.
Has there been any examples of Apple's encryptions systems/algorithms/code.. ect being compromised. Yes any encryption can be hack or compromised, but, how much time/efforts and computing power do you want to put into it. I would also guess Apple is not using simple words or character strings as the key. For all we know Apple was also using some sort of hardware encryption key, like they do on the iPhone. There are hard drives that do real time encryption and if the date does not reside on the drive that wrote the data it can not be encrypted.
"We ... want to assure our customers that at no point during this incident was their personal data compromised"
Yes the kid got his hands on customer data, but since it was "secure" ie, it was encrypted, the data was not "compromised" so Apple can assure people that their data is not out in the wild.
In that case it could perfectly be out in the wild. Just encrypted.
I'd be sleeping more easily knowing it is encrypted but a little concerned that someone could be trying to crack the files open.
As there have been no calls for users to change passwords it might also be the case that there was nothing sensitive enough in the data to merit any further action beyond locating and prosecuting the kid.
Has there been any examples of Apple's encryptions systems/algorithms/code.. ect being compromised.
Would Cellebrite qualify? I think there was at least one other company as well
As has been mentioned here frequently if there are keys for the encryption there's always going to be a possibility of the holder losing sole control of them either by law or by accident. Apple's Chinese iCloud service, now controlled by a third-party with key access, would be an example of that.
If a teenager could break into Apple's "secure" private network and download 90 GB over the course of an entire year without being detected, imagine what a government agency (foreign or domestic) could do. They are probably logged in and downloading all kinds of sensitive information as you read this.
Here is the difference, yes the government could break in, Swonden proved that, but is all the data is encrypt gibberish, it has no value to the government. To the kid it is bragging rights of what he did, even if data has not material value.
To that point...
When I was in college there were some computer science students who claimed to broken into a government system and they found a file which had name of Spock in a directory called Starwars (this was the big Reagan Idea back in the 80's, not the movie). The students thought they found something important. When viewed on a terminal it was just gibberish, could not make any sense of it so they thought it was some sort of machine code for a Starwar program. Someone got the bright idea to print it out. At the time we only had dot matrix printer on paper feeders, so they print out the hundred of pages using the schools main frame computer system. Someone notice ever 20 there was blank page, so they separated out all the blank pages and realize when you looked at the 20 pages laid flat on the floor it has some sort of pattern so they laid out each 20 page sequence, and saw different patterns on each 20 pages. After sometime of looking at all these pages the guys realize when you laid each of the 20 page sequence next to each other it form an image, guess what the image was?
I can not tell you if the story about the source of the file was true was not there, but I saw the Spock image tape all together and I use to have copy of the file, it was 20 feet by 20 feet. If they did find it on some government server, someone was wasting taxes paper dollars creating to text image of Spoke which was 20' x 20'. But these guys had lots of street credit on campus for finding a Spock poster on some government servers.
Comments
Regarding passwords, you are saying you could see the user’s clear text password? Certainly this knowledge is unnecessary to merely reset a password.
Has there been any examples of Apple's encryptions systems/algorithms/code.. ect being compromised. Yes any encryption can be hack or compromised, but, how much time/efforts and computing power do you want to put into it. I would also guess Apple is not using simple words or character strings as the key. For all we know Apple was also using some sort of hardware encryption key, like they do on the iPhone. There are hard drives that do real time encryption and if the date does not reside on the drive that wrote the data it can not be encrypted.
As has been mentioned here frequently if there are keys for the encryption there's always going to be a possibility of the holder losing sole control of them either by law or by accident. Apple's Chinese iCloud service, now controlled by a third-party with key access, would be an example of that.
Here is the difference, yes the government could break in, Swonden proved that, but is all the data is encrypt gibberish, it has no value to the government. To the kid it is bragging rights of what he did, even if data has not material value.
To that point...
When I was in college there were some computer science students who claimed to broken into a government system and they found a file which had name of Spock in a directory called Starwars (this was the big Reagan Idea back in the 80's, not the movie). The students thought they found something important. When viewed on a terminal it was just gibberish, could not make any sense of it so they thought it was some sort of machine code for a Starwar program. Someone got the bright idea to print it out. At the time we only had dot matrix printer on paper feeders, so they print out the hundred of pages using the schools main frame computer system. Someone notice ever 20 there was blank page, so they separated out all the blank pages and realize when you looked at the 20 pages laid flat on the floor it has some sort of pattern so they laid out each 20 page sequence, and saw different patterns on each 20 pages. After sometime of looking at all these pages the guys realize when you laid each of the 20 page sequence next to each other it form an image, guess what the image was?
https://www.atariarchives.org/bcc1/showpage.php?page=274
I can not tell you if the story about the source of the file was true was not there, but I saw the Spock image tape all together and I use to have copy of the file, it was 20 feet by 20 feet. If they did find it on some government server, someone was wasting taxes paper dollars creating to text image of Spoke which was 20' x 20'. But these guys had lots of street credit on campus for finding a Spock poster on some government servers.