Jailbreaking community member said he served as a 'spy' for Apple

Posted:
in General Discussion edited August 2021
An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.

Credit: Giles Lambert/Unsplash
Credit: Giles Lambert/Unsplash


Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.

According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online. He also informed Apple of journalists who maintained relationships with leakers and any other details he thought the company might want to know about.

Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team.

Motherboard verified the authenticity of Shumeyko's evidence, including emails with the Global Security team that originated from servers owned by Apple.

Shumeyko first established a relationship with Apple's Global Security team, which investigates leaks and is staffed with former intelligence and military personnel, in 2017. At the time, he alerted the team of a potential phishing campaign against Apple Store employees. Then, in mid-2020, Shumeyko says he served as a "mole" and tried to help Apple investigate some of its worst leaks.

For example, Shumeyko reportedly reached out to Apple's Global Security team and offered details about the iOS 14 leak -- including the person who allegedly purchased the prototype iPhone, security researchers who received copies of the build, and a handful of people in China who traded in stolen prototypes.

Shumeyko said he was willing to share information with Apple to try and redeem his past actions leaking information. A well-respected member of the leaking and jailbreaking community, other members said they had no idea that Shumeyko was acting as a mole for Cupertino.

At another point, the leaker also provided Apple with information after an employee allegedly sold access to an internal Apple account. Shumeyko believed that this information would entitle him to a reward, but no such compensation came.

"Now it feels like I ruined someone for no good reason, really," Shumeyko told Motherboard in reference to the Apple employee.

Weeks later, after being frustrated about the lack of compensation, Shumeyko sold the internal information to 9to5Mac, which wrote an article about it.

The leaker apologized almost immediately to Apple Global Security, who told him that he should consult the team before publishing anything else.

"Please understand that our goal is to protect Apple. All our actions are guided by the premise of what is best for the company, our employees, and our customers (of which you are one). Therefore your help-- and insights-- in understanding possible threats to us are very important," the Apple Global Security Team said in an email. "My personal advice is that you continue to do the right things so that you can build a positive image for yourself. Do the right things to protect Apple. Keep it that way, you will be proud of yourself, so will we."

Apple is well-known for its secrecy culture, but its response to leakers has largely been shrouded in mystery in recent years. Earlier in 2020, however, reports indicated that the company was ramping up its anti-leak efforts in China, where there is a thriving gray market for stolen prototypes and internal software.

In a cease and desist letter addressed to a Chinese citizen in June, Apple said that leaks of unreleased products or hardware "harm the interests of consumers and Apple."

Read on AppleInsider

Comments

  • Reply 1 of 10
    “Shumeyko said he was willing to share information with Apple to try and redeem his past actions leaking information.”

    So which is it, is he trying to redeem his past actions or cash in? Don’t get mad because Apple treated him like the scumbag that he is. 
    Beatsmagman1979radarthekatronnaderutterwatto_cobra
  • Reply 2 of 10
    This fits a pattern I have seen before. These types of people who trade in hacks need to feel important. That's why they act as double agents. They tell whatever lies they need to in order to obtain information about hacks and then immediately turn around and tell the company about the hack in exchange for perceived promises about compensation and when that does not happen they turn around again and brag/cry about the company not paying them. This happened to my own company at one point in the distant past and I have seen it a few times since then related to other companies I did not work for (one was a gaming company and a game I was playing). Companies like Apple (or mine) don't really know how to deal with these people. They find them amusing, confusing, somewhat embarrassing but no real threat as they have to credibility.
  • Reply 3 of 10
    DAalsethDAalseth Posts: 2,566member
    I was taught that you did the right thing because it was the right thing. Turning leakers and people who sell stolen Apple property was the right thing. Compensation would be an enticement for someone who didn’t have the strength of character to just do the right thing. Now he’s whining that Apple didn’t pay him enough to do what he should have wanted to do for free. Well boo ho. Go take an ethics course.  
    geekmeepulseimagesmagman1979radarthekatroundaboutnowronnaderutterwatto_cobrajony0
  • Reply 4 of 10
    lkrupplkrupp Posts: 10,323member
    If you lay down with dogs…
    rcfamagman1979radarthekatwatto_cobrajony0
  • Reply 5 of 10
    sflocalsflocal Posts: 6,017member
    This guy really comes across as whining.  I have zero sympathy for him.  Playing victim?  jeez.
    magman1979radarthekatwatto_cobrajony0
  • Reply 6 of 10
    jdwjdw Posts: 1,159member
    "Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
    "'Now it feels like I ruined someone for no good reason, really,' Shumeyko told Motherboard in reference to the Apple employee."

    Or to say the same horrible thing another way...

    "It would have been good to ruin someone, had I gotten paid for it."

    Holy cow!  How you feel about others depends on whether you got paid to nail them?

    Hiring amoral "will do anything for cash" people like this to stop leaks and prototype sales is clearly a defense of "the ends justify the means."  But in fact, the ends do not justify the means.  Quite disappointed to hear this news.
    marklarkbadmonkwatto_cobrajony0
  • Reply 7 of 10
    lkrupplkrupp Posts: 10,323member
    jdw said:
    "Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
    "'Now it feels like I ruined someone for no good reason, really,' Shumeyko told Motherboard in reference to the Apple employee."

    Or to say the same horrible thing another way...

    "It would have been good to ruin someone, had I gotten paid for it."

    Holy cow!  How you feel about others depends on whether you got paid to nail them?

    Hiring amoral "will do anything for cash" people like this to stop leaks and prototype sales is clearly a defense of "the ends justify the means."  But in fact, the ends do not justify the means.  Quite disappointed to hear this news.
    Except Apple didn't hire him, or pay him. He came to them in hopes of getting paid.
    marklarkradarthekatroundaboutnowronnwatto_cobrajony0
  • Reply 8 of 10
    Having shot himself in the foot, he is now tying the noose around his neck prior to jumping off the gallows. He will be black listed both ways.
    radarthekatwatto_cobra
  • Reply 9 of 10
    jdwjdw Posts: 1,159member
    lkrupp said:
    jdw said:
    "Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
    "'Now it feels like I ruined someone for no good reason, really,' Shumeyko told Motherboard in reference to the Apple employee."

    Or to say the same horrible thing another way...

    "It would have been good to ruin someone, had I gotten paid for it."

    Holy cow!  How you feel about others depends on whether you got paid to nail them?

    Hiring amoral "will do anything for cash" people like this to stop leaks and prototype sales is clearly a defense of "the ends justify the means."  But in fact, the ends do not justify the means.  Quite disappointed to hear this news.
    Except Apple didn't hire him, or pay him. He came to them in hopes of getting paid.
    But the article says this: "Shumeyko first established a relationship with Apple's Global Security team."  That sentence in the article led me to believe the relationship wasn't just one sided.  The article later says this: "The leaker apologized almost immediately to Apple Global Security, who told him that he should consult the team before publishing anything else." So if the relationship was only 1-sided, why apologize to Apple?  And why would Apple Global Security tell him to "consult the team before publishing anything else"?  Was the relationship really 1-sided?

    Clearly this guy is in the wrong for reasons I've already stated, but the extend of the Apple relationship is not crystal clear.
    roundaboutnowwatto_cobrajony0
  • Reply 10 of 10
    jdw said:
    lkrupp said:
    jdw said:
    "Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
    "'Now it feels like I ruined someone for no good reason, really,' Shumeyko told Motherboard in reference to the Apple employee."

    Or to say the same horrible thing another way...

    "It would have been good to ruin someone, had I gotten paid for it."

    Holy cow!  How you feel about others depends on whether you got paid to nail them?

    Hiring amoral "will do anything for cash" people like this to stop leaks and prototype sales is clearly a defense of "the ends justify the means."  But in fact, the ends do not justify the means.  Quite disappointed to hear this news.
    Except Apple didn't hire him, or pay him. He came to them in hopes of getting paid.
    But the article says this: "Shumeyko first established a relationship with Apple's Global Security team."  That sentence in the article led me to believe the relationship wasn't just one sided.  The article later says this: "The leaker apologized almost immediately to Apple Global Security, who told him that he should consult the team before publishing anything else." So if the relationship was only 1-sided, why apologize to Apple?  And why would Apple Global Security tell him to "consult the team before publishing anything else"?  Was the relationship really 1-sided?

    Clearly this guy is in the wrong for reasons I've already stated, but the extend of the Apple relationship is not crystal clear.
    Since this guy is the extent of the information, the extent is what this guy says is the information. Your taking a story from one individual to the next step is on you. And Your being seemingly cautiously appalled at Apple trying to gather information on their internal/classified information and IP being leaked is naive.  You should probably avoid buying from hi tech companies as they all, literally all, are going to great extents to keep their work and projects secret, security teams going to significant lengths to stop those who have come into possession of it. They all will all actively engage in this business of trying to keep their private information private. It's that whole 'stuff we are working on will be taken by competitors to try to get an advantage ergo putting us at a disadvantage' thing. 

    It looks very much like a story looking to cash in on the circuitous 'Apple in the news' graft.  Shockingly it worked again. His name is now out there, he gets time on the Apple "fan" circuit, maybe he gets column somewhere on that circuit, those looking to clutch their pearls get to cautiously clutch their pearls on a story that otherwise means nothing, and the next and even better shocking! story(graft) is coming up tomorrow or the next day. Rinse and repeat...
    ronnwatto_cobra
Sign In or Register to comment.