Australian schoolboy hacks into Apple’s network, steals files

Apple_HackedOz-623x432.jpg

His lawyer claims that the teen did the hacking because he admired Apple and dreamed of landing a job in the company.

A 16-year-old Australian teenager has broken into Apple’s internal systems multiple times, making off with 90GB of “secure files” and accessing customer accounts in the process, according to The Age, which cited court proceedings.

Over the course of no less than a year, the Melbourne-based student infiltrated Apple’s systems and retrieved highly secure “authorized keys” for logging into customer accounts, and went on to brag about his shenanigans on WhatsApp.

According to his defense lawyer, the schoolboy made a name for himself in the “international hacking community” to the point that even mentioning the case in detail could put his client at risk.

The teenager – whose name could not be made public given his age – pleaded guilty to the criminal charges at a hearing at the Children’s Court in Australia on Thursday. Sentencing isn’t due until September 20.

As is apparent from the scarce details that are available, the teen relied on virtual private networks (VPNs) and other tools to avoid being traced, but, ultimately, to no avail.

Once the tech giant caught wind of the intrusions, it blocked his access and contacted the US Federal Bureau of Investigation (FBI), which, in turn, referred the issue to the Australian Federal Police (AFP). A raid on his family home followed, uncovering a host of files and “instructions” in a computer folder that the teen had called “hacky hack hack”.

“Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” according to the prosecutor. Also confiscated were a mobile phone and a hard drive.

On the other hand, it’s not entirely clear exactly what kind of data the teenager lifted, how it all happened or, indeed, why it took a year to detect and stop the break-ins.

Meanwhile, Apple, as quoted by Reuters, is adamant that the intrusions didn’t compromise any personally identifiable information (PII) of its customers. “We … want to assure our customers that at no point during this incident was their personal data compromised,” a spokesperson said.

written by Tomas Foltyn, ESET We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s