Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday August 20 2018, @02:02AM   Printer-friendly
from the hacky-sack dept.

Apple files stored by teen in 'hacky hack hack' folder

A teenage boy from Australia has pleaded guilty to hacking into Apple's network and downloading internal files, according to reports. The 16-year-old accessed 90 gigabytes worth of files, breaking into the system many times over the course of a year from his suburban home in Melbourne, reports The Age newspaper.

It says he stored the documents in a folder called 'hacky hack hack'.

Apple insists that no customer data was compromised. But The Age reports that the boy had accessed customer accounts.

In a statement to the BBC, Apple said: "We vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats. In this case, our teams discovered the unauthorised access, contained it, and reported the incident to law enforcement. We regard the data security of our users as one of our greatest responsibilities and want to assure our customers that at no point during this incident was their personal data compromised."

Also at Reuters.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Insightful) by Anonymous Coward on Monday August 20 2018, @02:23AM (13 children)

    by Anonymous Coward on Monday August 20 2018, @02:23AM (#723588)

    "We vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats"

    It took your dedicated team of security professionals a year to notice that a 16 year old was hacking into your systems? If this team of professionals was any good this 16 year old would have never been able to break in in the first place. You should fire your team of professionals and hire this 16 year old instead.

    • (Score: 1) by Ethanol-fueled on Monday August 20 2018, @02:33AM (2 children)

      by Ethanol-fueled (2792) on Monday August 20 2018, @02:33AM (#723594) Homepage

      Fucking Crutchy did it. I knew it would take nothing less than a simple Australian shitposter like him to exfiltrate the dirtiest secrets of corporate America.

    • (Score: 2) by PartTimeZombie on Monday August 20 2018, @02:55AM

      by PartTimeZombie (4827) on Monday August 20 2018, @02:55AM (#723602)

      ...The Age reports that the boy had accessed customer accounts.

      It's hard to know what really happened here then.

      On the one hand Apple says no customer data was compromised and we know what a pack of lying bastards they are, but then it's a Fairfax rag saying customer data was compromised, so who knows what really happened.

      Anyone got a copy of hacky hack hack I can look at?

    • (Score: 5, Interesting) by bzipitidoo on Monday August 20 2018, @03:10AM (5 children)

      by bzipitidoo (4388) on Monday August 20 2018, @03:10AM (#723607) Journal

      Yeah, this. If a 16 year old script kiddie can break in, your protection was nonexistent. That's the way it was with that idiotic Content Scrambling System DRM the MAFIAA put on DVDs.

      I suggest law enforcement tell Apple to use some real security, not come whining to the law when they commit an epic fail like this and a 16 year old kid embarrasses them.

      > raid on the boy's home revealed two laptops with serial numbers matching those of devices which had accessed the system

      Sigh. Instead, the law goes ape over "ZOMG haxxors!!!" A raid, for this? Really? No, it's much too late to stop all that data from being compromised. One day is too late, and this kid has been hacking in for a year. A raid will not help protect a damn thing. At this point, the raid is pure terrorism, to scare other script kiddies, and security theater.0 Apple must assume the worst and get to work asking everyone to change passwords and so forth.

      Notice also the use of "serial numbers". Apple was compromised, but still managed to access and log the unique serial numbers of the devices the kid used. How'd they do that? Tracking must be ubiquitous and routine. I find that the most troubling thing about this incident. Need any more evidence that our hardware is treacherous, indeed, can't really be considered ours?

      • (Score: 2) by RS3 on Monday August 20 2018, @03:25AM (2 children)

        by RS3 (6367) on Monday August 20 2018, @03:25AM (#723609)

        "Serial numbers" probably refers to MAC addresses.

        I like how he got 90 GB before their crack team stopped him.

        Get it, "crack team"? Sorry. I'll stop now.

        • (Score: 0) by Anonymous Coward on Monday August 20 2018, @05:21AM (1 child)

          by Anonymous Coward on Monday August 20 2018, @05:21AM (#723628)

          1. No, MAC addresses would only have been visible to his local network. (Unless Apple hacked his local network.)
          2. No, MAC addresses aren't serials. They're related in that one MAC should in theory correspond to one piece of hardware.

          • (Score: 3, Informative) by Runaway1956 on Monday August 20 2018, @06:51AM

            by Runaway1956 (2926) Subscriber Badge on Monday August 20 2018, @06:51AM (#723654) Journal

            Except - I can spoof MAC addresses all day long. I'm even offered the option of spoofing my MAC address on the factory default settings page of my router.

      • (Score: 3, Interesting) by LoRdTAW on Monday August 20 2018, @02:27PM (1 child)

        by LoRdTAW (3755) on Monday August 20 2018, @02:27PM (#723768) Journal

        Notice also the use of "serial numbers". Apple was compromised, but still managed to access and log the unique serial numbers of the devices the kid used. How'd they do that? Tracking must be ubiquitous and routine. I find that the most troubling thing about this incident. Need any more evidence that our hardware is treacherous, indeed, can't really be considered ours?

        I'm calling bullshit on this one. Either law enforcement is making it up, misreported it or the news agency misunderstood or erroneous reported it. If it was in fact made up by law enforcement, it could be a cheap cover story for any illegal wiretapping they used to obtain the kids whereabouts. It's probably the easiest story for joe and jane six pack to digest as it sounds like the kid left fingerprints at the scene of the crime; Case closed. Be we know it's pure bullshit.

        But occams razor might also say that the kid did nothing to cover his tracks and ip's were logged. That was misunderstood and reported as serial numbers. Very plausible too.

        • (Score: 2) by bzipitidoo on Tuesday August 21 2018, @01:08PM

          by bzipitidoo (4388) on Tuesday August 21 2018, @01:08PM (#724145) Journal

          True, the story doesn't really say what they mean by serial #'s. They could mean IP addresses, MAC addresses (but MAC is strictly LAN isn't it? WANs aren't Ethernet and don't use MACs, and further, the kid might have been behind a NAT), browser fingerprints, or as you say, have no idea themselves what they are reporting.

          I took it to mean a CPU serial number of the sort that Intel started adding to their CPUs beginning with the Pentium III circa 2000. There was a big ruckus at the time, and Intel backed down, a little, but I would not be at all surprised if they quietly reactivated serial numbers a few years later.

    • (Score: 4, Touché) by darkfeline on Monday August 20 2018, @03:29AM (2 children)

      by darkfeline (1030) on Monday August 20 2018, @03:29AM (#723610) Homepage

      Apple professionals are just like Apple products. Form over function.

      --
      Join the SDF Public Access UNIX System today!
      • (Score: 3, Funny) by MostCynical on Monday August 20 2018, @03:37AM (1 child)

        by MostCynical (2589) on Monday August 20 2018, @03:37AM (#723613) Journal

        ... but they are so well dressed.

        --
        "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
        • (Score: 2) by Fluffeh on Monday August 20 2018, @03:46AM

          by Fluffeh (954) Subscriber Badge on Monday August 20 2018, @03:46AM (#723615) Journal

          I call "Tactleneck" for these admins and nothing less.

  • (Score: 0) by Anonymous Coward on Monday August 20 2018, @05:18PM

    by Anonymous Coward on Monday August 20 2018, @05:18PM (#723830)

    AAANNDDDD ... like always, the wrong side gets punished.
    let's reverse the situation:
    a 16-year old secured apple infrastructure and a dedicated team of professionals broke in and downloaded some data.

    the 16-year old would walk away, no problem.
    "why?", you may ask... the answer is simple: the 16-year old WORKS for apple and is PAID thus making him IMMUNE to any fault.

  • (Score: 0) by Anonymous Coward on Monday August 20 2018, @10:27PM

    by Anonymous Coward on Monday August 20 2018, @10:27PM (#723951)

    Excuse me while I go review those photos again... ooh, skanky!

  • (Score: 0) by Anonymous Coward on Tuesday August 21 2018, @03:42PM

    by Anonymous Coward on Tuesday August 21 2018, @03:42PM (#724225)

    BS. Wait. No. He could be using DSL.

(1)