A 16-year-old student attending a private school in Melbourne, Australia, broke into Apple’s network multiple times and downloaded 90GB of “secure” data for an entire year. He hacked into Apple’s network from his suburban home using tools and instructions stored on his PC in a folder named “hacky hack hack.”
According to a report by The Age newspaper stemming from Thursday’s court hearing, the student accessed Apple customer accounts as well. But Apple stated in an email to The Guardian that the student did not “compromise” personal data.
“We regard the data security of our users as one of our greatest responsibilities and want to assure our customers that at no point during this incident was their personal data compromised,” a company spokesperson said.
So how did this teen infiltrate Apple’s networks for an entire year without getting caught? The details are scarce for obvious reasons, but reports mention the student using virtual private networking (VPN) tools.
If you’re not familiar with VPNs, they essentially create a secure “tunnel” across the internet, mimicking the connection of a local private network. Corporations typically use VPNs to connect to a central network from remote locations, as VPNs encrypt all transferred data and are typically impenetrable by eavesdropping hackers.
VPNs can be used for personal use as well. They not only hide your true IP address but enable you to choose a specific country where your fake IP address originates. This allows you to access content not available in your region and bypass blocked websites. In this case, the student supposedly used VPN tools to hide his identity, IP address, and physical location.
Throughout the year, he accessed Apple’s internal systems and retrieved highly secure “authorized keys” for logging into customer accounts, relaying his successes through Whatsapp. His Apple-slicing feats supposedly made him well-known in the international hacking community to the point that the details of the case must be refrained. Apple even admitted it was “very sensitive about publicity.”
Once Apple eventually figured out what was going on, the company blocked his access and informed the FBI. Due to the student’s physical location, the FBI informed the Australian Federal Police (AFP), which executed a search warrant in 2017.
“At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats,” the company said in its email to The Guardian. “In this case, our teams discovered the unauthorized access, contained it, and reported the incident to law enforcement.”
According to the prosecutor, officials raided the home and seized two Apple laptops that contained the logged serial numbers used to access Apple’s internal systems and customer accounts. They also confiscated a hard drive and a mobile phone.
A possible scenario is that Apple paired the logged serial numbers to the ones listed on the student’s legitimate Apple account and then notified the FBI with its allegations. What’s strange about this case is that the student supposedly hacked into Apple because he was a huge “fan” of the company. He even admitted to the police that working for Apple was his “dream job.”
That said, sneaking into a company’s network, downloading sensitive data, and accessing customer accounts is not a good way to impress a potential boss. The Children’s Court listened to his case on Thursday, August 16, as the student pleaded guilty to the criminal charges. Due to the “complexity” of the case, sentencing won’t take place until next month.
