Melbourne Teen Hacked Into Apple's Secure Computer Network, Court Told

A Melbourne private schoolboy who repeatedly broke into Apple's secure computer systems is facing criminal charges after the technology giant called in the FBI. From a report: The teen, who cannot be named for legal reasons, broke into Apple's mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer. The Children's Court heard on Thursday that he had downloaded 90GB of secure files and accessed customer accounts. His offending from the age of 16 saw him develop computerized tunnels and online bypassing systems to hide his identity until a raid on his family home uncovered a litany of hacking files and instructions all saved in a folder titled "hacky hack hack."

Not "Hacky McHackface?"

lame

Re: Not "Hacky McHackface?"

[johnsnails]

A fellow Aussie I see.

Re:Not "Hacky McHackface?"

[K.+S.+Kyosuke]

That would make him British, wouldn't it?

Hacky hack hack

[hollowpnt]

"hacky hack hack" watch out for this kid, he means business

Re:Hacky hack hack

[ir0nHat]

"Hacky McHackface" could have been his cybername.

Re:Hacky hack hack

[TechyImmigrant]

Hackity Hack. Don't talk back.

Re:Hacky hack hack

Or his boat name! in case anyone missed it: https://en.wikipedia.org/wiki/Boaty_McBoatface

Re:Hacky hack hack

"McHakin"

Re: Hacky hack hack

Chimy McChimeface?

Re:Hacky hack hack

Hackity Hack, don't get caught.

And now

... going to jaily jail jail

Mainframe?

[Jaime2]

Who here believes that Apple stores its data on a mainframe?

Re:Mainframe?

[Opportunist]

Well, considering how much they generally understand of technology today...

Re:Mainframe?

Yeah, mainframe computing is so 1960s.

Thank god for cloud computing.

Re:Mainframe?

[ArchieBunker]

The mainframe business is alive and well. Read up on some of the new features of these beasts.

Re:Mainframe?

I'm not surprised some random shitbag had to speak this and it's not untrue but what fucking company keeps their source code on a mainframe that isn't meant specifically for that platform?

Re:Mainframe?

I'm not surprised some random shitbag had to speak this and it's not untrue but what fucking company keeps their source code on a mainframe that isn't meant specifically for that platform?

Lemme guess: you store your source code in some sort of "cloud" using something something called "GitHub"?

Re:Mainframe?

They store all of their "computer codes" on their "mainframes" in the cyber.

Re:Mainframe?

[ArchieBunker]

I didn't see anything about source code, they mentioned access keys. They probably used it for employee info and payroll and that kind of thing. Oddly enough IBM has been buying a lot of Apple hardware for corporate. They said yes the initial outlay was greater but the costs were saved with less support and help desk calls.

Re:Mainframe?

Its 2000 clustered IPods.

Re:Mainframe?

Until all those keyboards started failing. Since then IBM has been pretty quiet about the great value of apple.

Re:Mainframe?

[Jaime2]

I'm well aware of the existence of the Z-Series and that it runs *nix. I'm also aware that IBM has a huge open source presence and a large installed base of web applications on WebSphere. However, Apple doesn't strike me as the type of company that "buys IBM". My comment wasn't about some supposed irrelevance of mainframes, it was about the fact that Apple isn't the kind of company that would gravitate to them.

Re:Mainframe?

[DontBeAMoran]

You mean all the keyboards that Apple has to repair out of their own pocket?

I hope it teaches them a fucking lesson about screwing a perfectly good keyboard design just to shave off 1mm of the thickness of their fucking laptops.

Long live the MacBook Air!

Re: Mainframe?

You are right Apple is a technology leader. So they likely do not use a mainframe.

Re: Mainframe?

[Opportunist]

Aww, don't spoil it. At least wait 'til the first ones replied with foam coming from their mouth.

Re:Mainframe?

[hackertourist]

At one point, Apple had a line of servers that ran AIX.

Re: Mainframe?

So sending ALL of a massive company's laptops in for service won't cost them a dime.

Nor will the wiping and reimaging of said laptops cost a dime.

Nope, nothing to see here, according to you. :)

Re:Mainframe?

They probably use VDIs, so technically ....

Re: Mainframe?

[DontBeAMoran]

It will cost a lot to Apple, which is my point.

As for IBM, it will cost them time so we can only wish they'll put even more pressure on Apple about fixing this problem and maybe not letting the industrial designer in charge of fucking everything the next time around. When your engineers tell you "enough is enough" it's time to back off.

What's his fucking goal, anyway? A paper-thin laptop?

Re:Mainframe?

From their job ads, Apple IT uses SAP on Oracle data bases, running on AIX, Solaris, and Linux.

At one point in the late 1990s, they used an IBM AS/400.

Re: Mainframe?

[johnsnails]

I want to know why apple gives itself access to bulky practical devices but not its customers.

Re:Mainframe?

[baegucb]

I think I read the latest z series can run Windows. It already runs UNIX (sorta) and Linux. It'd be funny to fire up a test LPAR with windows, and run some games.

Re: Mainframe?

They use a Gibson.

Flash forward

[Lucas123]

And, this kid will be making big bucks using his skills for Apple or some other tech giant.

Re:Flash forward

[Opportunist]

Nope. Sorry to burst that bubble, but a criminal record is not a letter of recommendation.

Or, in the words of an ex-boss of mine "I don't need people with a criminal record. People who don't know how not to get caught are bad for the company reputation".

Re:Flash forward

Obviously a card carrying member of the Republican Party.

Re:Flash forward

[Kulahan]

Who pissed in your cheerios?

Re:Flash forward

I'm sure in his world his employees could all hack into Apple if they wanted to, while he pays less than 100k a year.

Re:Flash forward

[Opportunist]

Actually, he paid quite handsomely. You do want to pay the people who could easily blow up your operation without leaving a trace well so they want your operation to continue. Pure self interest.

Re:Flash forward

[Lucas123]

Never heard of Frank Abagnale, who was hired by the FBI after committing years of fraud? Loyd Blankenship, a hacker for more than a decade, who was then was hired by Steve Jackson Games in 1989 to work on GURPS Cyberpunk. Howabout Peter Hajas, a well known developer/hacker for jailbroken iOS devices, was hired by Apple in 2011?

The list goes on and on.

Re:Flash forward

Hey buddy fuck you. I hate all the same people you do plus I hate you. Go douche yourself with doughnuts until you die asshole.

Re:Flash forward

Awwww, looks like someone is really upset.

Re:Flash forward

maybe if you cleaned the sand out of your vagina, you wouldn't be such a foul cunt.

Re:Flash forward

[Opportunist]

Got anyone in the more recent past? Like, say, in the past decade or two?

Back then, three letter agencies and even companies hired criminals, until they noticed that a criminal isn't suddenly turning around just because you pay him to do so.

The first thing you get asked for in ANY IT security related job is a police record. And if there's more on it than a parking violation, don't bother to apply, you just waste your, and my, time.

Re:Flash forward

[quenda]

And, this kid will be making big bucks using his skills for Apple or some other tech giant.

Or locked in a small flat in Knightsbridge, like that other famous Melbourne schoolboy hacker, Mendax.

Re:Flash forward

I never got caught. This kid is a n00b.

Re:Flash forward

"Have you ever been arrested or convicted for any offense or crime, even though subject of a pardon, amnesty, or other similar action?"

Yes, yes he has.

Re:Flash forward

And bigot, I am republican.

The GOP and their freaky orange fuckhead are traitors.

Re:Flash forward

[skovnymfe]

Frank wasn't hired by the FBI, Frank accepted a deal to stay out of prison by being a slave for the FBI. Jailbreaking phones isn't a federal offence, and a single example from 1989 isn't going to hold up in today's environment.

Hackers used to have credibility and respect in certain circles, but no one cares about those dumb fucks anymore with their endless malware and shit. Who's seriously going to hire a malicious kiddo fuck whose only desire is to smash and break, and steal anything they can get their greasy fingers on?

Re: Flash forward

Even to companies like Greykey? I imagine, if you got the skills, you'll be hired.

aha!

[cascadingstylesheet]

until a raid on his family home uncovered a litany of hacking files and instructions all saved in a folder titled "hacky hack hack."

{cornpone down-homey voice}See, there's yer problem right there ... {/cornpone down-homey voice}

Re:aha!

[Opportunist]

Had he called it "furry porn", nobody would have dared to touch it with a ten foot pole.

Re:aha!

[sinij]

Your lack of imagination shows.

Steganographic encryption on top of Hillary email archive dump. Even if FBI suspects there is data hidden in these, nobody would want to look into it.

Re:aha!

[DontBeAMoran]

Great, now I have to search for "ten foot pole furry porn" just to see what results I'll get.

Poor kid

[SuperKendall]

I feel really sorry for young hackers like this, who are just doing the exploration for fun and not really in it for espionage or destructive motives... this is one case where I really wish Apple would have hired him to do security testing and not sent his life on a downward spiral.

Re:Poor kid

[Nutria]

A fan of Apple would have told Apple that their system is hackable.

Re:Poor kid

So where exactly are you falling on the spectrum these days?

Re:Poor kid

[SuperKendall]

So where exactly are you falling on the spectrum these days?

I'm a big fan of indigo (specifically 463nm), or infa-red (more specifically 750-800nm).

Thanks for asking!

Re:Poor kid

what are the "hack" details... some software that he installed that required otp to access system. the real hack is the getting of the otp keys which were stolen/bought from some other source.

Re:Poor kid

He showed them in ways they should have seen. if Apple wants everyone to use the GUI interface, but loses track of the CLI, then thats their problem. This kid sparkled his way into a perceived fortress. Not too shabby of an accomplishment. Soon certain packets will be made illegal?

Re:Poor kid

Please shut up.

Re:Poor kid

[GameboyRMH]

On one hand I agree with you in principle, but on the other it's probably best that somebody set this kid straight before he went too far down the wrong path. This should serve as a valuable lesson on the dangers of Apple fanboyism.

Re:Poor kid

Worse is now that the internet is serious business these things land in criminal court and all the life-ruining felony charges on top. When I was a young teen, we had AOL, and stole staff accounts, registered blocked screennames, banned others, accessed the script code it ran on under the hood then used that to index everything on the service-- staff only forms and software too.... it was childish sure, but I can't even imagine what would have happened if it was like now. Of course, their top level opssec people didn't exactly offer me a job then either; I don't think they liked me much.. especially after the whole bypassing their SecureID keychains thing. These days it seems like any one of those shenanigans would land a kid in federal PMITA prison.

Re:Poor kid

Apple (or any other company) cannot be seen to be tolerant of such behavior, whether being a super fan or not. They need to tell teh world that "if you hack, you'll get caught" message. Sounds like because he hid his trail well that they cannot do it without a raid which is unfortunate. I won't be surprise Apple may drop charges if found there's no material damage and offer him something that will look good for everyone, but not until thigns are cleared.

Re:Poor kid

[DontBeAMoran]

That was not his question, you idiot.

Me, I'm a fan of the ZX Spectrum +3 because it was the first ZX Spectrum to support 384KB of RAM and microSD cards up to 4MB.

Re:Poor kid

[DontBeAMoran]

On one hand I agree with you in principle

I know it's sad, but there's so many people using the word "principal" when they meant to use "principle" that I feel obligated to give you this virtual moderation:

+1, Proper grammar.

Re:Poor kid

[SuperKendall]

Oh! Well in that case I have to say even though they got the name wrong, I prefer the ZX Spectrum labeled the Timex Sinclair 2068 as it's the second system I learned to program on (following the ZX-81, but of course that doesn't count as it's not on the Spectrum).

Re:Poor kid

Summary:

> he had downloaded 90GB of secure files and accessed customer accounts.

You:

> just doing the exploration for fun and not really in it for espionage or destructive motives

So as long as it's "for fun", it's ok to access customer accounts? Like something containing naked pix your girlfriend sends to you?

Re:Poor kid

Poke her grandma? You sick f*k.
<puts on spectacles>
oh. sorry.

Re:Poor kid

[Stan92057]

Not me at least not until he answers for his crimes.Community service plenty good punishment for a teen. Ya hes a kid and should get a break but not having to answer for his crimes is a bad message to send.

Re: Poor kid

The ethical distinction in my mind is easy. You have to report anything you find to the company you attacked, and work with them to fix the flaws. You also have to deliberately avoid looking at anything private if you do get in. If these two things were true, I would be with you, but this guy was regularly exploiting the vulnerability with no disclosure. He doesnâ(TM)t get the ethical hacker good treatment.

Re: Poor kid

No they wouldnt.

Apl doesn't make mistakes. This was a hidden feature he was using

Re:Poor kid

[SuperKendall]

That to me is the line though, I don't feel like what the kid did was meant to harm in any way, therefore even though he broke the law, I'm not sure I see what he did ethically as a crime... or at least not on the same level as a hacker breaking (not just breaking into) systems.

If he just gets community service that seems appropriate to me also; I just fear it will be a lot worse than that for him.

Re: Poor kid

SD cards?!

Re:Poor kid

Wow, that sounds like something a school principal would do.
+1 for you too!

Re:Poor kid

Yes, proper grammar, but lazy punctuation.

It won't happen again

Hack me once, shame on you. Hack me twice... you can't get hacked again.

Re:It won't happen again

[zlives]

hehe, i miss that guy, who wudda thunk

Secure?

Hmmm, I don't that think that is the correct word their network.

Re:Secure?

apple security is just a myth apple created to scare their sheep.

Hello, Editor?

[sizzlinkitty]

Someone should proof read this article. My 5 month old great dane can write better than whoever put this dumpster fire together.

Re:Hello, Editor?

Someone should proof read this article. My 5 month old great dane can write better than whoever put this dumpster fire together.

Geez, what did that poor little pup do to you to warrant comparison to a Slashdot "editor"?

Re:Hello, Editor?

Dumpster is a brand name much like Kleenex or Xerox, so you should capitalize it. "Proofread" is one word. "Great Dane" is two capitalized words.

You should demonstrate better knowledge before pointing out the shortcomings of others... 3 mistakes in 2 sentences is atrocious.

Re:Hello, Editor?

Shouldn't you be teaching class somewhere?

Re:Hello, Editor?

A generic trademark, also known as a genericized trademark or proprietary eponym, is a trademark or brand name that, due to its popularity or significance, has become the generic name for, or synonymous with, a general class of product or service.

The aforementioned brands are considered genericized and it is no longer necessary or appropriate to capitalize them unless specifically discussing the trademarked version. Although, they may have been correct in calling it a "Dumpster(tm) fire".

Full Disclosure?

How did he access "The Mainframe"? Through unix Phishing?

Re: Full Disclosure?

He found the top few cards from the deck rumpled in a wastebasket by the card reader. The second rumpled card is the one with the password on it. A customer engineer has been called to fix the card reader.

Re:Full Disclosure?

[MassacrE]

Apple has since fixed it, but there was a little icon on their page with a 'pi' symbol on it, he must have found that and clicked on it.

Genius haxx0r

Apparantly his "tunelling" and "bypassing" sk1llz were not so l337.

I mean how did they trace him back if he used them to "hide his identity"...

Classic "journalists". The kid probably guessed an ssh account and password and logged into some BSD box and downloaded whatever the thing had access to. Next thing you know he is a spy-master adolescent genius on the verge of hacking the planet into oblivion and seven SWAT teams, backed by tanks and F16s have to neutralize the "threat" to the Free World, the Purity Of American Bodily Fluids and Holy Corporate Profits....

Stop the presses! Extra! Extra! ...
 

Re:Genius haxx0r

[zlives]

chown is a dirty word, i am just waiting till we start the war against cyber terrorism. that will go well.

Re: Genius haxx0r

[c6gunner]

I mean how did they trace him back if he used them to "hide his identity"...

By contacting the owners of the machines he was tunneling through and getting them to watch for the next time he connected. This is why you shouldn't reuse tunnels when doing this kind of thing.

Re:Genius haxx0r

They traced him through the apple spywear installed on all apple devices.

Re:Genius haxx0r

I went to the chircus to see all the chowns

Editor got hacked

Or really, editor too busy salivating over all the clicks another headline full of "hacking! hacks! hackers! wh0000!!1!" will get to pay any attention to anything else at all. Same with the apparently other completely illiterate idiots in the media that came near this "story".

Seriously a "mainframe"

[Dorianny]

If Apple is still using a "mainframe" it serves them right. LOL

Seriously thou from the sounds of it, I would wager he got into the internal network of a local Apple store

Yes, exactly...

[SuperKendall]

That's kind of what I was thinking as well, he wasn't really a HACKER hacker (despite what his folder naming would indicate). He was more just an explorer, a miner who delved too deep...

So Apple hiring him would not be so much to unveil technical secrets as more to explore what commercial/free exploits could be used to access Apple systems and then reverse engineer how those worked.

Serial Number Question

How did Apple know the serial numbers of the computers that accessed their network?

Re:Serial Number Question

apple spies on all their devices

So its not just the Russians

[rossdee]

Even the Aussies are hacking our computers - maybenow Trump will do something about it

Nice work of fiction, NAWBO

Go fuck yourself.

Hes really stupid or...?

1. The "hacky hack hack." folder was planted by the authorities.
2. The "hacky hack hack." folder was a decoy and the real files are somewhere else.

Apple has a mainframe?
Apple has secure computer networks!?

Protovision I have you now!

Mister Potatohead! Backdoors are not secrets!

I didn't know ValuHack worked on Apple PCs

[filesiteguy]

I remember it only running on my Apple IIe. Honestly surprised a kid was (a) using a Macintosh PC and (b) knew enough to tunnel into Apple's servers.

Re:We learnt after "The Fappening" it's not secure

[ledow]

iCloud is generally nothing more than AWS or Azure instances.

The Register did an article on it ages ago.

It's why Apple STILL can't give proper data protection guarantees that even Google can give you (e.g. UK DPA / GDPR).

hacky hack hack

What a great folder name. This kid is going to go far in life.

Re:We learnt after "The Fappening" it's not secure

[TheFakeTimCook]

all users' iCloud data just sits there unencrypted, ready to be filtered by personal details. Calling it secure is hilarious, and if you ever thought your stuff was secure and private with Apple, you were equally hilariously wrong.

iCloud data is end-to-end encrypted.

Now fuck off.

Stupie Stup Stupid

Everything on my computer is in VeraCrypt containers. I don't have anything to hide, but I know that if cops decide to look through my files, it is because they hope to find something, anything whereby they can build a case against me. If a cop or a judge demands my password, I will evoke the 5th. Dumb teenagers, dumb criminals!

I wonder who this mystery teen could be....

[Zaelath]

https://www.itnews.com.au/news...

Perhaps the one that was publishing iPhone leaks for months?

Nah....

Re:I wonder who this mystery teen could be....

The grandson of Julian Assange.

compromised VPNs?

apparently to learn to hack you better go to a Russian academy these days

Apple's INsecure computer systems

The title and the first paragraph are both self-contradictions. If he broke in, then the system was by definition not secure. I can't imagine what that journalist thinks the word "secure" means.

Re:Apple's INsecure computer systems

The system was "apple" secure. It a type of secure in the RDF that is not really very secure at all but apple believes it is and their cultist will argue it is the best damn secure in the whole world.

Apparently it was stored on a AS400

lol

Danger is extradition

[aberglas]

An Australian court will at most give the kid a suspended sentence. Probably not even that.

But if they get him to the USA it is a long stretch in jail and a ruined life.

So that is extradition that is the key issue here. And of course he can never visit the USA.

Re:We learnt after "The Fappening" it's not secure

and its still a insecure piece of shit.

Security matters

... saved in a folder titled "hacky hack hack."

He by-passed the security of others and failed to implement security on his own system; like an encrypted file-system.

Inconcievable!

[dromgodis]

A Melbourne private schoolboy who repeatedly broke into Apple's secure computer systems

he had downloaded 90GB of secure files

You keep using that word. I do not think it means what you think it means.

Re:We learnt after "The Fappening" it's not secure

[TheFakeTimCook]

and its still a insecure piece of shit.

Prove it.

"The Fappening" was not the result of bad security; just stupid Passwords.

https://techcrunch.com/2016/03...

But just keep on spreadin' the Hate...

Re: We learnt after "The Fappening" it's not secur

Oh, and phishing attacks do not rely on stupid passwords (they could have an 80 character password and still be phished), they rely on easily impersonating Apple and having a process that is easily hijacked.

If you saw 4chan or screenshots of trading pictures, you'd know it wasn't just that one guy doing just phishing for all of The Fappening.

Re: We learnt after "The Fappening" it's not secur

Proof that apple is just fucking terrible at writing software.
My people use their shit is beyond me.
Thank god for apple there are a lot of tech ignorant people like falsetimmycook here to spread lies about apple.