An Australian teenager whose name has been withheld is facing serious charges by authorities over a massive data breach of Apple’s secured network.
Apple said on Friday no customer information was compromised after Australian media reported a boy, 16, from the southern city of Melbourne, hacked into the world’s most valuable company from his parent’s basement many times over the last year, The Age newspaper reported, citing statements by the teenager’s lawyer in Children’s Court. He was summoned to a Melbourne court on Thursday.
Apple contacted the Federal Bureau of Investigation which launched a major international investigation, The Age said, quoting statements made in court. The FBI then passed the case to the Australian Federal Police (AFP), where they later tracked down the teen and found software that had enabled the hacking.
The AFP raided the teen’s family home in Melbourne and seized two laptops, a mobile phone, and a hard drive. Court documents said the teenage hacker stored 90 gigabytes of Apple secured files and customer accounts in a folder titled “hacky hack hack,” the newspaper said. Authorities also said he readily spoke about his illegal activities on Facebook-owned instant messenger WhatsApp.
Here is what the court heard:
“Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” a prosecutor said.
“A mobile phone and hard drive were also seized and the IP address … matched the intrusions into the organization.
“The purpose was to connect remotely to the company’s internal systems.”
The teen’s lawyer told the courtroom his client had become so popular in the international hacking community that even mentioning the case in detail could expose him and his family to unwanted risk.
Crown Prosecutors also acknowledged that Apple was “very sensitive about publicity,” as it seems the story has not been widely reported.
An Apple spokesman said this in a statement to Guardian Australia:
“At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats,” said the spokesman.
“In this case, our teams discovered the unauthorized access, contained it, and reported the incident to law enforcement. We regard the data security of our users as one of our greatest responsibilities and want to assure our customers that at no point during this incident was their personal data compromised.”
Dr. Suelette Dreyfus, a privacy expert from the University of Melbourne’s school of computing and information systems, urged against jailtime. “I have researched a number of teen hacker cases internationally,” Dreyfus told Guardian Australia.
“Almost all these teens grew out of the technology boundary-pushing of their youth, and then went on to live useful lives and contributing to society. Putting them in prison is often a waste of that potential. “Young people often make mistakes when they are exploring and rule-breaking especially online – including boasting about their exploits. It’s not right, but for tech teens, it can be a part of growing up … there’s usually a really worried teen and family at the end of this sort of court case.”
Both AFP and Melbourne court declined to comment on the matter when asked by Guardian Australia. Reports indicate the teenager would be sentenced next month on September 20.
So we ask a difficult question: How the hell did a teenager hack the world’s most valuable company and steal customer data? Apple has a lot of explaining to do...