Security researchers beware: you may think you’re doing some company a favor by poking holes in their digital infrastructure, but the company is no way obliged to share that viewpoint.
Turkish researcher Ibrahim Baliç has come forward to take credit for the recent hacking of (or attack on) the Apple Developer Center—a branch of Apple’s website that provides information and software for coders who build apps for iPhone, iPad, and Mac. The security breach caused Apple to shut the center down, and keep it down for 3 days before explaining to developers what had happened.
Baliç at first maintained that his intentions were purely altruistic: He was trying to track down bugs to report to Apple. “My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it,” he told the Guardian.
thank you for all crtiques and supports hope everyone understood my intention and that this event will be over without anydamage 2 anyone :(
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
The real trouble appears to stem from a video Baliç posted to YouTube, since set to private, that demonstrated the flaws in the Apple Dev system and its vulnerability to an outside attack. Baliç claimed that the system was leaking user information.
the video is now removed from youtube, i appoligise for sharing some of the confidential information, i had to, to proof the blames wrong
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
Apple, meanwhile, saw the breach as a leak in its own right, stating that “an intruder attempted to secure personal information of our registered developers… [and] we have not been able to rule out the possibility that some developers’ names, mailing addresses and/or email addresses may have been accessed.”
The company further pledged to overhaul its databases, server software and developer systems. So: Mission accomplished?
Photo via Apple.com