Printed from http://www.electronista.com

Security researcher behind Dev Center hack admits responsibility

updated 10:17 am EDT, Mon July 22, 2013

Says he reported vulnerabilities to Apple

A man named Ibrahim Balic has identified himself as the person behind a hack of the Apple Developer Center. Balic describes himself as a "security researcher," only interested in seeing "how deep" he could go rather than causing any problems. He adds that he reported 13 bugs to Apple, one of which allowed him to gain access to user information.

Details of 73 users, all of them Apple workers, were allegedly turned over to the company as an example. Thursday's Dev Center shutdown is said to have taken place just four hours later. Balic states that he wants to clear his name, and that he's worried about potential legal action.

In all, he claims to have obtained over 100,000 encrypted user details; a YouTube video shows a handful of names in email addresses. Those details, though, will supposedly be deleted.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. DiabloConQueso

    Fresh-Faced Recruit

    Joined: 06-11-08

    "...adhering to the regulations and law..."

    Whoa, there, buddy... doing pentests without explicit permission from the entity you're testing is most certainly NOT within the bounds of the law. Simply saying "I am operating within the bounds of the law" does not make it so, similar to signs that say, "Stay back 200 feet -- not responsible for broken windshields" not absolving the company of liability and responsibility for broken windshields.

    Simply posting a disclaimer does not absolve one of legal responsibility. The laws govern you absolutely, despite exclaiming that they do not.

  1. daqman

    Junior Member

    Joined: 09-15-00

    So, describing yourself as a "Security Researcher" absolves you of any responsibility or expectation that you will apply common sense? Sure he found problems but he did it in a way that disrupted a lot of people, wasted time and money and was not authorised by Apple or anyone else.

    How about we have a "murder researcher", just seeing how deep he can push the knife before someone croaks?

  1. coffeetime

    Mac Enthusiast

    Joined: 11-15-06

    How about someone did a home invasion on his property just to see how deep it can harm? Just making sure you put a sign up saying "I did it and not responsible for any damage". Typical hacker's ego that takes over their moral sense.

  1. Makosuke

    Forum Regular

    Joined: 08-06-01

    Assuming the guy is genuinely white-hat and is being entirely truthful about what he did (a lot of places have been reporting an unusual number of attempted password resets on accounts used on dev center, but that could theoretically be coincidence), then that in no way makes it legal, but this isn't out of line with how security researchers usually operate. And in any case--again, assuming it's true--Apple should be thankful that somebody non-malicious found the holes for them. It might explain why they didn't immediately say something.

    Apple's response, however, was correct, in any case--you might chose not to pursue a legal attack against a hacker if you decide that they were white-hat and helping you find and fix a hole, but it is still the right thing to do to treat it as a regular breach in which user data may have been compromised.

    He said he only sent data on Apple employees to them, which might explain why they said they didn't know if user data had been accessed or not, but it could have been.

  1. Sebastien

    Registered User

    Joined: 04-29-00

    Originally Posted by DiabloConQuesoView Post

    "...adhering to the regulations and law..."

    Whoa, there, buddy... doing pentests without explicit permission from the entity you're testing is most certainly NOT within the bounds of the law. Simply saying "I am operating within the bounds of the law" does not make it so, similar to signs that say, "Stay back 200 feet -- not responsible for broken windshields" not absolving the company of liability and responsibility for broken windshields.

    Simply posting a disclaimer does not absolve one of legal responsibility. The laws govern you absolutely, despite exclaiming that they do not.



    Agreed - he sounds like the Gizmodo guy trying to 'pretend' he didn't know the phone he "bought" was a iPhone 4 prototype and that he didn't "ransom" it to Apple. Totally blameless!

  1. Sebastien

    Registered User

    Joined: 04-29-00

    Originally Posted by MakosukeView Post

    Assuming the guy is genuinely white-hat and is being entirely truthful about what he did (a lot of places have been reporting an unusual number of attempted password resets on accounts used on dev center, but that could theoretically be coincidence), then that in no way makes it legal, but this isn't out of line with how security researchers usually operate.

    Real researchers do it in a 'closed' environment: against their own servers running the same software, or on their own user accounts with the cooperation of the entity they're testing against.

    This guy was doing this on his own.

    The DA's should go all Aaron Swartz on him.

  1. apostle

    Junior Member

    Joined: 04-16-08

    Isn't that the guy who played "Malvin" in the movie "War Games"?

    http://www.youtube.com/watch?v=GfJJk7i0NTk&feature=youtube_gdata_player

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented

 
toggle

Popular News