Printed from http://www.electronista.com

Security researcher behind Dev Center hack admits responsibility

updated 10:17 am EDT, Mon July 22, 2013

Says he reported vulnerabilities to Apple

A man named Ibrahim Balic has identified himself as the person behind a hack of the Apple Developer Center. Balic describes himself as a "security researcher," only interested in seeing "how deep" he could go rather than causing any problems. He adds that he reported 13 bugs to Apple, one of which allowed him to gain access to user information.

Details of 73 users, all of them Apple workers, were allegedly turned over to the company as an example. Thursday's Dev Center shutdown is said to have taken place just four hours later. Balic states that he wants to clear his name, and that he's worried about potential legal action.

In all, he claims to have obtained over 100,000 encrypted user details; a YouTube video shows a handful of names in email addresses. Those details, though, will supposedly be deleted.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. DiabloConQueso

    Fresh-Faced Recruit

    Joined: 06-11-08

    "...adhering to the regulations and law..."

    Whoa, there, buddy... doing pentests without explicit permission from the entity you're testing is most certainly NOT within the bounds of the law. Simply saying "I am operating within the bounds of the law" does not make it so, similar to signs that say, "Stay back 200 feet -- not responsible for broken windshields" not absolving the company of liability and responsibility for broken windshields.

    Simply posting a disclaimer does not absolve one of legal responsibility. The laws govern you absolutely, despite exclaiming that they do not.

  1. daqman

    Junior Member

    Joined: 09-15-00

    So, describing yourself as a "Security Researcher" absolves you of any responsibility or expectation that you will apply common sense? Sure he found problems but he did it in a way that disrupted a lot of people, wasted time and money and was not authorised by Apple or anyone else.

    How about we have a "murder researcher", just seeing how deep he can push the knife before someone croaks?

  1. coffeetime

    Mac Enthusiast

    Joined: 11-15-06

    How about someone did a home invasion on his property just to see how deep it can harm? Just making sure you put a sign up saying "I did it and not responsible for any damage". Typical hacker's ego that takes over their moral sense.

  1. Makosuke

    Forum Regular

    Joined: 08-06-01

    Assuming the guy is genuinely white-hat and is being entirely truthful about what he did (a lot of places have been reporting an unusual number of attempted password resets on accounts used on dev center, but that could theoretically be coincidence), then that in no way makes it legal, but this isn't out of line with how security researchers usually operate. And in any case--again, assuming it's true--Apple should be thankful that somebody non-malicious found the holes for them. It might explain why they didn't immediately say something.

    Apple's response, however, was correct, in any case--you might chose not to pursue a legal attack against a hacker if you decide that they were white-hat and helping you find and fix a hole, but it is still the right thing to do to treat it as a regular breach in which user data may have been compromised.

    He said he only sent data on Apple employees to them, which might explain why they said they didn't know if user data had been accessed or not, but it could have been.

  1. Sebastien

    Registered User

    Joined: 04-29-00

    Originally Posted by DiabloConQuesoView Post

    "...adhering to the regulations and law..."

    Whoa, there, buddy... doing pentests without explicit permission from the entity you're testing is most certainly NOT within the bounds of the law. Simply saying "I am operating within the bounds of the law" does not make it so, similar to signs that say, "Stay back 200 feet -- not responsible for broken windshields" not absolving the company of liability and responsibility for broken windshields.

    Simply posting a disclaimer does not absolve one of legal responsibility. The laws govern you absolutely, despite exclaiming that they do not.



    Agreed - he sounds like the Gizmodo guy trying to 'pretend' he didn't know the phone he "bought" was a iPhone 4 prototype and that he didn't "ransom" it to Apple. Totally blameless!

  1. Sebastien

    Registered User

    Joined: 04-29-00

    Originally Posted by MakosukeView Post

    Assuming the guy is genuinely white-hat and is being entirely truthful about what he did (a lot of places have been reporting an unusual number of attempted password resets on accounts used on dev center, but that could theoretically be coincidence), then that in no way makes it legal, but this isn't out of line with how security researchers usually operate.

    Real researchers do it in a 'closed' environment: against their own servers running the same software, or on their own user accounts with the cooperation of the entity they're testing against.

    This guy was doing this on his own.

    The DA's should go all Aaron Swartz on him.

  1. apostle

    Junior Member

    Joined: 04-16-08

    Isn't that the guy who played "Malvin" in the movie "War Games"?

    http://www.youtube.com/watch?v=GfJJk7i0NTk&feature=youtube_gdata_player

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

GX Gaming DeathTaker mouse

Gaming is a serious endeavor for many people, driving them to look for the best performance in their system and interface devices. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News