Apple site hack done "in the name of research", complete overhaul inbound

It's OK though, the site was hacked "in the name of research".

As reported yesterday, Apple’s developers website went down on Thursday of last week and after a few days the company finally admitted on Tuesday there was a breach in their security. As of writing the developers area of the site is still down for maintenance.

Now, ibrahim BALİÇ, a security researcher based in London has stepped forward and claimed responsibility for the breach, saying it was done "in the name of research" and not with any malicious intent.

BALİÇ later posted another tweet adding ""I am not a hacker, I do security research."

The tweets certainly grabbed Apple's attention, because they have now contacted him about the vulnerabilities he found. "We're completely overhauling our developer systems, updating our server software, and rebuilding our entire database," Apple said in an email. "We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

This does raise the question about the ethics of such "research" practices. If you broke into a bank or business to expose the weakness of their security, it would almost certainly be considered a criminal offence and the authorities would be involved.

However, one has to ask if companies are still taking security too lightly, only acting upon such vulnerabilities when the breach has already taken place, or if the "researchers" could do better assisting companies rather than intentionally disrupting services.

Update: The Developer Center is for the most part still down, you can track the status of the site here.

Source: MaximumPC

Report a problem with article
Previous Story

Intel's fanless and energy efficient Haswell chip coming later this year

Next Story

Study: Facebook is depressing but Instagram maybe even more so

23 Comments

View more comments

They hire people to do this as well.
Personally nothing would get your attention about something as important as security if your not in the know about it. The place seem to clearly want to co-operate wit them,, and the company can take extra measures to ensure they are telling the truth.
LOGS, the power of LOGs!

Well yes, the current version has a bug that randomly calls random number, that don't appear on you call history, even when the phone app is not running; there have been many reports or random calls to international numbers!

How is this different from the Google "security researcher" publishing Microsoft's 0-day exploits...except it's Apple that's been compromised...get over it, or get even, applying same standards.

The difference is this person didn't act like a massive child and said "fix it or I will publish to everyone", he just simply said "Okay, I did it, I've let Apple know how I did it"

Difference might be Microsoft doesn't try to hide it for four days putting people at risk. Just because one person reports the problem doesn't mean others haven't already exploited it.

Yeah, sorry not buying it.

An whitehat forced Apple to do an complete overhaul of their systems? Rebuilding the database and so forth? The only actual "evidence" we have for that is the guy saying it, nothing more.

It's hard to believe he's the guy who forced the company to go to the mattresses and put Dev Center on lockdown. The severity of that response - one that is still ongoing - suggests more sophisticated attackers.

Even more he comes out with this 4 days later? A day after Apple actually admits it was attacked? Meh.

alwaysonacoffebreak said,
Yeah, sorry not buying it.

An whitehat forced Apple to do an complete overhaul of their systems? Rebuilding the database and so forth? The only actual "evidence" we have for that is the guy saying it, nothing more.

It's hard to believe he's the guy who forced the company to go to the mattresses and put Dev Center on lockdown. The severity of that response - one that is still ongoing - suggests more sophisticated attackers.

Even more he comes out with this 4 days later? A day after Apple actually admits it was attacked? Meh.

the guy actually uploaded a video to youtube a few days ago which proves it was him: http://www.youtube.com/watch?v=zVzTjTplLr0

The reason why apple has taken down their site and changing their database is that the researcher believes that he could have accessed all the iphone/ipad device id's by connecting to the database in a way that apple hadn't intended. Watch this interview with him: http://video.ntvmsnbc.com/appl...i-ntvmsnbcye-konustu-2.html

click the top button the video which i think means "agree" or "accept" which will allow the video to play.

Edited by torrentthief, Jul 24 2013, 9:12am :

torrentthief said,

the guy actually uploaded a video to youtube a few days ago which proves it was him: http://www.youtube.com/watch?v=zVzTjTplLr0

The reason why apple has taken down their site and changing their database is that the researcher believes that he could have accessed all the iphone/ipad device id's by connecting to the database in a way that apple hadn't intended. Watch this interview with him: http://video.ntvmsnbc.com/appl...i-ntvmsnbcye-konustu-2.html

click the top button the video which i think means "agree" or "accept" which will allow the video to play.


Nothing loads on the msnbc pages here for me.
And just because the guy claims to be a white hat means nothing, if you don't have a contract with the company to run your test (and you can bet they have clauses in it about NOT breaking their entire system, usually setting up a second system for you and you only) you are breaking the law.

he admitted he found 13 bugs and called Apple, after that they lockdown the site; he claimed that intime, not 4 days latter. He's ****ed because Apple instead of working out with him they panicked and claimed they were attacked.

WP Flare Themes said,
"you are breaking the law"

What law? US law? He's turkish citizen... Do you have knowledge about turkish laws? I doubt...

he is located in london.

They didn't just come out with this on Tuesday.... we've known since last weekend they were "attacked". Developers have been getting the same e-mail on repeat every few days since then.

What I love is how everyone here and on other forums thinks that Apple is doing a cya and trying to just cover this up. By law, Apple has to publicly state their systems were compromised and potentially open to outside hacks. The reason for this is they have contracts with government/financial/health care organizations. Their software and hardware are also used in those sectors. Because of SOX and HIPAA, they are bound by those laws to report any compromised systems.

banks hire people to "break in" to find security holes, software companies do also... problem is when you go rogue you run into legal issues.... this guy is a good example of going rogue...

Commenting is disabled on this article.