Australian Hacker Charged For Unauthorised Data Access For Sharing Confidential Apple Employee Information Through Twitter

Not only that looters are stealing iPhones and Macs from Apple Stores and resellers during the times of protests against the death of George Floyd, but there were also recent breaches of hackers and exploiters looting out confidential data from Apple internal databases. A hacker in Australia recently got caught by police for accessing confidential information of Apple employees and sharing it through Twitter. The hacker, named Abe Crannaford, pleaded guilty to sharing sensitive information of Apple employees through Twitter and avoided a jail sentence.

Crannaford’s attorney argues that he offered a bug bounty for other exploiters to find weaknesses in Apple software, which the Cupertino company requires the hackers to investigate their products to find weaknesses in their software and services. The magistrate in Crannaford’s case did not accept the attorney’s claim in its entirety.

The defendant, Ines Chiumento, says that “Apple does promote in some sense the ability to delve into a computer and find a bug or a glitch – and then knowing about it helps the company improve its product... With that ability being treasured and sought out, it’s difficult to send a message to young people [about the illegality and punitive measures] if the companies don’t send the same message.” Chiumento believes Apple’s bug bounty program is meant to help improve their products and software other than improving the privacy of its products.

All people who are in the Apple Bug Bounty program and report bugs to Apple can receive cash rewards up to $1 million. But in Crannaford’s case, he is supposed to let Apple be aware of the flaw’s weaknesses and not share the information with the public. On the other hand, Crannaford’s bug bounty did not reach $1 million when he was investigating through the flaw.

His magistrate insisted that he had no intention of sharing the internal information with the public and he made the employees concerned about their own privacy of their confidential information.

“I can believe you may have been enticed” by a bug bounty. But this changed later on. It may well be that there were no sinister intentions [with the illegal access of data]. But the bottom line is you knew it was wrong … What you did strikes at the heart of modern society – people rightly worry about their privacy.”

The data was hacked in mid-2017 to early 2018, with the confidential information being released on Twitter, alongside the details of Apple firmware that he hacked on code repository GitHub. Crannaford attended the court trial on June 3rd, 2 days ago. His last court appearance 3 months before the latest trial indicates that he pleaded guilty to two charges of illegal access and modification of restricted data obtained from Apple’s firmware. Crannaford’s has already done his 2-year sentence in prison, with a fine of $10,000 Australian dollars per charge.