12 comments

[ 2.5 ms ] story [ 42.9 ms ] thread
> The teen – who is said to be well-known in the hacking community – used VPNs and other tools to try to avoid being traced, but Apple’s systems logged the serial numbers of the MacBooks used to carry out the attacks.

How could Apple have managed to log the serial numbers?

Yeah this article is kind of light on technical details. I’d love to see an in depth postmortem and see what Apple’s mitigation plan is.
Sounds like Apple programs macbooks to phone home with serial numbers?
Probably didn't help to hack the company that makes the laptop he was using to hack.
I expect they correlated logs from several sources, maybe the guy connected via ssh to Apple's servers at the same time his mac accessed software update or something. If he sent all traffic down the VPN it'd show the same IP address at Apple.
Bear in mind this is filtered through a prosecutor, so is likely highly garbled:

>"A mobile phone and hard drive were also seized and the IP address ... matched the intrusions into the organisation."

This is clearly nonsense, the IP address as Apple saw it isn't likely to be anything recoverable from the devices - even if they logged past IPs, they are likely NATed.

My guess is the attack involved SSH (the article mentions "authorized keys") and Apple logged the SSH fingerprint of the accessing computer.

Just imagine how a trillion $ company gets hacked by a teenager.
And then doesn't disclose the breach to its customers.
What breach? Kid could have downloaded 90 gigs of encrypted data he couldn’t decrypt.
> Further analysis found that the schoolboy successfully accessed “authorised keys” as part of his offending.

> Authorised keys grant log-in access to users and are said to be extremely secure.

> The Crown prosecutor also acknowledged that Apple was “very sensitive about publicity”.

More sensitive about publicity than about security, apparently.