> The teen – who is said to be well-known in the hacking community – used VPNs and other tools to try to avoid being traced, but Apple’s systems logged the serial numbers of the MacBooks used to carry out the attacks.
How could Apple have managed to log the serial numbers?
I expect they correlated logs from several sources, maybe the guy connected via ssh to Apple's servers at the same time his mac accessed software update or something. If he sent all traffic down the VPN it'd show the same IP address at Apple.
Bear in mind this is filtered through a prosecutor, so is likely highly garbled:
>"A mobile phone and hard drive were also seized and the IP address ... matched the intrusions into the organisation."
This is clearly nonsense, the IP address as Apple saw it isn't likely to be anything recoverable from the devices - even if they logged past IPs, they are likely NATed.
My guess is the attack involved SSH (the article mentions "authorized keys") and Apple logged the SSH fingerprint of the accessing computer.
12 comments
[ 2.5 ms ] story [ 42.9 ms ] threadHow could Apple have managed to log the serial numbers?
>"A mobile phone and hard drive were also seized and the IP address ... matched the intrusions into the organisation."
This is clearly nonsense, the IP address as Apple saw it isn't likely to be anything recoverable from the devices - even if they logged past IPs, they are likely NATed.
My guess is the attack involved SSH (the article mentions "authorized keys") and Apple logged the SSH fingerprint of the accessing computer.
> Authorised keys grant log-in access to users and are said to be extremely secure.
> The Crown prosecutor also acknowledged that Apple was “very sensitive about publicity”.
More sensitive about publicity than about security, apparently.
https://www.theage.com.au/national/victoria/melbourne-teen-h...