It never looks good when someone hacks a large company. But it's even worse when a teenager makes off with 90GB of ostensibly secure files from Apple, a $1 trillion tech company that prides itself on the security of its products, and that appears to be exactly what happened last year.
The Age reported that a teenager from Melbourne, the state capital of Victoria in Australia, pleaded guilty to compromising Apple's mainframe. The unnamed teenager is said to have accessed the company's servers multiple times over the course of a year, eventually stealing 90GB of "secure files" whose contents are currently unknown. He's also said to have accessed some Apple accounts; it's not clear which ones or how many.
Apple was able to block the teen's access to its systems once it detected his presence. The company then informed the FBI, which investigated the hack, and eventually the Australian Federal Police raided the kid's home and found hacking tools in a folder called "hacky hack hack," (which, admittedly, probably isn't the most discreet way to store illicit software used to steal data from one of the world's largest companies).
Details about the case are being kept quiet because the teen is said to have bragged about his exploits via WhatsApp, with The Age reporting that his lawyer believes "his client had become so well-known in the international hacking community that even mentioning the case in detail could expose him to risk." Apple shouldn't want to share too many details with the public either, considering it was bested by a suburban teen.
Perhaps the most interesting thing about the case is the fact that the teenager doesn't appear to have hacked Apple out of spite or desire for money. Instead, he's said to be a big fan of the company and eventually wanted to work there. Sentencing on the case was delayed until next month, but assuming he's not barred from using computers for a while, the kid could have quite a resume to submit to security companies.
For anyone else looking to compromise Apple's servers or products, the company is currently running a bug bounty program, though it's not currently open to the public (and it's reportedly offering too little financial compensation to offset the appeal of selling vulnerabilities to someone else). Going through official channels is probably a better career path than breaking in and bragging about it to the hacking community.
