Apple Hacked: Turkish Security Researcher Taking Credit For The Attack On Developer's Site Isn't Credible

An investigation into the credibility of the UK-based Turkish researcher who took credit for the hack on Apple's Developer website, which caused it to go offline for more than a week is casting doubt on his claims.

Ibrahim Balic described himself as a security consultant who was doing some research on Apple when he discovered a bug in its security. According to him, he disclosed his findings in a bug report and Apple soon took its website down.

While his claims began as humble, it wasn't long before he took to YouTube and other social media to profess how he did the deed. Balic claimed he had details of 100,000 people registered on the site, including e-mail addresses. He said he included 73 of these items in a bug report to Apple after discovering and exploiting a cross-site scripting bug in the site and noted 13 issues in a bug report to Apple between July 16 and July 20.

However, in an investigation conducted by the Guardian several elements of Balic' story don't add up. For starters, cross-site scripting attacks like this usually require the hacker to "infect" a page with a malicious piece of Javascript or HTML, this would then be used to extract data. If Balic's claim is correct, he seems to have used the cross-site scripting exploits against his own system.

Furthermore, none of the e-mails that Balic has shared with the public or have been discovered in the investigation, add up or look legitimate. Many e-mails belong to defunct services such as Freeserve, Demon and SBC Global.

Graham Cluley, an independent security consultant commented: "Many of these names and e-mail addresses either don't look like they would belong to Apple developers, or appear to have left no footprints anywhere else on the net," he continues. "It's almost as though these are long-discarded ghost e-mail addresses from years ago or have been used by Balic in his video for reasons best known to himself."

The full details form the Guardian's investigation can be found HERE. Whether it was Balic who hacked the developer website or not, one thing is certain, Apple was the victim of a very serious cyber attack.

Real Time Analytics