An Australian teenager who hacked Apple systems over several months and downloaded sensitive data avoided a jail term Thursday, as a court heard he was fascinated by the tech giant and found accessing its networks addictive.
The now adult defendant, who was 16 at the time the hacking began, accessed Apple’s internal systems and copied data and authentication keys, a magistrate told a Children’s Court. The company contacted the Federal Bureau of Investigation and Australian police subsequently raided his home.
“Your offending is serious,” the magistrate told the teenager, who cannot be named under Australian law that protects the identity of juvenile offenders. “It was sustained, sophisticated, and a successful attack on the security of a major multinational corporation,” she said. No conviction was recorded against the teenager, who pled guilty to two charges, and he was given an eight-month probation order.
The hacking took place over two periods, between June 2015 and November 2016, and in April 2017, the magistrate said.
The teenager’s lawyer had argued it began innocently as a result of his fascination with Apple and “love of information technology,” the magistrate said. In an interview with police, the defendant said part of the appeal was “just being in the corporation pretending you were employees,” and that accessing the networks had become addictive, she said.
Under Australian law, the names of other parties in the case and the precise location of the court also can’t be disclosed to protect the defendant’s identity.
Apple said that customers’ personal data wasn’t compromised and that staff had discovered the unauthorised access, contained it, and reported it to law enforcement. “We vigilantly protect our networks,” the company said in an emailed statement.
The teenager exploited a virtual private network used by authorized people to connect remotely into Apple’s internal systems, the magistrate said. Helped by another youth, he later sent a computer script to the system which created a secure shell tunnel – a method of accessing systems and bypassing firewalls – enabling them to remove data more quickly. During the attacks, the teenager was able to access internal security policies and to save authentication keys, the magistrate said.
After being detected and blocked in November 2016, the defendant and the second person succeeded in briefly regaining access to Apple’s systems last year, according to the magistrate.
A search of the teenager’s home recovered two Apple MacBook laptops and a hard drive that contained a folder labelled ‘Hacky Hack Hack Methods Exclude,’ which included 12 files on methods to infiltrate or bypass Apple’s security. Australian investigators recovered about a terabyte of data “sensitive both from a privacy and commercial point of view,” that had been copied from Apple’s systems, a prosecutor told an earlier hearing.
An ongoing investigation by Australian police may result in other people being interviewed or charged, the prosecutor told the court Thursday. Evidence against a second teenager has been sent to the office of the Commonwealth Director of Public Prosecutions, the Australian Federal Police said in an emailed statement.
One of the charges in the case, related to unauthorised and reckless modification of data, carries a maximum sentence for adults of 10 years in jail, while a second offence of unauthorized access of data is punishable by as much as two years jail, the magistrate said. The court had the ability to impose potential jail terms of two years for one charge and 12 months for the other, she said.
Sentencing of juveniles is focused on rehabilitation and the defendant had shown remorse and cooperated with authorities, the magistrate told the court.