July 22, 2013
For the past few days, Apple's Developer Center has been down, supposedly for routine maintenance purposes. But earlier today, Apple has released a statement acknowledging that its developer portal has been down on account of a security breach from an "intruder." Now, a security researcher has come out with compelling proof that he may have actually brought about the portal's shutdown. As pointed out by Instapaper creator Marco Arment, a security researcher named Ibrahim Balic posted an explanatory comment and video in response to a TechCrunch article about the apparent attack. Both comment and video suggest that the London-based Balic may very well be the "intruder" in question, albeit one without any malicious intent. Balic claims that as he was doing research on Apple's infrastructure, he found 13 bugs and informed Apple about all of them. One of these bugs reportedly gave him access to user details. Balic took the user details of some Apple employees in particular as examples in his bug report to Apple. According to Balic, Apple closed the developer portal a few hours after he submitted his final report to the company. A portion of Balic's revelatory comment, reproduced here in unedited form, reads:
I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first.He makes the same case in his recently posted video titled "I am not an hacker, I do security research (100.000+ user information leaks)," which you can watch below. If you can't see the video embedded above, please click here. Apple is yet to confirm or deny Balic's involvement in this increasingly intriguing situation. Of course, we'll keep you updated with more news on the matter as they become available.