Apple's Double Agent (vice.com) 18
For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. An anonymous reader shares a report: On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating. Andrey Shumeyko, also known as YRH04E and JVHResearch online, decided to share his story because he felt that Apple took advantage of him and should have compensated him for providing the company this information.
"Me coming forward is mostly me finally realizing that that relationship never took into consideration my side and me as a person," Shumeyko told Motherboard. Shumeyko shared several pieces of evidence to back up his claims, including texts and an email thread between him and an Apple email address for the company's Global Security team. Motherboard checked that the emails are legitimate by analyzing their headers, which show Shumeyko received a reply from servers owned by Apple, according to online records. Shumeyko said he established a relationship with Apple's anti-leak team -- officially called Global Security -- after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it. Last year, months before the official release of Apple's mobile operating system iOS 14, iPhone hackers got their hands on a leaked early version.
"Me coming forward is mostly me finally realizing that that relationship never took into consideration my side and me as a person," Shumeyko told Motherboard. Shumeyko shared several pieces of evidence to back up his claims, including texts and an email thread between him and an Apple email address for the company's Global Security team. Motherboard checked that the emails are legitimate by analyzing their headers, which show Shumeyko received a reply from servers owned by Apple, according to online records. Shumeyko said he established a relationship with Apple's anti-leak team -- officially called Global Security -- after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it. Last year, months before the official release of Apple's mobile operating system iOS 14, iPhone hackers got their hands on a leaked early version.
A "novel" life. (Score:2)
Sounds like one of those spy novels. Moral of the story, pay your stool-pigeons well.
Re:A "novel" life. (Score:5, Interesting)
Sounds like one of those spy novels. Moral of the story, pay your stool-pigeons well.
Says you? I think Apple security sounds wise to have kept out of this.
Alternative moral - Apple doesn't pay blackmail; don't bother trying?
oh, and be really careful who you trust, certainly not the person in this story.
Re: (Score:1)
"Now it feels like I ruined someone for no good reason, really," Shumeyko told me, referring to the Apple employee in Germany.
No good reason? The guy was trying to sell access to an internal Apple account. Seems like a perfectly valid reason to me.
Re: (Score:2)
"Now it feels like I ruined someone for no good reason, really," Shumeyko told me, referring to the Apple employee in Germany.
No good reason? The guy was trying to sell access to an internal Apple account. Seems like a perfectly valid reason to me.
Remember that's a statement from Shumeyko who also:
more than a double agent, from this article it seems he's an expert in doublethink too. Of course I don't know how you confirm the article. Maybe the Apple employee in Germany was fake too?
Re: (Score:2)
It doesn't sound like he made it to stool pigeon.
"I'm your stool pigeon! Pay me or I'll make you look bad for having stool pigeons!"
Weakest extortion attempt ever.
Re: (Score:2)
"Sounds like one of those spy novels."
Hardly, this is obviously a counter-espionage-novel.
Wrong headline. (Score:3, Insightful)
Try this: "Man who tries to profit off of stolen Apple trade secrets surprised that it did not turn out the way he thought it should".
Re: (Score:2)
Yeah, I wonder if he knows he might end up arrested? If he hasn't been arrested, he's already been paid, but perhaps he can return payment? LOL
not really important (Score:2)
Who cares about this article? This kind of spy-counterspy action is going to happen all the time in that space. I would be surprised if there was someone who in "internal" who isn't doing what he did.
Dude should have had a written agreement up front (Score:2, Insightful)
TL;DR Man outs self to Global InfoSec Watch Lists (Score:3)
Unless he received a bug-bounty compensation confirmation email, then there's really no story.
Or rather, the story is, Man outs self to global infosec community; wants money for completing unsolicited user feedback form.
Comment removed (Score:5, Insightful)
Re: (Score:2)
He may have a future in politics, he's clearly demonstrated that he has no moral compass.
Fake (Score:2)
So basically, Apple is trying to pretend that they have a "double agent" ready to rat out anyone who leaks info in order to scare anyone thinking of doing so.
who believes this? (Score:2)
"... finally realizing that that relationship never took into consideration my side and me as a person... "
Who believes this crap?
Wouldn't it be simpler to write "they didn't pay me enough"?