Aussie Fined for Tweeting Apple Employees' Data

An Australian man convicted of extracting data from Apple's servers and publishing it on social media has escaped a jail sentence. 

Abe Crannaford admitted hacking into the servers of the American multinational tech giant in mid-2017 and early 2018. Once inside, the 24-year-old extracted information relating to Apple employees that he later shared via his Twitter account.

It was alleged that Crannaford also provided links to the corporation's firmware on GitHub. 

Crannaford pleaded guilty in February to two counts of unauthorized access or modification of restricted data. These offenses could have seen the guilty man locked up for two years and fined a maximum of $10,000.

However, instead of imposing a custodial sentence on Crannaford, Magistrate Doug Dick placed the malicious hacker under a recognizance order. The order, handed out on June 3 in Eden Local Court, requires Crannaford to abide by the law for an 18-month period. 

In addition, Dick fined Crannaford $5,000. If the hacker reoffends within the period of recognizance, he will be ordered to pay an extra $5,000 penalty. 

Dick said that by targeting people's privacy, Crannaford's crime targeted a matter of vital importance to today's general public. 

"What you did strikes at the heart of modern society—people rightly worry about their privacy," Dick told Crannaford.

Ines Chiumento, Crannaford's defense lawyer, suggested that by awarding hackers for finding exploits and bugs through its bounty program, Apple "in some sense" promotes hacking. Chiumento argued that such a program sent mixed messages to impressionable youngsters.

"Apple does promote in some sense the ability to delve into a computer and find a bug or a glitch—and then knowing about it helps the company improve its product," Chiumento said.

"With that ability being treasured and sought out, it's difficult to send a message to young people [about the illegality and punitive measures] if the companies don't send the same message."

The Commonwealth prosecutor acknowledged the existence of Apple's bounty program but said Crannaford's "intrusions into websites and restricted data" occurred on multiple occasions and were shared with others, "so the concept of a bounty is contrary to his actions."

Dick told Crannaford: "In the beginning I can believe you may have been enticed by a 'bounty,' but these charges relate to later matters."

What’s Hot on Infosecurity Magazine?