Bloomberg reports that the infamous teenage Apple hacker from down under has been sentenced to eight months probation. The boy was 16 at the time and is now an adult. He accessed Apple’s internal systems between 2015-2017 and copied data and authentication keys, a magistrate told a Children’s Court. He pled guilty to two charges.
As the Guardian put it: "Despite the court being told that the teenager had downloaded 90GB of secure files and accessed customer accounts, Apple – the world’s most valuable company – has denied that customers were affected."
The magistrate in the case said:
"Helped by another youth, he later sent a computer script to the system which created a secure shell tunnel -- a method of accessing systems and bypassing firewalls -- enabling them to remove data more quickly. During the attacks, the teenager was able to access internal security policies and to save authentication keys."
The inside story on SSH tunneling
SSH.COM founder and inventor of the Secure Shell protocol, Tatu Ylönen, explains SSH tunneling: "SSH tunnels are widely used in many corporate environments... For example, entire country-wide ATM networks run using tunneling for security."
On SSH.COM's informative section about SSH tunneling, Ylönen continues: "SSH connections are protected with strong encryption. This makes their contents invisible to most deployed network monitoring and traffic filtering solutions. This invisibility carries considerable risk potential if it is used for malicious purposes, such as data exfiltration."
Ylönen also highlights that SSH tunneling, in combination with utilizing stolen SSH keys, is a very powerful attack vector for hackers that can be very hard to trace. "SSH tunneling attacks can also be used for hiding the source of the attack. It is common for hackers to bounce attacks off systems and devices that allow SSH port forwarding to hide their tracks. This allows them to probe for vulnerabilities, try various login credentials, or run attack tools against email, web, telephony, and any other protocols."
How can the world's biggest company stay secure?
The Australian Apple hack, according to the magistrate, involved a teenager leveraging SSH tunneling and authentication keys to exfiltrate data from the world's richest and, arguably, most successful company.
At SSH.COM we have developed CryptoAuditor to prevent unauthorized SSH tunnels. CryptoAuditor uniquely decrypts SSH sessions based on policy, via access to host keys. It also controls file transfers, and offers comprehensive session recording and playback for forensics and audits.
Fortune 500 companies in the finance, energy and technology sectors use CryptoAuditor to prevent SSH tunnel attacks. Unfortunately Apple was not one of them at the time of the Australian teen hack.
Many major organizations rely on Security Information and Event Management (SIEM) systems but they have a critical blindspot: they typically cannot see the content of content encrypted traffic. Our customers use CryptAuditor's extensive integration capabilities to pass encrypted session data to SIEM, data loss prevention, analytics and Intrusion Detection Systems (IDS) - to provide unparalleled real-time monitoring power.
To discuss your blindspots in confidence with an SSH.COM cyber strategy expert:
- In the US: Sean Lunell firstname.lastname@example.org +1.408.445.2791 (PST)
- For EMEA/APAC, contact: Rami Raulas email@example.com +358 503311741 (EET)