CC-licensed picture by Ben Stanfield.
A hacker claims to have broken into Steve Jobs’ private Amazon.com account.
The hacker is trying to sell details of Jobs’ Amazon.com account to journalists, including Jobs’ purchase history for several years and his credit card number.
According to the hacker, who identifies himself as “orin0co,” Jobs is an avid online shopper. Jobs has purchased 20,000 items from Amazon.com in the last 10 years, the hacker says. That’s 2,000 items a year, or more than 5 items a day, every day.
“I got myself a hold of this information,” the hacker wrote in an email sent from a secure Hushmail account. “No one else has it. I didn’t misuse it, otherwise Mr. Jobs would long ago change his login detail, wouldn’t he?”
The hacker said the scam is an embarrassment for Apple, which claims Macs are less susceptible to “viruses, crashes and headaches.” (See Apple’s new “Elimination” ad).
“Imagine how safe Mac is if you can trick the mighty Steve Jobs,” orin0co wrote.
If true, Jobs would be the latest victim of so-called “whaling” or “spear phishing” attacks: online scams carefully targeted to snare high-worth victims like well-known CEOs or celebrities.
Ryan Olson, director of the Rapid Response Team at iDefense, the security company that publicized whaling in June last year, said it was possible that Jobs had fallen victim to a targeted attack.
“Yeah, I think it’s plausible,” he said. “It would not be hard to get a lot of his information because he’s a celebrity.”
Apple didn’t respond to requests confirming or denying the orin0co’s claims, or a request for comment. Amazon.com said it had no knowledge whether Jobs’ account had been compromised or not.
“I had not heard any rumors about Steve Jobs’ Amazon account being compromised as a result of a phish,” said Patty Smith, director of Amazon.com’s corporate communications, in an email. “We have a good deal of information on our web site designed to educate our customers about the various phishing scams, and ways that they can protect themselves.” (Here’s the link).
The hacker claimed that neither Jobs nor Amazon knew about his break in because it hadn’t been detected. He sent a screenshot of what appears to be Jobs’ account at Amazon.com. The screenshot shows three purchases, although details have been blanked out: A Blu-Ray DVD, a HBO miniseries on DVD, and a copy of The Nuclear Express, a history of the nuclear bomb.
Here’s the screenshot. Hit the thumbnail for the fullsize version.
Whaling attacks reached a peak in the Spring last year, iDefense claims, when a pair of professional hacker gangs targeted senior executives at companies, legal firms and government agencies.
Instead of spamming millions with scattershot email scams, the gangs targeted high-worth corporate executives with cleverly-crafted emails full of personal details. The executives received messages that appeared to come from the Better Business Bureau, Internal Revenue Service, or Federal Trade Commission, among others.
Following a link, or opening an attachment, the phony email installed a keylogger or even the full Apache server on the victim’s machine. The crooks would then monitor the computer for corporate and bank passwords. The scam claimed more than 15,000 corporate victims in 15 months, iDefense said, and netted “millions of dollars.”
There were 10 million victims of identity fraud in the U.S. in 2008, according to a report from Javelin Research (PDF). Amazon.com is a frequent target of phishing attacks.
However, there’s a few things that make orin0co’s story fishy.
The biggest problem is there’s no proof. Apple isn’t talking. It seems unlikely that Jobs would fall for such an elementary scam, and screenshots are easily faked.
Nor does it seem likely that Jobs is such an out-of-control online shopper; 20,000 items beggars belief. In addition, the screenshot, which purportedly shows Jobs’ most recently purchased items, includes only three purchases over the busy holiday period, and the last visible purchase is dated October 2008.
Nonetheless, here’s the email exchange with orin0co:
—–BEGIN PGP SIGNED MESSAGE—–
The reason am writing to you is that your book is among first to
sell in amazon:
I will try to be as short as possible:
2 years ago, I set a amazon.com fake page, and sent emails to different IT people around the globe. Among some other unknown person, Steve Jobs got my mail, he didn’t notice the scam I set so he “updated” his amazon account with data( name, address, credit card number, phone, amazon user and password) which I received, sent to my mail.
Now, it was not my intention to misuse his account (which is still untouched!), the sole purpose was if the “scam” was so perfect that even IT Guru’s will fall on it.
I saw you are the bestseller with a book on S.Jobs, I still have access on his amazon.com account, with all his purchase/interest details for 6-7 years. Now I just checked again, and he didn’t use it since December 22 last year, for reasons known to us.
I intent to sell this information, that’s why I picked you as first on the list.
If you are not interested, am sure other book authors on SJ life (Jeffrey Young, William Simon, Alan Deutschman, Anthony Imbimbo, Daniel Lyons or any others) will be very interested to know about this.
Hope to hear from you,
p.s. I can provide “print screens” logged in SJ amazon account.
—–BEGIN PGP SIGNATURE—–
Version: Hush 3.0
Intrigued by the first email, I asked orin0co how much he hoped to charge for the information and how he would prove it was genuine. He replied:
—–BEGIN PGP SIGNED MESSAGE—–
Dear Mr. Kahney,
First of all, if this news makes headlines it will bring some serious troubles for Mac as such, knowing about medial battle between Microsoft and Apple. Imagine how safe Mac is if you can trick the mighty Steve Jobs, what about other user?
Second, as you can see from the print screen, there is a documentation of Jobs purchases for over 10 years, some 20.000 items he bought online.
Now I’m not in a position to convince anyone how important for someone that writes biography or book is to get a hold of such vital information? I mean c’mon, what do you guys know about him?
Now you say this is illegal, well Mr. Kahney, I got myself a hold of this information. No one else has it. I didn’t misuse it, otherwise Mr. Jobs would long ago change his login detail, wouldn’t he?
You get this chance because you were the first on the amazon book selling list. I know you are a serious person, I saw you are editor on wired. Am sure there are lots of guys out there that would die to get a hold of this, we both know what this is.
It is not my intention to sell this for small money. If you are not in a position or not interested to buy it then I wish you a good day, I will have to ask elsewhere.
Attached you will find the “print screen” made today. File is password protected, with your surname(first letter is capital).
Wish you a good day
—–BEGIN PGP SIGNATURE—–
Version: Hush 3.0