Hacker who shared Apple employee details on Twitter avoids jail


Hacker's lawyer argued that they had been enticed by Apple's bug bounty.
Photo: Clint Patterson

An Australian hacker who pleaded guilty to accessing confidential employee information from Apple and sharing it on Twitter has avoided a jail sentence.

24-year-old Abe Crannaford’s lawyer had argued that, by offering a bug bounty for hackers able to find weaknesses in its software, Apple encourages people to dig into its products to find weaknesses. However, the magistrate did not entirely accept the argument.

“Apple does promote in some sense the ability to delve into a computer and find a bug or a glitch – and then knowing about it helps the company improve its product,” argued defence solicitor Ines Chiumento. “With that ability being treasured and sought out, it’s difficult to send a message to young people [about the illegality and punitive measures] if the companies don’t send the same message.”

Apple offers rewards of up to $1 million to people who find bugs in Apple software. However, claiming this bug bounty requires them to make Apple aware of the weaknesses and not share them. (The bug bounty also didn’t stretch as high as $1 million at the time Crannaford was doing his hacking.)

The magistrate acknowledged that, “I can believe you may have been enticed” by a bug bounty. But this changed later on. The magistrate also noted that, “It may well be that there was no sinister intentions [with the illegal access of data]. But the bottom line is you knew it was wrong … What you did strikes at the heart of modern society – people rightly worry about their privacy.”

Hacker was guilty, but spared jail

Crannaford appeared in court on June 3 for sentencing. At a previous court appearance in February, he had pleaded guilty to two counts of unauthorized access or modification of restricted data.

The hacking incidents took place between the middle of 2017 and early 2018. Crannaford published details of Apple employees on Twitter and also supposedly shared details about Apple firmware on code repository GitHub. He faced a maximum sentence of two years in prison, along with a fine of AU$10,000 ($6,800) for each incident.

However, while the magistrate convicted Crannaford of the crime, he spared the hacker from a jail sentence. Instead, Crannaford was given a fine of AU$5,000 and 18 months of probation. His computer equipment will be returned, although it will first be “forensically wiped.”

Via: Bega District News


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.