Turkish researcher claims ethical intent behind attack on Apple developer site

A Turkish security researcher, Ibrahim Balic, claims to have been responsible for hacking into Apple's developer website, though his intention, he says, was to demonstrate that Apple's system was leaking user information.

Apple had reported an attack on its Developer portal yesterday adding that some information about its 275,000 registered third-party developers who use it might have been stolen, The Guardian newspaper reported. (See: Intruders attack Apple developer website)  

On a video posted on Youtube Balic appeared to show that the site was vulnerable to an attack. He added however that he had reported all the bugs he found to the company and waited approval. The video featured a screenshot of a bug filed on 19 July - the same day the site was taken down - saying "Data leaks user information. I think you should fix it as soon as possible."

The portal at developer.apple.com had been offline since Thursday and the iPhone maker had offered no explanation, leading initially to speculation among developers that it had suffered a disastrous database crash, and later to the portal being hacked.

The video appeared to show developer names and IDs, though, a number of the emails belonged to long-deprecated services, including Demon, Freeserve and Mindspring.

The Guardian said it was trying to contact the alleged owners of the emails.

Balic told the newspaper that his intention was not to attack. He added, he found 13 bugs and reported (them) directly one by one to Apple straight away. He said, just after his reporting (the) development centre closed. He said he had not heard anything from them, "and they announced that they got attacked".

He added his aim was to report bugs and collect the data  for the purpose of seeing how deep he could go with it.

Meanwhile, Balic identified himself as a "security researcher" in in TechCrunch, who attempted to point out serious issues to Apple about its Dev Center website, after an admission by Apple yesterday that its developer website had been hacked.

According to Apple, sensitive personal information included on the registered developers website was encrypted, and Apple did not believe the information could be accessed. However, Balic suggested he had been able to obtain some user details as evidence to Apple of an apparent security flaw.

According to Balic one of the bugs provided him with access to user information. He claimed he had taken 73 user details - all of whom were related to Apple employees - and had given them to the company as an example.

According to commentators, Balic's public comments came as an effort to clear his name, as he said he was "not feeling very happy" about how the situation has been portrayed. He had also said he was concerned about potential legal action against him.

He claimed that his actions were not to harm or damage and he did not attempt to publish or share the information with anybody else.