John Paczkowski

Recent Posts by John Paczkowski

Is Ibrahim Balic Behind the Apple Dev Center Hack? Maybe Not.

Ibrahim Balic's Twitter mug shot.

Ibrahim Balic’s Twitter image

Is Ibrahim Balic behind the hack that drove Apple to take its Developer Center offline for a few days and completely overhaul the security measures protecting it?

Balic, an independent security researcher, believes he is. And the timing and some of the data he has offered up in support of that claim does line up with the narrative so far.

But is he really the “intruder” that Apple says attempted to pilfer the personal information of its registered developers?

That’s a question only Apple can answer. But it’s unclear for now whether Balic is indeed the perpetrator; Apple’s response to the breach suggests a serious intrusion by nefarious players and not an altruistic Whitehat hacker.

Consider: Three days of silence as the company assessed the breadth of the breach and worked out a response plan and the messaging to communicate it to developers. A Dev Center outage that continues to this day. Apple’s admission that the incident has caused it to completely overhaul its developer systems, update its server software and rebuild its entire database — remember, registered iOS and Mac developers number in the hundreds of thousands.

Do those moves really jibe with Balic’s conduct and his “I think it was me!” announcement and subsequent haphazard disclosures? Keep in mind: Right now, the only source attributing Dev Center’s temporary closure to Balic is Balic.

Balic may have discovered a vulnerability in Dev Center and exploited it in a proof-of-concept exercise. He may even have found the very vulnerability that caused the fire drill at Apple last Thursday. But it’s hard to believe he’s the guy who forced the company to go to the mattresses and put Dev Center on lockdown. The severity of that response — one that is still ongoing — suggests more sophisticated attackers.

Asked if Ibrahim Balic was indeed responsible for the hack, an Apple spokesman declined comment. Asked explicitly if the company knows the identity of the hacker responsible for the intrusion, a company spokesperson replied, “We cannot comment on that yet.”

There’s not much room to read between the lines there. That said, the fact that Apple answered the second question but not the first — and did so with a “We cannot comment on that yet” — suggests to me that the company hasn’t fingered Balic as the author of the hack to which it has been responding.

More to come soon, hopefully.


Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

First the NSA came for, well, jeez pretty much everybody’s data at this point, and I said nothing because wait how does this joke work

— Parker Higgins via Twitter