Teacher
Professional
- Messages
- 2,670
- Reaction score
- 773
- Points
- 113
A cybersecurity researcher who previously reported several vulnerabilities in Apple products is accused of infiltrating Apple's internal infrastructure and defrauding the corporation out of $2.5 million in gift cards and electronics. According to court documents, despite Noah Roskin-Frazi's arrest, Apple credited him for discovering the security flaw. 404 Media reported this in its investigation.
It is reported that the defendant, along with his accomplices, attempted to fraudulently obtain Apple products and services worth over $3 million by placing more than 20 fictitious orders. As a result, the attackers managed to take possession of gift cards and goods worth about $2.5 million, which were then resold to third parties. In one case, 6 laptops were sent to retailer SellShark.com.
The companies listed in the documents are not directly named, but all indications indicate that we are talking about Apple. The indictment involves a company based in Cupertino, California, that develops and sells software, consumer electronics and personal computers. There is mention of purchasing FinalCut Pro video editing software through the company's app store, which also points to Apple.
US citizen Keith Latteri has also been charged. It's worth noting that Roskin-Frazee is a cybersecurity researcher and has been recognized by Apple for reporting vulnerabilities in macOS Ventura and macOS Sonoma.
The fraud scheme began in December 2018 and continued until at least March 2019. The defendants allegedly used a password reset tool to access the account of an employee of a company that provides Apple customer support services, which allowed them to subsequently gain access to Apple systems and place fake orders for the company's products.
The indictment alleges that the attackers abused the Apple Toolbox program by changing the cost of orders to zero, adding products without charging to existing orders, such as phones and laptops, and extending existing service contracts without charging. Among other things, service contracts for one of the accused and his family were extended for another 2 years without payment. The manipulations reportedly led to the theft of millions of dollars. Lawyers for the defendants did not respond to requests for comment.
It is reported that the defendant, along with his accomplices, attempted to fraudulently obtain Apple products and services worth over $3 million by placing more than 20 fictitious orders. As a result, the attackers managed to take possession of gift cards and goods worth about $2.5 million, which were then resold to third parties. In one case, 6 laptops were sent to retailer SellShark.com.
The companies listed in the documents are not directly named, but all indications indicate that we are talking about Apple. The indictment involves a company based in Cupertino, California, that develops and sells software, consumer electronics and personal computers. There is mention of purchasing FinalCut Pro video editing software through the company's app store, which also points to Apple.
US citizen Keith Latteri has also been charged. It's worth noting that Roskin-Frazee is a cybersecurity researcher and has been recognized by Apple for reporting vulnerabilities in macOS Ventura and macOS Sonoma.
The fraud scheme began in December 2018 and continued until at least March 2019. The defendants allegedly used a password reset tool to access the account of an employee of a company that provides Apple customer support services, which allowed them to subsequently gain access to Apple systems and place fake orders for the company's products.
The indictment alleges that the attackers abused the Apple Toolbox program by changing the cost of orders to zero, adding products without charging to existing orders, such as phones and laptops, and extending existing service contracts without charging. Among other things, service contracts for one of the accused and his family were extended for another 2 years without payment. The manipulations reportedly led to the theft of millions of dollars. Lawyers for the defendants did not respond to requests for comment.