Australian hacker fined for leaking Apple employee details online

By William Gallagher

A 24-year-old Australian has been convicted by a local court of hacking Apple and reportedly posting both employee details, and firmware, to Twitter and GitHub.

An Apple data center of the type believed to have been hacked

In a second case of Apple being hacked in Australia around the same time, 24-year-old Abe Crannaford, has now been convicted and fined US by Eden Local Court after pleading guilty to two counts of unauthorized access to confidential data.

"It may well be that there was no sinister intentions [with the illegal access of data]," Magistrate Doug Dick told Crannaford in court, according to the local Bega District News. "But the bottom line is you knew it was wrong. What you did strikes at the heart of modern society - people rightly worry about their privacy."

Crannaford reportedly extracted employee details and posted those onto his Twitter account. He is also said to have published links on GitHub to Apple's confidential firmware. The maximum sentence for these offences was reportedly two years imprisonment and fines totalling more than $13,600 US.

Magistrate Dick chose not to imprison Crannaford, and also limited the amount of the fines. Crannaford is required to pay $3,400 US and has been given a good behavior bond for 18 months. If he breaks the terms of that bond, he will be ordered to pay the same amount again.

Crannaford's defence solicitor, Ines Chiumento, argued that Apple effectively encourages such hacking with its record of paying people who discover security issues and report them. "In the beginning I can believe you may have been enticed by [such] a 'bounty', but these charges relate to later matters," Magistrate Dick said.

"It's pleasing to see you've made changes to you life and it's clear from the submissions that it has weighed heavily on your mind, which is punishment in itself," he continued. "It may well be you're now subjected to online ridicule and contempt, but no-one in this court room escapes that - not even me."

Crannaford conducting his hacking between mid-2017 and early 2018, accessing Apple's systems from his home in Moruya Heads, New South Wales.

This case is separate to a similar one, also from 2017 and 2018, involving an Australian juvenile. Apple claimed at the time that no user data had been stolen, and the teenager also received a good behavior bond from the court.