An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.
Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.
According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online. He also informed Apple of journalists who maintained relationships with leakers and any other details he thought the company might want to know about.
Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team.
Motherboard verified the authenticity of Shumeyko's evidence, including emails with the Global Security team that originated from servers owned by Apple.
Shumeyko first established a relationship with Apple's Global Security team, which investigates leaks and is staffed with former intelligence and military personnel, in 2017. At the time, he alerted the team of a potential phishing campaign against Apple Store employees. Then, in mid-2020, Shumeyko says he served as a "mole" and tried to help Apple investigate some of its worst leaks.
For example, Shumeyko reportedly reached out to Apple's Global Security team and offered details about the iOS 14 leak — including the person who allegedly purchased the prototype iPhone, security researchers who received copies of the build, and a handful of people in China who traded in stolen prototypes.
Shumeyko said he was willing to share information with Apple to try and redeem his past actions leaking information. A well-respected member of the leaking and jailbreaking community, other members said they had no idea that Shumeyko was acting as a mole for Cupertino.
At another point, the leaker also provided Apple with information after an employee allegedly sold access to an internal Apple account. Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
"Now it feels like I ruined someone for no good reason, really," Shumeyko told Motherboard in reference to the Apple employee.
Weeks later, after being frustrated about the lack of compensation, Shumeyko sold the internal information to 9to5Mac, which wrote an article about it.
The leaker apologized almost immediately to Apple Global Security, who told him that he should consult the team before publishing anything else.
"Please understand that our goal is to protect Apple. All our actions are guided by the premise of what is best for the company, our employees, and our customers (of which you are one). Therefore your help— and insights— in understanding possible threats to us are very important," the Apple Global Security Team said in an email. "My personal advice is that you continue to do the right things so that you can build a positive image for yourself. Do the right things to protect Apple. Keep it that way, you will be proud of yourself, so will we."
Apple is well-known for its secrecy culture, but its response to leakers has largely been shrouded in mystery in recent years. Earlier in 2020, however, reports indicated that the company was ramping up its anti-leak efforts in China, where there is a thriving gray market for stolen prototypes and internal software.
In a cease and desist letter addressed to a Chinese citizen in June, Apple said that leaks of unreleased products or hardware "harm the interests of consumers and Apple."
10 Comments
“Shumeyko said he was willing to share information with Apple to try and redeem his past actions leaking information.”
So which is it, is he trying to redeem his past actions or cash in? Don’t get mad because Apple treated him like the scumbag that he is.
This fits a pattern I have seen before. These types of people who trade in hacks need to feel important. That's why they act as double agents. They tell whatever lies they need to in order to obtain information about hacks and then immediately turn around and tell the company about the hack in exchange for perceived promises about compensation and when that does not happen they turn around again and brag/cry about the company not paying them. This happened to my own company at one point in the distant past and I have seen it a few times since then related to other companies I did not work for (one was a gaming company and a game I was playing). Companies like Apple (or mine) don't really know how to deal with these people. They find them amusing, confusing, somewhat embarrassing but no real threat as they have to credibility.
I was taught that you did the right thing because it was the right thing. Turning leakers and people who sell stolen Apple property was the right thing. Compensation would be an enticement for someone who didn’t have the strength of character to just do the right thing. Now he’s whining that Apple didn’t pay him enough to do what he should have wanted to do for free. Well boo ho. Go take an ethics course.
If you lay down with dogs…
This guy really comes across as whining. I have zero sympathy for him. Playing victim? jeez.