An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.
Credit: Giles Lambert/Unsplash
Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.
According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online. He also informed Apple of journalists who maintained relationships with leakers and any other details he thought the company might want to know about.
Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team.
Motherboard verified the authenticity of Shumeyko's evidence, including emails with the Global Security team that originated from servers owned by Apple.
Shumeyko first established a relationship with Apple's Global Security team, which investigates leaks and is staffed with former intelligence and military personnel, in 2017. At the time, he alerted the team of a potential phishing campaign against Apple Store employees. Then, in mid-2020, Shumeyko says he served as a "mole" and tried to help Apple investigate some of its worst leaks.
For example, Shumeyko reportedly reached out to Apple's Global Security team and offered details about the iOS 14 leak -- including the person who allegedly purchased the prototype iPhone, security researchers who received copies of the build, and a handful of people in China who traded in stolen prototypes.
Shumeyko said he was willing to share information with Apple to try and redeem his past actions leaking information. A well-respected member of the leaking and jailbreaking community, other members said they had no idea that Shumeyko was acting as a mole for Cupertino.
At another point, the leaker also provided Apple with information after an employee allegedly sold access to an internal Apple account. Shumeyko believed that this information would entitle him to a reward, but no such compensation came.
"Now it feels like I ruined someone for no good reason, really," Shumeyko told Motherboard in reference to the Apple employee.
Weeks later, after being frustrated about the lack of compensation, Shumeyko sold the internal information to 9to5Mac, which wrote an article about it.
The leaker apologized almost immediately to Apple Global Security, who told him that he should consult the team before publishing anything else.
"Please understand that our goal is to protect Apple. All our actions are guided by the premise of what is best for the company, our employees, and our customers (of which you are one). Therefore your help-- and insights-- in understanding possible threats to us are very important," the Apple Global Security Team said in an email. "My personal advice is that you continue to do the right things so that you can build a positive image for yourself. Do the right things to protect Apple. Keep it that way, you will be proud of yourself, so will we."
Apple is well-known for its secrecy culture, but its response to leakers has largely been shrouded in mystery in recent years. Earlier in 2020, however, reports indicated that the company was ramping up its anti-leak efforts in China, where there is a thriving gray market for stolen prototypes and internal software.
In a cease and desist letter addressed to a Chinese citizen in June, Apple said that leaks of unreleased products or hardware "harm the interests of consumers and Apple."