After Apple (AAPL) disclosed that a security breach prompted it to shut down its Developer Center website July 18, an independent security researcher said the vendor reacted to his non-malicious work exposing bugs in the system.
According to reports, Ibrahim Balic, a U.K.-based private security consultant, said he uncovered more than a dozen flaws in Apple’s system, pointing out vulnerabilities that left data from the Developer Center exposed. Balic said he contacted Apple to illuminate the security flaws and to help the vendor fix them. Instead, Apple regarded his actions as a security intrusion and shut the site down.
The vendor initially said it took the Developer Center site offline July 18 as a precautionary measure but subsequently acknowledged it responded to a security vulnerability. Apple said it currently is renovating its developer systems, reconstructing its entire developer database and updating its server software. So far, the vendor has not supplied developers with a date when the site will return.
Balic responded online to a TechCrunch article on the Developer Center security breach, identifying himself and offering that he intended to help Apple. He said he showed Apple data from 73 user accounts and claimed he’d gotten his hands on information from some 100,000 users. However, he denied his intentions were to hack the site for any reason other than to help Apple shore up its security.
In his online post, subsequently followed by a video, Balic wrote:
“My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I've also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.”
Balic, who wrote he was concerned about being blacklisted, said his “aim was to report bugs and collect the datas for the porpoise (sic) of seeing how deep I can go within this scope.”