What you read in the title is not a joke. Indeed, a security researcher named Noah Roskin-Frazee received praise from the brand and robbed it from behind at the same time. So how did he carry out the robbery worth $2.5 million? How did Apple not notice this? Here are the details…
How was the robbery that caused $2.5 million in damage to Apple carried out?
Noah Roskin-Frazee, a security researcher affiliated with ZeroClicks Lab, is actually a researcher who detects software vulnerabilities and closes these vulnerabilities for brands. Roskin-Frazee, who enters companies’ systems as part of his job, reports the vulnerabilities he finds to the brands and in return receives money, devices, praise, certificates of appreciation, etc. receives awards.
Of course, there is also a great power in the hands of Roskin-Frazee. Because you control the systems of a large company like Apple, no one will suspect you while browsing the system. Being able to track all the data and sales transactions of the brand, as far as allowed, under the pretext of testing, can be the most powerful weapon to commit a robbery.
The researcher named Roskin-Frazee must have also succumbed to the evil spirit within him. Because he found a security vulnerability in Toolbox, a backend system that Apple uses to put orders on hold. Thanks to this vulnerability, orders could be edited even while they were on hold. In other words, a customer orders an Apple Watch and this request is put on hold in the brand’s system. Roskin-Frazee can completely change the order information at this time.
Roskin-Frazee, along with his accomplice Keith Latteri, made the best planning possible. They then requested access to an employee account from a third-party company that monitors Apple’s customer support system. By using the password reset tool, the duo obtained a support line account.
After taking over this account, they started creating fake orders in a way that would not attract attention. They ordered new iPhones and MacBooks for themselves and showed the cost as zero thanks to the account they had. They were receiving these orders with fake names and addresses. From 2018 to 2019, physical gift cards, products, etc. They bought many products.
Once the incident was noticed, the police launched an investigation. The case has not yet been concluded and it is thought that different names other than the duo were involved in the incident. The total damage to Apple is close to 2.5 million dollars.
{{user}} {{datetime}}
{{text}}