Did LulzSec Hack Apple's iCloud and Steal Source Code?

Friday, June 24, 2011



An anonymous Pastebin posting from June 21 states that hackers from the LulzSec collective successfully breached Apple's iCloud networks several weeks ago.

The posting claims that the intruders mapped the network and "grabbed all their source code and database passwords".

The header on the posting identifies the AnonOps IRC channel "LulzSec" and displays a dead link to a Facebook page with the name "Ryan Cleary".

Ryan Cleary is the name of the 19 year old U.K. resident who was arrested and charged earlier this week with attacks on UK-based websites including the Serious Organised Crime Agency, and is suspected of participating in multiple Anonymous and LulzSec operations.

Cleary is also thought to be the Anonymous member who staged a mini-coup in May by stealing passwords and hijacking several AnonOps servers.

Cleary was subsequently "doxed" by other Anonymous participants, having details of his identity and activities posted online. Many believe his arrest was a direct result of his exposure by other Anonymous supporters.

The pastebin posting contains the following message:

IRC: irc.anonops.ru (channel #LulzSec | port 6697 for SSL)
BitCoin donations: 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP
FaceBook http://www.facebook.com/ryan.cleary2
Twitter: @LulzSec

Greetings Internets,

This is a story all about how we made Apple and everything they own, our frak for life.

Hello, good day, and how are you? Splendid! We're LulzSec, a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun. Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year.

As you should know, The Lulz Boat stores vast amounts of booty; much of this booty we don't release as it's simply too shiny and/or delicious. As of late, certain inferior sailing boats have discovered flaws in the iCloud (the iCloudthegame.com), thinking themselves exciting and new.

Too late. The Lulz Boat controls this ocean, chumps.

Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?

We then switched to root ammunition rounds. And we rooted... and rooted... and rooted...

After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck.

"It seems the glorious leader of LulzSec got arrested. Whois driving the boat?"

All should be taken with a grain of salt until more conclusive evidence is produced. An anonymous posting on Pastebin is far from proof of a successful exploit.

Furthermore, recent reports of a hack and breach of the U.K.'s census data by LulzSec appear to be false, so there may be an active disinformation campaign at work.

That aside, a successful breach of Apple's networks and the pilfering of the company's source code would be a significant event. Infosec Island has contacted Apple and are awaiting an official reply.

LulzSec is reported to have conducted a successful attacks against the Central Intelligence Agency, the U.S. Senate website, PBS, as well as networks belonging to the Atlanta chapter of FBI affiliate InfraGard. LulzSec also claims to have also hacked Sony Pictures, Sony Entertainment and Sony BMG, among others.

LulzSec is currently engaged in a very public conflict with anti-jihadi hacker The Jester (th3j35t3r) and anti-lulz hackers known as Team Poison (TeaMp0isoN) and Web Ninjas, respectively.

The Jester and Web Ninjas have already produced some documents that attempt to identify some key LulzSec players, and Team Poison has stated they have turned over details of the LulzSec's organization and leadership to law enforcement, and are expected to publish some of the information soon.

Possibly Related Articles:
Apple Headlines th3j35t3r Hacktivist Source Code Lulzsec Doxing Ryan Cleary iCloud TeaMp0isoN Web Ninjas
Post Rating I Like this!
Kevin McAleavey For laughs and giggles, hopped onto the anonops irc channel and asked outright. My "handle" was "peeves" in this convo:

21:46 peeves infosecfag here - did anyone really hit apple? No formal announces given
21:46 *** PierreDubois joined #antisec
21:46 PierreDubois hello
21:46 Antisec_news here in brazil is "crime" make #MarijuanaMarch
21:46 Trivette you just through gay and black in cause you wanna get high
21:46 bernard Freedom for gay and black marijuana!
21:46 sigma sup
21:46 *** LulzLizard___ joined #antisec
21:46 LulzLizard___ Hi!
21:46 rando peeves: no announcement, no hack
21:46 peeves ty!

What many of us have learned is that owing to the ongoing war between the kiddies, there is a good amount of misinformation and others trying to impress the lulzers. Based on the above and the lack of "official" announcements, it does appear to be a false flag report in the pastebin. I'll continue looking to see if we can find out who posted that.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.