Apple Vulnerability Researcher Charged for Theft of Millions in Gift Cards and Gear

Tech companies often work with security researchers who find and report bugs and vulnerabilities. Apple is no exception, though one of its researchers ran into trouble when they hacked in and stole millions of dollars in gift cards and products. The company recently thanked the defendant in a software security update, attaching his name to a few of the notes.

Noah Roskin-Frazee was charged with hacking into Apple’s backend and using his access to steal millions in apps and products. The orders that Roskin-Frazee was able to complete totaled around $2.5 million in gift cards and more than $100,000 in hardware and services. Court documents note that many of the cards were resold online, and in one example, six laptops were sold to a third-party reseller,

Interestingly, the court documents don’t explicitly name Apple, only referring to Company A and Company B, but the records note that one of the gift cards was used to “purchase FinalCut Pro on Company A’s app store,” which is only sold by Apple. Another person, Keith Latteri, was also charged.

Roskin-Frazee and his partner allegedly used a password reset tool to access an employee account at Company B, which contracts with Apple for customer support. From there, they gained access to Company B’s VPN servers, which led them to Apple’s systems. That enabled the fraudulent orders, which were manipulated using Apple’s Toolbox app.

They were able to change order totals to zero and add products to orders without costs. Brazenly, they also gave themselves access to AppleCare extensions without paying. The pair used fake email addresses and bogus shipping services as part of their scheme. It’s unclear how Apple identified the thieves, but the alleged crimes happened five years ago. Whatever the process, the outcome is clear: Roskin-Frazee and Latteri face severe charges of wire fraud, mail fraud, conspiracy to commit computer fraud and abuse, and more.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.