For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating.
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
At the time, people in the iPhone hacking community told Motherboard that the leaked iOS build came from a stolen prototype of an iPhone 11 that was purchased from gray-market vendors in China. Sensitive Apple software and hardware occasionally leaks out of China, and there is a thriving gray market of stolen iPhone prototypes that are marketed to security researchers and hackers interested in finding vulnerabilities and developing exploits for Apple's devices. Apple is obviously not happy about any of this. But over the years, apart from the time it famously went after a Gizmodo journalist who found a prototype of an iPhone 4 in a San Francisco bar, the company has largely kept its response to leaks under wraps. In mid-June, Apple lawyers in China sent letters to a Chinese citizen who advertised and sold stolen devices, demanding they stop their activities and reveal their sources inside the company, as Motherboard reported last month.
“People trust me, and find me pretty likable, and so I’m capable of using that to my advantage”
"I think I found the mole who helped him orchestrate the thing," Shumeyko wrote to Apple, referring to the iOS 14 leak and the person who allegedly purchased the stolen prototype. "I've identified which one of the 3 Chinese hardware suppliers sent him the phone. I’ve received a package from that same guy in the past (still have the DHL tracking number), and I have his phone number. Would any of the above be of any aid?"
At the end of the email chain, an Apple employee asked if Shhumeyko was free for a chat."What’s the number you use for Signal/Telegram? We will assign a member of the team to reach out," the employee wrote. Shumeyko said he was willing to help as a way to redeem himself for being part of that community, and to get some money out of it, according to him and his online chats with an Apple Global Security employee."People trust me, and find me pretty likable, and so I’m capable of using that to my advantage," Shumeyko told the Apple employee during their monthslong online chats. "I regret my involvement in all that stuff and I’ll do whatever you need me to redeem my past actions."
Do you work, or used to work for Apple? Do you research vulnerabilities on Apple's devices? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
"I know I’ve been naughty, but my actions so far landed the right connections which I can use to help further the company. Getting into this whole thing was a mistake on my side," Shumeyko told the Apple Global Security employee. What he shared was interesting enough to prompt Apple employees to keep the communications channel with Shumeyko open for almost a year. Two people who are part of the Apple jailbreaking and internal community confirmed that Shumeyko was dabbling in it by advertising leaked data on Twitter.
"He’s tweeted a lot with internal materials from Apple," one of the people in the Apple jailbreaking and internal community told Motherboard in an online chat. "I think he is widely trusted to be an original source of that information."Another person, who also asked to remain anonymous as he, too, is involved in the jailbreaking and internal communities and fears retaliation from Apple, told Motherboard that Shumeyko "was most definitely involved in that community and he most definitely had some level of access to things he shouldn’t have." According to the person involved in the jailbreaking community, "the 'Apple Internal Community' is just a bunch of kids on Twitter who find, buy, sell, and trade firmware or other such things without realizing the repercussions such things carry." But other than kids, there are also serious sellers, mostly based in China, who sell prototype iPhones for thousands of dollars, as a Motherboard investigation showed in 2019.
“He is widely trusted to be an original source of that information.”
Still, his constant flow of tips on people in the jailbreaking and internals community, as well as tips on Apple employees who were active online and were leaking information, were well received by the Apple Global Security employee."We appreciate the information you provide. Please feel encouraged to keep sharing what you have," the nameless Apple Global Security employee said. The chats between Shumeyko and the employee spanned almost a year, and the Apple employee consistently thanked Shumeyko for the information and asked for more information about specific materials and people. In the summer of 2020, Shumeyko told his Apple Global Security contact that he’d been in touch with an Apple employee in Germany who worked on Apple Maps. Shumeyko alleged that the employee was offering to sell access to an internal Apple account used by employees to log in to their corporate emails and intranet. Shumeyko said he always kept contact with the employee, who eventually told him that he’d gotten fired.
Shumeyko said he was hoping that by helping Apple, the company would help him in return. But that, he said, never happened. And he's now questioning whether he should have helped in the first place."Now it feels like I ruined someone for no good reason, really," Shumeyko told me, referring to the Apple employee in Germany.
“Do the right things to protect Apple. Keep it that way, you will be proud of yourself, so will we.”