A reporter working for the Apple-focused website 9to5Mac paid a source around $500 in bitcoin in exchange for leaked data from the company in 2018, Motherboard has learned.
In 2018, Guilherme Rambo wrote an article billed as an "exclusive" look at some new features for the then-upcoming iPad Pro. In the story, Rambo wrote that "sources familiar with the development of the new 2018 iPad Pro have offered additional details about the device, its features, and more."
But his source was actually Andrey Shumeyko, who for years has been involved in the so-called "Apple internal" community, a loosely defined group of Apple enthusiasts who trade leaked information, data, and stolen iPhone prototypes.
The article revealed that Apple would launch two iPads with only Wi-Fi and two with LTE connectivity, the type of processor the new iPad would have, details about the screen, and the fact that it would have a USB-C port instead of the traditional lightning port. Shumeyko told Motherboard that the article was based on data extracted from an iPhone XR prototype, which he said he obtained from a collector.
Shumeyko, who is also known as YRH04E and JVHResearch online, told Motherboard that Rambo sent him two payments of 0.031 and 0.05 bitcoin (worth around $500 at the time, but worth $3,592 today) in exchange for the data, which contained references to the upcoming iPad pro features. Shumeyko also shared records of the two transactions.
“I would pay you for that dump.”
During a previous conversation with Shumeyko, Rambo told him that "9to5 doesn’t pay sources," according to a video recording of the chat between the two. But then, when Shumeyko told him he had data extracted from an iPhone XR prototype, Rambo said: "I would pay you for that dump."
Rambo told Motherboard that this is the only time he remembers paying anyone for leaked data, and that his superiors at 9to5Mac were not informed of the payment.
"9to5 didn't know about this taking place," Rambo said in an online chat.
However, Rambo said that 9to5's policy at the time, and now, is to never pay sources.
"We don’t pay sources," Seth Weintraub, the founder and publisher of 9to5Mac and its sister websites, told Motherboard in an online chat, adding that he does not recall it ever happening.
"Our policy is that we don't pay sources now and always has been," Weintraub said in an email.
Weintraub then added that "Rambo has decided to take down any post which was based on the developer build in question. He stopped covering leaks in 2019 for 9to5mac but will continue to do his unrelated Apple Developer Podcast on our network. [Rambo] is a standup guy who has the support of the 9to5mac team."
On Tuesday, 9to5Mac updated the story, removing its content and replacing it with a disclaimer: "Update: This post has been removed due to 9to5mac’s sourcing policies." At the time the story was published, it was big news in the world of Apple observers. The article was referenced in subsequent pieces on MacWorld, BGR, iDownloadBlog.com, Gadgets360, iPhoneLife, and Wccftech.
Rambo told Motherboard that he did not consider whether the data he was paying for could be considered stolen.
"I didn't think of it that way. I guess I didn't realize back then that this could be the case. In my mind what had happened was this was a unit that went to someplace to be destroyed and wasn't properly destroyed, which is what the prototype people always talk about," Rambo said in the phone call. "Now I know better. But back then I guess I didn't. I thought it was like this, it was supposed to have been destroyed, but somehow it wasn't."
Last year Shumeyko turned into a "mole" for Apple, as he put it, and started feeding information to the company on people in that community, as well as journalists such as Rambo and their sources, as Motherboard revealed on Wednesday.
Apple did not respond to a request for comment.
Paying sources for information is generally frowned upon in the world of journalism. The Society of Professional Journalists in the U.S. writes in its ethics code that journalists should "be wary of sources offering information for favors or money.
"Do not pay for access to news," the code reads.
Subscribe to our cybersecurity podcast CYBER, here.