ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Cybersecurity Researchers Charged with $2.5 Million Virtual Gift Card Fraud Against 'Apple'

The recent revelation has triggered growing concern among consumers.
PUBLISHED FEB 12, 2024
Cover Image Source: Security logo | Pexels | Photo by Pixabay
Cover Image Source: Security logo | Pexels | Photo by Pixabay

A recent incident that took place in California has brought two individuals, Noah Roskin-Frazee and Keith Latteri, into the spotlight. Accused of orchestrating a meticulously planned virtual gift card heist, the duo stands charged with defrauding a major corporation of $2.5 million. While the court papers remain discreet about the victim's identity, all signs point to tech giant Apple as the target of this elaborate scheme.

Source: GettyImages | Scott Barbour  Staff
Image Source: Getty Images | Photo by Scott Barbour Staff

The modus operandi involved exploiting vulnerabilities in the contractor's infrastructure, allowing the scammers to meticulously order gift cards and hardware. The financial gains amounted to $2.5 million and $100,000, respectively. However, the scheme extended beyond monetary theft, encompassing the resale of stolen assets to third parties. This not only defrauded the company but also impacted the customer support business contracted by the tech giant, resulting in losses running into millions.

While the court papers maintain discretion about the victim's identity, the description of "Company A" in the indictment aligns strikingly with Apple's corporate profile. Described as a corporation headquartered in Cupertino, California, involved in the development, manufacturing, licensing, support, and sale of computer software, consumer electronics, personal computers, and services, the circumstantial evidence overwhelmingly points towards Apple as the unsuspecting victim of this cybercrime.

Pexels | Plann
Image Source: Pexels | Photo by Plann

The success of Roskin-Frazee and Latteri's virtual heist can be attributed to their strategic access to key Apple backend systems. The Log Program, integral for customer support in searching and ordering replacements, and the Toolbox program, enabling edits within a limited timeframe, played crucial roles in their operation. Moreover, the third-party contractor's Jamf MDM platform, typically used for configuring Apple devices, became an unexpected tool in the crime.

Hacker silhouette typing on computer keyboard while hacking system | Pexels Photo by Anete Lusina
Image Source: Pexels | Photo by Anete Lusina

Leveraging a password reset tool on a targeted account, the scammers unearthed credentials for staff accounts with access to the company's VPN servers. Once connected to the contractor's VPN, they exploited remote desktop software, gaining control over computers in India and Costa Rica. The contractor's Jamf MDM platform facilitated access, creating a reverse SSH tunnel to the accused's Microsoft Azure account, ensuring continued remote access from December 2018 to March 2019.

Armed with legitimate credentials and VPN access, Roskin-Frazee and Latteri infiltrated what court documents describe as "Company A's Connect application." A likely reference to Apple's App Store Connect, this served as the gateway to control the Toolbox, allowing them to manipulate orders during a brief window. The alterations included extending service contracts, adding products, and audaciously changing all prices to zero.

Apple acknowledged Roskin-Frazee in a December 2023 security update, a day before his indictment. Alongside his colleague "Prof. J." of ZeroClicks Lab, he was recognized for reporting a macOS Ventura bug. 

Tim Cook at the Apple Worldwide Developer Conference | Getty Images | Justin Sullivan
Image Source: Getty Images | Photo by Justin Sullivan

The intricate web of systems exploited underscores the urgent need for fortifying backend infrastructure against sophisticated attacks. As the cybersecurity landscape continues to evolve, cases like these serve as reminders, emphasizing the need for robust security measures to safeguard against increasingly sophisticated cyber threats. The renowned tech giant, celebrated for its robust security measures, now raises concerns about the safety of its customers.

MORE ON MARKET REALIST
The show took a hilarious turn when a contestant gave a bold answer that caught the host completely off guard.
6 minutes ago
Despite talking through her guesses, Carrie Trujillo couldn't crack the puzzle and failed to win $40,000.
1 hour ago
Robert Herjavec and Lori Greiner rubbed it in O'Leary's face by celebrating their deal with Phoozy
21 hours ago
Duc and Lisa Nguyen's stubbornness paid off, as the co-founders of Baubles + Soles got Daymond John as a partner.
23 hours ago
The player got the host to be candid about his fears and his mother's opinion on him.
1 day ago
Justin Baer, founder of Collars & Co., was looking for mentorship from the Sharks in addition to a $300,000 investment.
1 day ago
She said that her husband may still have to buy a dog as America may hold him accountable.
1 day ago
When Harrison knew that the 18th-century map was the real deal, he made a genuine offer.
1 day ago
10 years after her sister’s win, Chelsea Hall hit the jackpot on ‘WoF’ with a brand new Mini Cooper and a cash prize.
2 days ago
The co-founders of BuggyBeds wowed the Sharks so much, they were "itching" to invest, and offered a $250k deal.
2 days ago
The guests were left stunned to find out just how much the repairs would cost.
2 days ago
Unfortunately for the seller, she allegedly got robbed of a significant amount of money.
3 days ago
Not only did the co-creators of FlingGolf get a $300,000 deal, they proved Mr Wonderful wrong.
3 days ago
The guest never imagined the old, autographed sneakers that his mom acquired could be worth so much.
3 days ago
The gameshow whiz did it again by bagging the top prize on yet another trivia test.
3 days ago
Riccardi took to Reddit to clear the air around his stunning loss which was facing scrutiny.
4 days ago
Fans gathered on the show's unofficial Reddit forum to discuss the 'dumb and useless' items.
4 days ago
The contestant, Matt Benton expressed he wanted to enjoy the moment before thinking of the future.
5 days ago
The guest who treasured the collection had no idea how significant it was.
5 days ago
Even the contestant admitted that there was no way he could've got the answer.
5 days ago