Hacker News new | comments | show | ask | jobs | submit login
Turkish security researcher claims responsibility for Apple dev center hack (engadget.com)
45 points by braum on July 22, 2013 | hide | past | web | favorite | 34 comments

"Security researcher" who needs to learn a lot about ethics and just proper procedure. It's already been said, but it's pretty lame to grab all those accounts, then make a video of some of the data and display it to the world. Poor form, Sir. Poor form.

I agree. Everything about this stinks.

Further, I'm not one to put folks into stereotypes based upon where they're from, but I do note the exceptional security violation earlier this year related to the Google Certificate being compromised by a Turkish ISP. Not that the two are related, but that's my most recent thought with respect to Turkish Security research.

> I'm not one to put folks into stereotypes based upon where they're from

You are definitely putting folks into stereotypes based upon where they're from.

This was probably not ethical, but he sure could have been anyone in the world.

The probability that a certain person be "unethical" is independent of any other characteristic of that person.

> The probability that a certain person be "unethical" is independent of any other characteristic of that person.

Given that ethics are strongly related to one’s culture, I find this unlikely as a general statement. What can be ethical for me may not be ethical for you. Think about guns, abortion, etc, even clothing.

> The probability that a certain person be "unethical" is independent of any other characteristic of that person.

To nitpick offtopic: Is there any proof of this? That "personality charasteristics" are completely independent of any other such charasteristics? I would believe that there's some correlation between various personality charasteristics, as a hypotethical example consider "ethical" people to be more likely to be helpful/nice and "unethical" be less helpful/nice.

Not that this has anything to do with... anything but... :( Sorry!

I've read recently, here and there, that unethical behavior correlates with higher income. (And please, it's a probability ...)

> The probability that a certain person be "unethical" is independent of any other characteristic of that person.

So it's innate and completely random? Social environment growing up doesn't matter? Wealth, social class, education, intelligence, none of that matters at all?

Look I don't want to open a can of worms but my original comment is dead or I'd edit it.

I did not mean that because one Turkish company did something untoward it automatically colors all Turkish people. I only meant that the most recent piece of news about Turkey with respect to computer security was the certificate incident. If that's worthy of pitchforks so be it, but I hardly think it's racist.

To be clear, I am not saying all Turkish security researchers are evil criminals bent on world domination. I am saying that the most recent piece of news I can I recall about security in Turkey was the issue with the google cert.

I am Turkish, and I am more of a nationalist than my friends. But I fail to see how josh2600's comment is racist. Are those not facts? Was it implying something that I missed?

Don't ever mention anyone's ethnicity on the Internet. Lesson learned.

Nothing I said was inaccurate, the folks on HN just didn't like how I said it.

I made this comment below as well, but just try replacing Turkish with gay and see how your comment sounds then.

Somewhat related; when I was gay I one of the easiest giveaways of a closet homophobe was if the first sentence out of their mouth was: "I don't have a problem with gays," usually followed up by "my friend/cousin/uncle is gay."

Like you probably, they were usually pretty sweet homophobes because they were already self-censoring, but they were almost always homophobes nonetheless.

Again, I'm not trying to open a can of worms, but I don't think noting a recent news piece makes me tantamount to a homophobic person.

Is it not accurate that the last piece of security news from Turkey was about the SSL issue? Your implication tha I'm self-censoring is unwelcome and inaccurate.

My word choice in my original comment might've been poor, but you're going a bit too far in your analogy.

Again, I'm not saying all Turkish people are corrupt security researchers. I am simply saying that, perhaps I am ignorant, but the biggest security news I've seen out of Turkey was the SSL heist and now this. It does not imply, again, that all Turkish people are bad, it is only an evaluation of a piece of information with an attempt to provide a bit of context.

In getting back to the original point, it seems quite odd that the researcher had to attack Apple after his disclosure and it seems even odder to release customer information in a YouTube video. Does that sound like a senior security researcher to you?

You're inferring a casual relationship from two unrelated data points across a particular year.

So if I find two security violations (there's one like every other week) originating from the US across a random year, does that mean Americans are unethical?

I haven't enough information about the ethics of this situation so I won't comment on that. However, you exactly sound like person who "puts folks into stereotypes" in your last two sentences. Come on, even Apple's servers get compromised as what all this fuss is about, are you trying to be ironic when you judge a whole industry in a country by a security breach in one of its ISPs? If he's not a security researcher but rather a "security researcher", following your steps, what kind of position does this put Apple and the American IT Industry?

OK. That's completely unnecessary and racist; very racist.

Please take a couple of minutes to reflect on how wrong what you just did here really is.

While I agree that a hacker being from country $FOO should bear no negative association with everyone else from the country, this doesn't appear to be racism, which is a label that already get applied too often.

You can make disparaging remarks about a nation without it having any racist intent. The people on HN and elsewhere who disparage the USA, for instance, could hardly be singling out a single race.

If you choose to correlate two generally unrelated negative events based on race and imply they are a symptom of an underlying failing of character of the culture, that is very much racism.

Just try replacing Turkish with gay, which is about equally as arbitrary of a relationship to pick, and see how the parent's statement sounds to you.

In that case it would sound homophobic, not racist.

Exactly ...

There's nothing "Exactly" about it, unless you're trying to claim that cultural norms are the same as races now.

Ah OK. If we're talking definitions then indeed; as far as I'm concerned discriminating based on cultural norms of a specific country is still racism.

I can imagine that in the US racism more commonly concerns the traditional notion of race but in Europe, where race and nationality are usually synonymous for all intents and purposes, a workable definition needs to be a bit broader.

I double checked it on Wikipedia just to get a second opinion and this is what they have to say about it:

> Some definitions of racism also include discriminatory behaviors and beliefs based on cultural, national, ethnic, caste, or religious stereotypes

Maybe you don't like the disclosure style.

Maybe you don't like the place of the heart where he was born.

Maybe you wouldn't like to be him, neither his procedures.

Meh, even I dislike the O.S. he uses.

But anyway, the fact is there. And I will not be the one who kills the messenger.

Bravo, "Turkish security researcher".

Turkish security researcher Ibrahim Balic hacked my facebook the other night and posted some drunk ramblings. That guy is a real pistol when he drinks.

One possibility: his report made Apple aware of a hole that someone else was exploiting more deeply.

I've wondered about this as well. Its possible his behavior showed them the pattern and then when they went through their logs they saw more of it from before he started. Or they could just be in a delayed reaction mode.

He didn't discover a vulnerability. He hacked Apple, got scared, and tried to save his ass.

How do you hack something without discovering a vulnerability? Assuming that there are no known vulnerabilities.

Ok, technically you are correct. Good job. What I meant is he wasn't hacking benevolently to discover vulnerabilities to promote world peace and economic development for poor orphans and endangered species.

But what exactly is different between this guy and some benevolent hacker? According to the linked article, the storyline sounds pretty much like the old "someone hacks a big corporation and tries to inform then, but gets ignored or accused of crime".

The difference is intent.

There is no way for us to know the intent. Shouldn't we just look at the actions? Was the stolen data misused somehow in this case? The article does not say so.

Check out his early interview, http://www.ntvmsnbc.com/id/25369117/, I think he wanna be famous :P

At least it wasn't that annoying Kaspersky nut, We never would have heard the end of it.

I guess nuts make the best antivirus.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact