28 Nov Former Apple Informer Spills On “Toxic” Relationship

Leak enthusiast’s bite of Apple pie goes sour

– David Braue

Melbourne, Australia – Nov. 27, 2021

It seemed like a good idea at the start, but Andrey Shumeyko’s long-running relationship with Apple ultimately turned “toxic” when the computing giant’s lawyers turned on him, launching a DMCA claim over his Twitter account that got him kicked off the social media site — and convinced him it was time to go public with his story.

That story — which saw him grow from being an enthusiastic member of the Apple leaks community to being handled by Apple’s Global Security team as an embedded informant — started years ago, as Shumeyko began exploring forums for leakers, security researchers, and Apple enthusiasts.

“I noticed people who were interested in Apple’s internals,” he told Cybercrime Magazine, “and not necessarily leaks of information regarding upcoming devices, but anything Apple corporate in general. It seemed really exciting and fun.”

Yet once members of the online leaker community began offering what he called “really outrageous paychecks” for the information, he recognized the potential to turn his hobby into money.

“It seemed like a really nice, original opportunity for me,” he said, “so I jumped right in.”

As he built up his illicit networks, Shumeyko found himself regularly interacting with all manner of leakers – for example, security researchers who, he said, want the often less-secure device prototypes “to find actionable vulnerabilities that you can then use to jailbreak an actual production iPhone.”

He was also closely involved with online leakers, who regularly feed information about Apple products in development to enthusiast and media sites.

Shumeyko’s trade in Apple secrets grew, until 2017 when he was contacted via Twitter and asked for help configuring VPN access into the company’s system using a range of Apple Connect credentials.

“It sounded like a great opportunity to gather more information, more intelligence, and more data,” he recalled, “but in fact what he had sent me was dozens of credentials of random accounts that were phished from employees.”

The mysterious contact’s ultimate goal, Shumeyko surmised, was to use these accounts to find information and tools to help unlock stolen Apple devices — a “rather lucrative business,” he said, “especially for those who do it well.”

Realizing this was a step too far, Shumeyko contacted Apple — whose Global Security head, Thomas Moyer, engaged with him at the beginning of a relationship that ultimately continued for many months.

During that time, Shumeyko fed Moyer’s team information about the people he was interacting with, the names of the Apple employees they were targeting, and the information they were collecting — including the text of the phishing emails he was sending to employees.

The relationship continued for some time, then fizzled out — until 2020, when Shumeyko “lost most of [his] clients” and financial pressure “was becoming a real problem.”

“I was still very much dependent on this particular source of income,” he said, “and I realized that this wasn’t the way to do one’s life.”

“I wanted to get some kind of a fresh start, and I hoped that Apple would help me out in exchange for my help.”

A fresh start — and a betrayal

Knowing Apple’s reputation for going to extremes to ferret out leakers — just this year the company sued a former employee it accused of leaking trade secrets to the media — Shumeyko once again contacted Moyer, who he said responded “immediately” and arranged for Shumeyko to become a mole within the leaking community.

“I was sharing with them details of employees involved in leaks, employees in China and third parties helping facilitate the leaks and smuggling hardware, and employees using their positions for their own advantage,” Shumeyko recalled, calling his relationship with the Global Security team “decent” during that time.

“I hoped that in this way Apple would be able to help me financially, and brush it off as if I was doing something for their Apple Security Bounty program.”

The relationship began turning sour, however, as Shumeyko pressed the company for a financial commitment and the investigators began stalling — claiming, for example, that they would need shareholder sign off to approve payments for him.

“They began using this as leverage,” he said, “and I became particularly impatient — so at times, I would leak some details and use the details that I had to stir things up a bit.”

This included a campaign of Twitter posts in which he would publicly complain that he was “unhappy doing business with them” and how they had been “inefficient” in their response to the information he supplied.

“There was a person who was assigned to process all of the intel that you gather for them,” Shumeyko said, “and you would send those details — but when I asked if it was enough, they would rarely be able to give a direct answer. It was pretty toxic.”

Once Apple’s legal team moved to silence his Twitter tirades, however, Shumeyko said, “it felt like they were just using their legal team as an excuse to take away my voice — and I did not like that.”

Now that he has come out publicly with his story — he was recently featured in an exposé on Vice, for example — Shumeyko admits the reception online has been “mostly negative.”

Yet while he’s sure there must be people out there with similar experiences, he hasn’t met anyone else in a similar position. But the decline in his relationship, he believes, is a sign of a broader culture issue at a company whose corporate culture has been portrayed as “very much toxic.”

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.