What you need to know
- An Apple leaks community insider was also working as a double agent for the company.
- Andrey Shumeyko had access to leaked information but also tried to help Apple clamp down on leaks.
- He is sharing his story because he believes he was taken advantage of, having never received compensation and having never worked for Apple.
An Apple leaks community insider was also working as a double agent with Apple to help identify the source of leaked information, a new report claims.
For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating.
Andrey Shumeyko said he was sharing his story "because he felt that Apple took advantage of him and should have compensated him for providing the company this information."
Shumeyko reportedly struck up a relationship with Apple after alerting its Global Security team to a phishing campaign against Apple Store employees:
Shumeyko said he established a relationship with Apple's anti-leak team—officially called Global Security—after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it.
Shumeyko reportedly obtained a leaked copy of iOS 14, and tried to help Apple figure out how it had got out, offering information "about the person who allegedly purchased the iPhone 11 that contained the iOS 14 development build, the security researchers who got a leaked copy of the operating system, and a handful of people who apparently live in China and sell iPhone prototypes and other devices that appear to leak out of factories in Shenzhen."
He told Apple he'd found "the mole who helped him orchestrate the thing." Shumeyko reportedly stayed in touch with Apple for almost a year, providing more information that led to Apple sending out legal letters to leakers in China:
Last year, Shumeyko sent Apple investigators a PDF titled "The List," essentially a dossier where he shared personal details such as phone numbers, WeChat IDs, and alleged locations of three people who advertised and sold devices on Twitter, as well as a U.S. citizen who collects iPhone prototypes. One of the people listed in the PDF is the one who received the legal letter from Apple, Motherboard has learned.
Unfortunately, Shumeyko apparently thought that helping Apple meant Apple would help him:
Shumeyko said he was hoping that by helping Apple, the company would help him in return. But that, he said, never happened. And he's now questioning whether he should have helped in the first place.
He reportedly lamented "Now it feels like I ruined someone for no good reason", having alerted Apple to an employee in Germany who worked on Apple Maps and was offering to sell access to an internal Apple account.