Apple Thanks Fraudster Who Cheated It Of $2.5M Through Fake Orders
By Mikelle Leow, 08 Feb 2024
Photo 106817408 © Ulf Wittrock | Dreamstime.com
Trillion-dollar Apple found itself victim of a scheme by a San Francisco man, which cost the tech giant over US$2.5 million in gift cards and electronics. Despite his fraudulent actions, the culprit was thanked by the company for his “assistance.”
Noah Roskin-Frazee, a security researcher at ZeroClicks Lab, and his accomplice managed to manipulate Apple’s internal order system to ship products for free by altering the price details of the orders.
Roskin-Frazee gained unauthorized access to an Apple employee account by exploiting a flaw in a password reset tool. This breach allowed him to manipulate the Toolbox system, which Apple employees use to manage orders. By placing orders on hold—yet still editable—Roskin-Frazee altered the financial details to zero out the cost of the products, essentially tricking Apple into shipping items for free.
The duo’s grand plan involved more than two dozen fraudulent orders, aiming to pilfer over US$3 million worth of products and services from Apple.
They then sold these ill-gotten gains, including about US$2.5 million in gift cards and products, at a premium to unsuspecting third parties, all while using fake identities to cover their tracks.
The crimes are said to have started in December 2018 and went on until March 2019. However, Roskin-Frazee was arrested only in January 2024.
Despite the gravity of his actions, which include charges of wire fraud, mail fraud, and conspiracy to commit computer fraud, among others, Apple publicly recognized Roskin-Frazee in a January 22 support document for identifying several bugs in macOS Sonoma, including an accessibility issue and a critical Wi-Fi vulnerability, two weeks after his arrest.
“We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance,” Apple detailed. The nature of Roskin-Frazee’s “assistance” to Apple remains vague. Though, per 404 Media, he had reported security issues to the company in the past.
Still, Roskin-Frazee faces serious charges, including wire fraud and conspiracy to commit computer fraud, which could land him in jail for over 20 years if convicted.
More related news