Late last week, the Apple Developer Portal was taken offline after it was revealed that an intruder had penetrated the system and gained access to user email addresses (and possibly other information). This downtime has lasted nearly a week, during which time millions of developers have been directly affected.

Because of the impact to the millions of developers - in some cases, even just people who want to install MacPorts or Homebrew or various XCode-related utilities - I've rated it a Level Three Attack. However, calling it an "Attack" may be premature. A security researcher in Turkey claims that he was at least partially responsible, and that he feels his access was trustworthy and does not warrant the response that Apple has taken:

Apple!! This is definitely not an hack attack !!! I am not an hacker, I do security research http://t.co/hkX8mwXTgj … @lifehacker

— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013

the video is now removed from youtube, i appoligise for sharing some of the confidential information, i had to, to proof the blames wrong

— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013

This sort of situation highlights some of the shortcomings of the ranking system as I've defined it - everything higher than a Level One Event gets rated as an "Attack", but I think some alternate words might be useful in describing both the scale and intent of the event. Since my goal is to protect people from unwarranted persecution, the subtle weight of language can easily mislead people into thinking that incidents are more serious than they might appear.

The researcher claims that data was being leaked by the system, which would seem to indicate a design flaw rather than malicious intent. Since most web systems are complex, especially long-lived ones, it's understandable that Apple would not be able to react swiftly to such reports - time and effort needs to be taken to audit the codebase for potential vulnerabilities or back doors.

As a result of this, though, those millions of developers are unable to access many resources that they require in their day-to-day work. Developer forums, API documentation, XCode files, iOS and OS X seeds - these are some of the items that have been offline for a week, and many developers are left twiddling their thumbs without them.

Hopefully things will be back online soon.

Related Links

• The Guardian: Apple Developer site hack: Turkish security researcher claims responsibility
• MacWorld: Apple acknowledges developer portal hack
• Engadget: Apple reveals that developer portal was hacked, announces system overhaul
• Mashable: Apple's Developer Portal Hacked, Awaits Overhaul
• 9to5Mac: Apple rolls out Developer Portal status page as it outlines restoration plan