Security researcher Noah Roskin-Frazee, who helped Apple find a Wi-Fi vulnerability, was arrested for fraud and defrauding the company out of $3 million. Frazee, along with an accomplice, stole $2.5 million worth of Apple gift cards and goods totaling more than $100 thousand.
Apple is not directly named in the court documents, but “Company A” appears, which is located in Cupertino. Additionally, the court mentions that one of the criminals used gift cards to “purchase Final Cut Pro from the App Store,” and Apple is the only company that sells this software.
In 2019, Frazee and an accomplice used a password reset tool to gain access to an employee account that belonged to an unnamed “Company B,” which supports Apple customers. This allowed them to gain access to additional employee credentials, including Company B's VPN servers.
Thanks to this, Frazee was able to get into Apple's systems, placing fraudulent orders for Cupertino equipment. He used Toolbox, which was used to edit orders after they were placed. The fraudster reset the cost of orders, added other products, and extended AppleCare insurance for himself and his accomplice. All this happened between January and March 2019.
Frazee was charged with mail fraud, conspiracy to commit bank and mail fraud, conspiracy to commit computer fraud, and intentionally damaging a protected computer.
Now the researcher faces more than 20 years in prison with confiscation of illegally obtained goods.
In January, Apple thanked Frazee for discovering several bugs in macOS Sonoma, and the document was published less than two weeks after his arrest.