How Apple orchestrated web attack on researchers

How Apple orchestrated web attack on researchers

Summary: The Mac press had a field day nearly destroying the reputations of two security researchers but where they alone in their actions? See proof of how Apple and its PR department were pulling the strings all along.


Last summer, when I wrote "Vicious orchestrated assault on MacBook wireless researchers," it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. A lot has changed since then: Researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details.

The scandal broke when Jim Dalrymple put out a hit piece on security researchers David Maynor and Jon "Johnny Cache" Ellch, saying that their research was a "misrepresentation."  Dalrymple based his conclusion solely on the word of Apple PR director Lynn Fox. David Chartier went even further and said that, "SecureWorks admits to falsifying MacBook wireless hack" based solely on a SecureWorks disclaimer (it's no longer there) that merely reaffirmed what the original video was saying all along--that the hack demonstrated in the video was based on third-party wireless hardware.  I had personally interviewed the two researchers before this whole scandal broke out, and I specifically asked Maynor and Ellch if they were using Apple's Wi-Fi hardware in their official Black Hat demonstration. They clearly said that no Apple Wi-Fi product was used for the exploit. That's why I was shocked to see the researchers blamed for changing their story and "admitting" they made the whole thing up when no one changed the story and no one admitted to anything. Yet the headline from Chartier, along with Dalrymple's story, was blasted all over the Web after it made Digg and Slashdot. Everyone simply assumed Maynor and Ellch were frauds because they supposedly "admitted it."

Through all of this, I've been accused of covering up for my "buddies" and losing my objectivity, but I had never met David Maynor and Jon Ellch--and last summer was my first trip ever to Black Hat and Defcon. It was by mere chance that I overheard them in an interview with another reporter in the press room. I asked them if I could videotape an interview with them afterward, and they said yes--which led to this interview. But when I read the news that the researchers "admitted to falsifying their research," I was shocked, and I almost believed it for a second--until I read the stories and saw that there was no admission but a simple reaffirmation of what had been claimed all along on SecureWorks' Web site in some obscure location that blogger Chartier just *happened* to find. It didn't matter that the so-called "evidence" wasn't an "admission" at all because it looked the part, and that's all that was needed to hang the two researchers and brand them as frauds. But did Chartier really just happen to come across the evidence?

When I called David Maynor to get to the bottom of this, it turned out that Apple PR director Lynn Fox (who was also cited by Jim Dalrymple as proof that the researchers "misrepresented" the research) was the puppetmaster from start to finish. She not only contacted sympathetic bloggers like Chartier and "journalists" like Jim Dalrymple, she was actually the one who got SecureWorks to publish the "clarification" in the first place. Once she got SecureWorks to publish a clarification that merely reiterated the fact that third-party hardware was used in the original video (and it was clearly disclosed in the first 20 seconds of the video that it was third-party hardware), she used that as "incriminating" evidence that the researchers admitted to falsifying the video and shared her "findings" with Apple-friendly press.

[* Update 4/4/2007 - David Chartier disputes he was contacted by Lynn Fox and is complaining that I didn't check with him on this.  That's hardly the issue here and I know for a fact from sources at Apple that Fox contacted the media and planted the "researchers admit to lying" story and handed out the so-called incriminating link to SecureWorks' website.  The fact that Fox did or didn't directly speak with Chartier is completely immaterial and it's been established that Fox did speak with Dalrymple.  Unless Chartier makes it a habit to routinely patrol obscure corners of the SecureWorks website, the information flowed from Lynn Fox to the media and it quickly made its way to David Chartier where he embellished and slandered two security researchers.  Why didn't I email Charier and ask him directly?  Simple, Chartier has been ignoring me when I ask him to explain why he slandered Maynor and Ellch and he had been deleting my posts on his blog asking him to explain the same question.  Chartier now claims he never saw my posts but I explicitly remember my posts on his blog and remembered him dodging the questions on why he slandered Maynor and Ellch.  Chartier can wipe my comments on his blog but he can't wipe it on mine and this thread still sits here with him dodging my question.  Chartier can say he never saw my posts all he wants but he dodged several of my posts on my blog and he erased my posts on his blog and now denies it.  After all that, I wasn't going to waste my time trying to contact someone who dodges my questions and deletes my posts.  He can't deny he slandered David Maynor and Jon Ellch and he won't answer to it.  Unfortunately there are more than 1000 links on Google pointing to Chartier's slanderous blog stating that SecureWorks admits to falsification.  Chartier and Dalrymple who were ultimately manipulated by Lynn Fox's planted story were the focal point of deception and that's why I'm calling these three people out.]

But how did Lynn Fox get SecureWorks to publish a clarification on its Web site? It turned out that Fox had actually wanted an even more incriminating statement from David Maynor himself and sent him an e-mail on 8/15/2006 (two days before the public accusations of fraud hit the Web) demanding that he post a confession word for word. Maynor refused and told Fox to speak to SecureWorks PR, and the two parties came to a compromise on 8/16/2006, where SecureWorks would simply post a clarification. SecureWorks never knew what hit them when the accusations of fraud hit on 8/17/2006 because they figured they were merely posting a clarification that reiterated what they had been saying all along. They had no idea that MacWorld and an unofficial Apple blog would tear them to pieces and simply assumed it was an admission that facts were originally misrepresented. As proof of how this all went down, here is the e-mail Lynn Fox sent to David Maynor demanding that he post the confession publicly. I was given a copy of it on 8/19/2006.

From: Lynn Fox <>
To: David Maynor <>
Cc: Moody David <>, Wiley Hodges <>
Date: Tue Aug 15, 2006 06:14:09 PM PDT
Subject: Your post on SecureWorks website

<<Original Attached>>


Below is the note we drafted about the MacBook exploit confusion.

Please confirm that you've received this and will post it without text changes on your blog and front and center on SecureWorks' news & events page tonight. The placement of this post should be as prominent as the initial announcement of the exploit demo at Black Hat.

You are welcome to call me on my cell at 415-###-#### if you need to discuss any further.


For the Record: MacBook is not inherently vulnerable to Black Hat-demonstrated exploit
By David Maynor

I want to clarify something about the wifi device driver exploit we demonstrated at Black Hat in Las Vegas a couple weeks ago.

Confusion has mounted as to whether the exploit I demoed at Black Hat and for Brian Krebs of the Washington Post is reliant the use of a third party driver. In short, the answer is yes. The MacBook is not inherently vulnerable to the attack, and I never said that it was.

Part of the confusion lies in the fact that we have not specifically named the third-party device driver; this is because we know that the vendor is working on a patch and we don't want to release the name of the chipset until the fix is in place.

I hope this clears up some of the confusion. Stay tuned for a live demo of this exploit live at Toorcon.

Note that I've masked out parts of the e-mail addresses and parts of Lynn Fox's cell phone number for privacy issues, but I can assure you it was the right phone number. I actually called the number to confirm that it was real, and Lynn Fox was quite upset and demanded to know where I got the number. I declined to answer since the e-mail at the time was given to me by David Maynor off the record. I asked Fox about the scandal, and she told me that her cell phone was breaking up and that she'd call me back. Within a minute, I had David Maynor instant-messaging me that Lynn Fox was on the phone with him in a rage. I told him I didn't disclose anything to Fox, and Maynor simply directed Fox to SecureWorks PR.

When I finally got Fox back on the phone, I asked her some questions about how MacWorld and the unofficial Apple blog got the information on the so-called confession. I got all my questions answered, but I can't disclose what she said since Fox refused to speak on the record. But the bottom line is that Lynn Fox played Jim Dalrymple, David Chartier, and the rest of the Mac press/blogosphere like a violin, though it was clear they were all willing participants. When I pointed out the flaws in their stories, Chartier and Dalrymple simply ignored me and stuck to their guns and Chartier erased all of my comments on his weblog.

So what was the end result of all this? Apple continued to claim that there were no vulnerabilities in Mac OS X, but came a month later and patched its wireless drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these "nonexistent vulnerabilities" but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The result was that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007, including last week's megapatch of 45 vulnerabilities.

Apple is a mega corporation that nearly smashed the reputation of two individuals with bogus claims of fraud. It didn't matter that they weren't the ones pulling the trigger because they were pulling all the strings. David Chartier should be ashamed of himself and his blog. Jim Dalrymple of Macworld and his colleagues who jumped on the bandwagon should be ashamed of their reporting. Frank Hayes was the only one of Dalrymple's colleagues who had the decency and honor to apologize. Most of all, shame on Apple.

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Never mind the horse head George....

    You're in for it now!

    This has always had the love stink of Jobs over it. Good for you in showing what has happened.

    I just hope you're tough enough for the backlash...
    • The truth will set you free

      They've been screaming for "the proof" for the last 8 months, too bad they're going to get what they wished for.

      These are some serious charges and I've reported only the facts. I can't say or post any of these accusations and emails if they weren't true without getting in to some serious trouble.
      • Still missing the "vicious orchestrated attack" part

        Let's see, you've shown us a "copy" of an email allegedly from an Apple PR spokesperson. The actual content of said email would seem to be an attempt to factually clarify the "Hack a Mac in 60 seconds" demonstration.

        Two questions:
        1) Was there anything factually wrong with the statement crafted by Apple?
        2) How does this go from one email to a "vicious orchestrated attack"?
        Robert Crocker
        • Yes there was something factually wrong with the statement.

          "Confusion has mounted as to whether the exploit I demoed at Black Hat and for Brian Krebs of the Washington Post is reliant the use of a third party driver. In short, the answer is yes. The MacBook is not inherently vulnerable to the attack, and I never said that it was."

          The whole reliant on a third party driver and the MacBook not being inherently vulnerable are misdirection and an out right lie. Since we know now the third party driver was for the Atheros chipset and that yhe driver was included as part of OSX the MacBook was inherently vulnerable to the attack.

          it never ceases to amaze me to what lengths the Cult of the Mac will go to defend Apple. The vicious orchestrated attack was where Ms. Fox planted falsehoods about what occurred to the Apple faithfull and friendly press and let them viciously attacked the security analysts knowing full well they were right all along.
          • Misrepresentation

            ---it never ceases to amaze me to what lengths the Cult of the Mac will go to defend Apple.---

            Odd, as far as I know, Robert Crocker does not own a Mac or use one. He's always been one of our local OSS Linux folks. Perhaps Apple is putting legal pressure on him as well.
            tic swayback
          • Shouldn't you be apologising about now....

            ... or doesn't this latest article clear your clouded vision as to what transpired? Seems to me you and your ilk have some groveling to do.
          • The vast "Apple" Winged conspiracy eh? Funny....

            Find me the smoking gun...perhaps a memo from Apple stearing others to do the
            dirty work. Then I'll give you something...props even. Still all in all even "IF" it is true
            it just seems like well business too me. I just like Apple better than MS never
            claimed either company were saintish and not capable of playing hardball. Stil there
            is that whole "prove it" thing we have too cross first.

            Pagan jim
          • Re:The vast "Apple" Winged conspiracy eh? Funny....

            [i]"Find me the smoking gun..."[/i]

            but there lies the problem.

            It wouldn't matter if the smoking gun had just discharged a bullet into your head, you'd still deny the existance of the gun, the bullet, the Anti-Apple statement etc...
          • If a letter from an Apple publicist instructing ...

            ... the security analyst to lie is not proof enough or the fact that one of the vocal attackers published an apology and said Apple told him he was wrong or the fact they patched the issue are not proof enough then you will never be satisfied. You can go back to sleep now.
          • What do I have to apologize for?

            Please quote any specific thing I have to apologize for. I repeatedly said that George and Maynor/Ellch could very well be right, just that I couldn't believe them without any evidence.

            George has presented some evidence here, but I'm not convinced it actually says what he claims it says. I've also yet to see any evidence of the originally claimed hack.

            So what should I apologize for? Do you believe everything you read on the internet, or are you allowed to ask questions?

            Oh, and you'll be sure to get that apology. In a few days....
            tic swayback
          • Guilty as charged

            Actually I'm a Java developer though we do use Linux here for computational work.

            I'm sure I've been pressured somewhere by someone but I have no idea who or how (personally I think it was that Occam dude, and he pulled something that looked like a knife on me).
            Robert Crocker
          • "...that Occam dude..."

            Nice! ;-)
          • RE: Yes there was something factually wrong with the statement.

            "t never ceases to amaze me to what lengths the Cult of the Mac will go
            to defend Apple."

            Yeah, those Mac zealots will go almost as far defending their Macs as
            George will defending Windows. In case you haven't noticed Mac users
            don't have a corner on that market.
      • As a Mac user ... thank you George

        I use the Mac, Linux and Windows and as someone who appreciates what security researchers do for the good of all computer users and the Internet community, thank you very much for writing this blog entry.
      • So Jihad George....

        When are you going to start telling the truth? Where is the so called orchestrated
        attack? Or better yet, the "smoking gun"? Oh wait, we're all supposed to take the
        words of [b]Jihad george[/b] an [b]Anti-Apple Zealot[/b] as fact? How many times
        have you twisted and misrepresented "facts" to suit you agenda? Too many time
        for the majority of the readers. Sure the NBM members take what you say as
        gospel. But for them Microsoft is a religion, just like it is for you. Do I personally
        think Apple is beyond reproach? No, it's a for profit company. If anyone here
        remembers a little application called SoundJam, I personally liked it. Apple bought
        the rights to it, as well hired the programmer. It was then renamed iTunes. Do I
        feel OS X is perfect? Hell no, it's a complex piece of software. But it is better than
        windows. The NBM members (yourself included), refuse to give it any credit.
        Instead you use deception, to make windows look better than it really is. Microsoft
        won't admit how many "flaws" they patch, claim that spyware is a "critical security
        enhancement", etc. Yet with all these wrong doings the NBM members still defend

        To date you haven't given any proof of your wild claims, unless you expect the
        general public to believe your lies. Since I don't believe you are you and maynor
        going to put a light cigarette in my eye? After all I'm one of those "smug Mac

        [i]These are some serious charges and I've reported only the facts. I can't say or
        post any of these accusations and emails if they weren't true without getting in to
        some serious trouble.[/i]

        If you were a serious journalist and not a 2 bit hack, you could indeed get into
        serious trouble. But the fact that you write a "blog" or "opinion piece", does not
        require the same burden of proof as a [b]real journalist[/b]. An opinion doesn't
        have to have any basis in fact, or even be accurate. You've openly stated that you
        love Microsoft and hate Apple. So anything you write, has a level of bias in it. The
        fact that it took maynor 8 months to reverse engineer a patch Apple put out,
        doesn't speak well for him and his NBM preaching either. Now add his Anti Apple
        comments, as well as insulting all Mac users. So your claim of proof is nothing
        more than something to garner you more praise at the NBM weekly meeting, well
        unless Microsoft is paying you directly for spreading lies and misinformation.
        • Look at your rantings

          Look at your rantings and you call George a zealot. I think it is sooooooo funny that the apple nuts get themselves all lathered up when it comes to "comments" on apples and such. Apple albeit smaller is the same as any corporation. You pot heads from the 70's are all gone. They are multimillionaires trying to protect that garage look and feel. As long as you do you will never be taken seriously - (10% or less of the market). You can cry moan and get is defensive. But you have flaws, bugs, open doors. And if you ever get to the point you are as big as MS (doubt it but weirder things have happened) then you are going to be hit so hard your little hippie heads will just spin. Can't wait for that to happen, it is going to be soooo funny. George you keep up the good work, and keep the "hippie freaks" hopping. Someone has to keep an eye on them and bring them back to reality, and not the rose colored glasses that the Apple Corp keeps handing out. Good WORK!
          • You need to...

            Take your meds. [b]Jihad George[/b] has often misrepresented facts to fit his agenda.
            This is why he writes a blog instead of reporting news. I for one never said OS X was
            perfect, just it's better than windows. [b]Jihad George[/b] is the one that made
            spectacular claims and never backed them up. [b]Jihad George[/b] is the one
            orchestrating a smear campaign on Apple. The NBM Zealots are eating it up, the rest
            of us are skeptical of any claims made by Zealots, such as [b]Jihad George[/b]. Why
            would you personally defend someone that has not shown any logical reasoning? His
            bias is well documented on ZDNet, try reading all his rants about how Evil Apple is
            and how benevolent Microsoft is.
          • Skepticism?

            Getting so fired up over a supposed non-issue? Who's giving who the facial now?
          • I just wanted you to know that this Microsoft tactic is not working.

            Better to improve ones own rep than try to bag on someone else.

            Microsoft will never regain what it has lost.
          • Message has been deleted.