updated 12:31 pm EDT, Mon July 16, 2012
Blocks IP, issues server takedown demand
Following up on an official statement, Apple has taken additional steps to stop a hack that was allowing free in-app purchases via the App Store, according to The Next Web. Over the weekend, the company started blocking an IP used by a Russian hacker to fraudulently authenticate some purchases; it also issued a takedown demand against the server, and filed a copyright claim with YouTube which resulted in a how-to video being pulled. PayPal ended up involved in the matter as well, closing off the original donation account to the hacker, Alexey Borodin.
Borodin has reportedly since migrated his authentication service to an offshore server, hoping to dodge any further legal attacks by Apple. The service has moreover been updated, cutting Apple servers out of the equation. Borodin states that the new system "can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled." To use the workaround, people have to sign out of an iTunes account first.
Borodin claims that he isn't logging device data, but the setup may still raise security concerns on top of the ethical worries of stealing content. The hacker adds that Apple still hasn't contacted him directly, and he is calling on the company to either modify its APIs or implement new blocks. He is still taking PayPal donations through a private PayPal account.