Cyber Incident Victim: Kim Jong-Cracks
Date:
Jul 2014
Location:
United States of America
Summary
A cybercriminal group calling itself "Kim Jong-Cracks" compromised a major jailbreak tweak repository, stealing all paid and free software packages and redistributing them through a pirated repository named ripBigBoss. The attackers claimed to have injected malware into the stolen packages, though the platform's creator disputed this based on cryptographic verification mechanisms that showed no unauthorized changes to the original repository's content. The incident involved the exfiltration of extensive package data, including MD5 checksums, and was publicly motivated by rhetoric criticizing the jailbreak community's commercial dynamics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 21, 2014, the BigBoss repository—a primary source for jailbreak tweaks on Cydia’s iOS software platform—was compromised by hackers identifying as "Kim Jong-Cracks." The attackers exfiltrated all 13,954 packages from the repository, encompassing both paid and free tweaks, and established a competing site named "ripBigBoss" to distribute the stolen content without charge. As evidence of their breach, they publicly released the repository’s deb index and database, including package names and MD5 checksums. The group cited Saurik’s (Cydia creator Jay Freeman) "Competition vs Community" commentary as motivation for their actions, while promoting hashtags #WhichSideAreYouOn and #SupportTheCompettition to frame the incident as a ideological stand against commercial repositories. Kim Jong-Cracks asserted they had injected malware into the redistributed packages, though no technical evidence substantiated this claim at the time of reporting.
Saurik confirmed the breach but disputed the malware allegations, explaining that Cydia’s package verification system cryptographically validates repository indices, making unauthorized modifications detectable. His analysis of BigBoss’s historical index data indicated no unexpected changes to legitimate packages, suggesting the original repository remained uncompromised. Despite this assurance, security advisories urged users to temporarily avoid installing or updating tweaks from BigBoss until full investigations concluded. ripBigBoss was explicitly flagged as a piracy platform with potential malware risks, with warnings against downloading any content from the unauthorized mirror. The incident disrupted trust in jailbreak ecosystem security, exposing vulnerabilities in repository infrastructure while highlighting tensions between commercial developers and piracy advocates.