Re: Great work..
No need to imagine, read the really detailed breakdown they have written on how they went about the process and gained access.
Starting problem is that Apple have the entire 22.214.171.124/8 with 27k webservers hosted within it with many targetted at employees or partners. Its much harder to monitor and correlate attacks against that many servers, and I imagine the noise level is extremely high. It appears many servers probably weren't installed/managed by 'IT'.