https://9to5mac.com/2018/08/16/melbourne-apple-hack/
What kind of protocol was used, that Apple was able to get the SN of the laptops?
The article is not giving a lot of details, but
His access is said to include ‘authorised keys [which] grant log-in access to users.’
Assuming he somehow got access to certificates allowing access to Apple networks, it is probable that these certificates would include the serial number of the machine it was issued for. At logon, the certificate would need to be presented to the remote access server at Apple. This machine would have logging installed, and could make a note of the machine connecting, both IP and serial number from the cert.
The (hopefully) only way he could have acquired this certificate was that it was created and used by Apple for testing purposes, but then accidentally left behind on the machine before leaving the factory.
Using traditional command line based network tools would never (to my knowledge) expose your serial number of the machine.
The whole thing is wrapped in ambiguity. For example, one of the articles said “mainframe”. However the technical terms used aren’t mainframe terms (at least to my, mainframe, eyes).
And that’s probably how Apple wants it - entirely understandably.