Apple Denies iCloud Hack as Cause of Locked iOS Device Ransom Demands

SusanK · May 28, 2014

Ammanas said:
Does anyone have trouble accessing the support thread given ?

I get this notice:

Image

Though it seems that the support site on the American and Australia websites are working fine ...

Tuesday morning I was not able to access support. Attempts to login resulted in a screen with a padlock superimposed oer the Apple logo.

I'm using Win 7. Took all Apple offline as a precaution.

I have not tired to login since then. I was able to read the thread on this issue.

FakeWozniak · May 28, 2014

With the number of active accounts in the millions, it is fair that Apple prevent widespread panic.

With that said, I would expect that Apple could/has offered the IP address of the "ransomer" to the police who are probably tracking down the douche bag. I would expect a follow up article in a week or two after the Australian courts grant search warrants to the ISPs. Probably gonna be a 14 year old nerd.

linuxcooldude · May 28, 2014

GoCubsGo said:
They're advice isn't bad but I feel like I've seen Apple take the "it's not us" stance before then later turn around and admit there was some breach or something. My memory could be wrong.

Apple did have a breech in the developers site, which they took down and publicly stated as such. I believe they would do the same if they thought the iCloud had something simular problems with hackers.

The typical average users are not very savy when it comes to internet security and something as simple as using different passwords for each account. They prefer convenience over better security. Another reason why Apple is coming out with things like TouchID & Keychain.

scaredpoet · May 28, 2014

FakeWozniak said:
With that said, I would expect that Apple could/has offered the IP address of the "ransomer" to the police who are probably tracking down the douche bag.

I'm sure they have, but more likely than not, the douchebag is in a country where law enforcement doesn't take a every serious stance against hacking foreign accounts. The fact that the hacker is demanding ransom and is providing e-mail addresses to reach him/her tends to suggest this is the case.

I would expect a follow up article in a week or two after the Australian courts grant search warrants to the ISPs. Probably gonna be a 14 year old nerd.

I doubt the hacker is in Australia.

jeremysteele · May 28, 2014

surfingarbo said:
Who actually asks for a ransom in typed-text format? Real ransom's are made with individual letters cut from magazines with a scissors.

Westside guy said:
Plus there's probably an iOS app to simulate that look.

Skeumorphic design? Must be a Scott Forstall project.

Gasu E. · May 28, 2014

allanfries said:
I'm calling "user problem" as well. I know so many people that have poor passwords. Like their name for instance!!! :roll eyes: If iCloud was hacked, this would be appearing world wide, wouldn't you think?

Anyone who uses their name as a password is a fool. Mine is "p@ssWord1". Notice how I used a number, a capital in a funny place, and a "@" to trick the crinimal element.

gnasher729 · May 28, 2014

GoCubsGo said:
They're advice isn't bad but I feel like I've seen Apple take the "it's not us" stance before then later turn around and admit there was some breach or something. My memory could be wrong.

As you said, your memory could be wrong. You take an "it's Apple to blame" stance before you immediately turn around and say that maybe it isn't. Exactly the same thing that you accuse Apple of doing.

So far the most likely explanation is that someone broke into a non-Apple website somewhere in Australia, got email addresses and passwords, noticed some Apple-related email addresses and checked if the passwords happened to be AppleId passwords.

----------

batchtaster said:
"Coincidentally", this week I received a phishing attempt, claiming to be from Apple (which was obvious, and I reported through both SpamCop and Google). I've never received one from them - it's always been Amazon, PayPal, eBay, banks, etc. (Part of me actually went "well, it's about time.")

I'm not doing very well in that department recently. It used to be that I had huge lottery wins in emails at least once a month (which must have been extreme luck because I don't play the lottery). I won at least 1.5 million Euros, plus a brand new BMW. Lots of friends in African countries, some local royalties, generals, ex-presidents, who all trust me with their money. But recently these things have become nastier. My wife got a $150 parking fine in an email. Which was strange, because we live in the UK so a $150 fine is unusual, they didn't tell where this happened, or the license plate of her car, and the email was addressed to a dozen recipients whose email addresses all started with the same letters

hungx · May 28, 2014

The hack is targeting non pass code locked devices, so I would probably set one now if I were you. The hack has now spread to other countries besides Australia, so this article is a little outdated.

Apple does not have 2 step verification for iCloud.com. You can log in to iCloud on any device to access Find My iPhone.

To decrease your chances of being hacked, add a passcode and change your iCloud password if you also use it for another website or if it's weak.

rdlink · May 28, 2014

I've said it before, and I'll say it again. This is the type of crime that begs for the death penalty.

justperry · May 28, 2014

rdlink said:
I've said it before, and I'll say it again. This is the type of crime that begs for the death penalty.

So someone which steals a iPhone, which is more or less the same as this, should be hanged?
All the while, there are white collar criminals which cost the world economy trillions, walking as free men!

rdlink · May 28, 2014

justperry said:
So someone which steals a iPhone, which is more or less the same as this, should be hanged?
All the while, there are white collar criminals which cost the world economy trillions, walking as free men!

This is a cold blooded, calculated decision to terrorize someone for money. It's the same as identity theft and/or computer theft, IMO.

At least there is some argument that white collar criminals don't always have bad intentions going in.

Identity thieves, computer thieves, and these guys most definitely do.

charlituna · May 28, 2014

WBRacing said:
Given that Spotify recently recommended that all android users change their spotify account passwords after one account was potentially compromised, it is interesting to see Apple take a much more "nothing to do with us" stance. I hope for their sake that they are 100% sure on that one.

That it is geographically isolated is a strong factor against it being an 'iCloud hack'. After all if they got into the iCloud system they would be targeting folks everywhere.

It's more likely that these folks were using the same password on another system and that was hacked.

Plus any server is going to have logs that will show if some kind of hinky business had happened.

----------

batchtaster said:
"Coincidentally", this week I received a phishing attempt, claiming to be from Apple (which was obvious, and I reported through both SpamCop and Google). I've never received one from them - it's always been Amazon, PayPal, eBay, banks, etc. (Part of me actually went "well, it's about time.")

They have happened before. Apple had even sent out notices that it wasn't them, that it's fake. A big one happened right when mobile me was flipping to iCloud

And yes that is another theory of how this group got in.

hungx · May 28, 2014

charlituna said:
That it is geographically isolated is a strong factor against it being an 'iCloud hack'. After all if they got into the iCloud system they would be targeting folks everywhere.

It's more likely that these folks were using the same password on another system and that was hacked.

Plus any server is going to have logs that will show if some kind of hinky business had happened.

----------

They have happened before. Apple had even sent out notices that it wasn't them, that it's fake. A big one happened right when mobile me was flipping to iCloud

And yes that is another theory of how this group got in.

The hack has started to appear on devices outside of Australia, so I wouldn't rule out the possibility that iCloud was hacked, at least not yet.

whsbuss · May 28, 2014

hungx said:
The hack is targeting non pass code locked devices, so I would probably set one now if I were you. The hack has now spread to other countries besides Australia, so this article is a little outdated.

Apple does not have 2 step verification for iCloud.com. You can log in to iCloud on any device to access Find My iPhone.

To decrease your chances of being hacked, add a passcode and change your iCloud password if you also use it for another website or if it's weak.

As pointed out here, the 2-step verification process only protects someone from accessing/managing your AppleID at apple. Has nothing to do with Find My iPhone or iCloud.

Somehow Apple needs to insert another step when using Find My iPhone, especially in Lost Mode or erase.

jdogg836 · May 28, 2014

Gasu E. said:
Anyone who uses their name as a password is a fool. Mine is "p@ssWord1". Notice how I used a number, a capital in a funny place, and a "@" to trick the crinimal element.

@ for a is a very common letter substitution. In a dictionary attack, you just need to include letter substitutions in the mix. The capital W in the middle of the word is a stronger substitution than the @, however since both "pass" and "word" are words themselves this is still fairly weak. Using this example "p@Ssword1" would be much stronger. I know that this was just an example, and without real world passwords to critique this is just some ideas.

charlituna · May 28, 2014

hungx said:
The hack has started to appear on devices outside of Australia, so I wouldn't rule out the possibility that iCloud was hacked, at least not yet.

Still doesn't change that it could be due to some other system being hacked and folks recycling passwords, or a phishing trip, rather than an actual system hack

gnasher729 · May 29, 2014

justperry said:
So someone which steals a iPhone, which is more or less the same as this, should be hanged?
All the while, there are white collar criminals which cost the world economy trillions, walking as free men!

I can very much understand _why_. If someone steals money out of your wallet, that's your money stolen. Tough. You lost some money. You don't need to change your behaviour because of this. _I_ don't need to change my behaviour because of this.

This kind of crime makes life harder for _everyone_. Wouldn't it be great if I could create _one_ password that I can remember easily and use it everywhere? I can't, because of bastards like this one. So the fact that someone in Australia is blackmailing some people affects _everyone_. Take the little inconvenience for me and you, and multiply it by a billion people.

bozzykid · May 31, 2014

The real issue is Apple doesn't even support two-step verification in every country. This makes little sense to me. Even stranger, they don't require 2-step verification to use Find My Phone on the web. They really need to push and/or require two-step verification in every country and let people know it even exists.

whsbuss · May 31, 2014

bozzykid said:
The real issue is Apple doesn't even support two-step verification in every country. This makes little sense to me. Even stranger, they don't require 2-step verification to use Find My Phone on the web. They really need to push and/or require two-step verification in every country and let people know it even exists.

You better believe it. Sooner or later they need to address this or more than what we saw in Australia will get hacked.

Apple Denies iCloud Hack as Cause of Locked iOS Device Ransom Demands

macrumors 68000

macrumors 6502

macrumors 68020

macrumors 604

Cancelled

macrumors 603

Suspended

macrumors 6502

macrumors 68040

macrumors G5

macrumors 68040

macrumors G3

macrumors 6502

macrumors 601

macrumors 6502

macrumors G3

Suspended

macrumors 68020

macrumors 601

Our Staff