Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 9, 2014, 12:37 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Hackers Involved in Locking and Ransoming Apple Devices in Australia Arrested




Two weeks ago, hackers hijacked several iOS and Mac devices in Australia, remotely locking them via iCloud and demanding a ransom from the owner to get the device unlocked.

"Device locked by Oleg Pliss," read the hijacker's message, along with a demand for $50 to $100. Quite a few users were affected and while early speculation suggested iCloud may have been hacked, Apple confirmed that iCloud was not compromised, and that hackers had instead gained access to Apple IDs and passwords, likely through other site breaches where they used similar credentials.

The two hackers behind the attacks have now been detained by Russian authorities, reports The Sydney Morning Herald.
Quote:
The hackers - aged 17 and 23 - were detained in the course of "operational activities" by the Russian Interior Ministry, Russia's Ministry of Internal Affairs said. They are both residents of the Southern Administrative District of Moscow and one has already been tried before, it said.
According to Russian site MKRU [Google Translate), the two hackers were caught after appearing on camera withdrawing a victim's ransom money from an ATM. The site also confirms the hackers gained access to Apple IDs and passwords via phishing pages and social engineering techniques, then used that information to lock devices. Russian users were also affected, which led to the investigation.

One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked.

During the attacks, users who had passcodes enabled on their devices were able to bypass the hack, but those who had not previously set a passcode were out of luck, requiring a full reinstall of iOS. Apple recommends using a passcode with iOS devices, as well as two-step authentication, which can help thwart attacks like this one.

Article Link: Hackers Involved in Locking and Ransoming Apple Devices in Australia Arrested
MacRumors is offline   0 Reply With Quote
Old Jun 9, 2014, 12:38 PM   #2
ionjohn
macrumors 6502a
 
ionjohn's Avatar
 
Join Date: Jun 2013
Location: Canada
May they be hanged
__________________
i5 4670k 4.0 Ghz GTX 770 supercloked Samsung S23A700D ; iPhone 5c 16GB
ionjohn is offline   10 Reply With Quote
Old Jun 9, 2014, 12:39 PM   #3
Michaelgtrusa
macrumors 601
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
Justice and long jail time. I will say this, you have not seen anything yet.
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is offline   0 Reply With Quote
Old Jun 9, 2014, 12:39 PM   #4
razbiz
macrumors newbie
 
Join Date: Apr 2013
hell's yeah!

...now give them a job in cupertino and get our devices safe.
razbiz is offline   0 Reply With Quote
Old Jun 9, 2014, 12:39 PM   #5
Komrad808
macrumors member
 
Join Date: May 2010
Location: On an active volcano
YAY! Now with todays technology, find the missing Malaysia plane!
__________________
13" Aluminum MacBook iPad2 16GB wifi iPhone 5S Gold 32GB TV 3rd Gen
Komrad808 is offline   7 Reply With Quote
Old Jun 9, 2014, 12:39 PM   #6
Alphabetize
macrumors 6502
 
Join Date: Oct 2013
I'm glad that it wasn't an iCloud breach
Alphabetize is offline   0 Reply With Quote
Old Jun 9, 2014, 12:39 PM   #7
TsunamiTheClown
macrumors 6502
 
Join Date: Apr 2011
Location: On the verge
Quote:
Originally Posted by ionjohn View Post
May they be hanged
Was wondering if they do firing squad in Australia myself.
__________________
Bronie
TsunamiTheClown is offline   1 Reply With Quote
Old Jun 9, 2014, 12:40 PM   #8
linuxcooldude
macrumors 68000
 
Join Date: Mar 2010
Which is what we expected.
__________________
Techshow:http://www.justin.tv/linuxcooldude
linuxcooldude is offline   0 Reply With Quote
Old Jun 9, 2014, 12:40 PM   #9
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: location, location!
If they did the same to the perpetrators of phishing schemes on Windows or Android, they'd need a bigger police cruiser…
AngerDanger is offline   3 Reply With Quote
Old Jun 9, 2014, 12:40 PM   #10
regkilla
macrumors regular
 
Join Date: Mar 2013
Location: California
SOBs.
regkilla is offline   1 Reply With Quote
Old Jun 9, 2014, 12:40 PM   #11
Otelm
macrumors newbie
 
Join Date: Nov 2013
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!
Otelm is offline   7 Reply With Quote
Old Jun 9, 2014, 12:41 PM   #12
MartinAppleGuy
macrumors 65816
 
MartinAppleGuy's Avatar
 
Join Date: Sep 2013
Take 'em away boys :P
__________________
2014 Highest End 21.5" iMac, 2.9 - 3.6Ghz i5, 8GB RAM, 1TB HDD, Nvidia GeForce GT 750m w/ 1GB GDDR5 VRAM
MartinAppleGuy is offline   0 Reply With Quote
Old Jun 9, 2014, 12:42 PM   #13
karstas
macrumors member
 
Join Date: Apr 2014
Quote:
Originally Posted by razbiz View Post
...now give them a job in cupertino and get our devices safe.
lol? they didn't hacked or breach Apple security, they used simple phishing scamming scheme and found some stupid ppl who doesn't care about their protection while using passwords like 123456...
karstas is offline   9 Reply With Quote
Old Jun 9, 2014, 12:45 PM   #14
Antares
macrumors 68000
 
Antares's Avatar
 
Join Date: Jan 2006
Location: Somewhere in the Milky Way....a little place called Chicago
Send them to a Gulag! Let them lose their youth in confinement and forced labor.
__________________
Your time is limited, so don't waste it living someone else's life. - Steve Jobs
An Apple a day keeps the PC's away
Antares is offline   3 Reply With Quote
Old Jun 9, 2014, 12:46 PM   #15
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
Quote:
Originally Posted by Otelm View Post
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!
No, they tricked the users into giving up their passwords.

But who cares? If you have a recent backup you can simply re-set the phone. It's stupid to pay a ransom.
ChrisA is offline   6 Reply With Quote
Old Jun 9, 2014, 12:47 PM   #16
HMI
macrumors 6502a
 
HMI's Avatar
 
Join Date: May 2012
Quote:
Originally Posted by karstas View Post
lol? they didn't hacked or breach Apple security, they used simple phishing scamming scheme and found some stupid ppl who doesn't care about their protection while using passwords like 123456...
123456 !
OMG! I need to go change my password!!
HMI is offline   0 Reply With Quote
Old Jun 9, 2014, 12:47 PM   #17
keysofanxiety
macrumors 6502a
 
keysofanxiety's Avatar
 
Join Date: Nov 2011
Location: In a house that defies physics by being colder than absolute zero.
Quote:
Originally Posted by razbiz View Post
...now give them a job in cupertino and get our devices safe.
The compromise wasn't on Apple's end; they got the end-users' Apple ID details by methods outside device hacking.
__________________
- "How can anyone do a spoken word version of a rap song?"
- "He found a way ... he found a way."
keysofanxiety is offline   2 Reply With Quote
Old Jun 9, 2014, 12:47 PM   #18
MacsRgr8
macrumors 604
 
MacsRgr8's Avatar
 
Join Date: Sep 2002
Location: The Netherlands
Quote:
Originally Posted by Otelm View Post
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!
LOL, I assume sarcasm.
__________________
Steve Jobs. 1955 - 2011. My Hero.
MacsRgr8 is offline   0 Reply With Quote
Old Jun 9, 2014, 12:48 PM   #19
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
Quote:
Originally Posted by ionjohn View Post
May they be hanged
Likely not. This is the second time the guy has been arrested for this. I think they just turn them loose.

I think all you need to do if this happens is connect the phone to iTunes and re-set the phone.
ChrisA is offline   0 Reply With Quote
Old Jun 9, 2014, 12:48 PM   #20
coolfactor
macrumors 65816
 
Join Date: Jul 2002
Location: Vancouver, BC CANADA
Quote:
Originally Posted by razbiz View Post
...now give them a job in cupertino and get our devices safe.
This was user error.

1) Passcodes should be used, as recommended by Apple.

2) Unique passwords should be used for each service, as recommended by most online services.

Failing to do those led to be vulnerable. Nothing that Apple can do to make this any better without biometrics on all devices.
coolfactor is offline   2 Reply With Quote
Old Jun 9, 2014, 12:50 PM   #21
lotzosushi
macrumors regular
 
Join Date: Jan 2007
There's also a lot of torrent files that iTunes users upload and when you look at the detailed information it also lists their iTunes ID/email. That's totally their own fault though if they're sharing something with their own account.
__________________
2.3GHz i7 MacBook Pro Retina (Late 2013) | 64GB iPad air | 128GB retina iPad mini
64GB Goldpagne 5S | 64GB iPhone 5 | 32GB Nexus 5 | Xperia Z2 | Google Glass
ctOS v1.0 _/|
lotzosushi is offline   3 Reply With Quote
Old Jun 9, 2014, 12:51 PM   #22
roadbloc
macrumors 604
 
roadbloc's Avatar
 
Join Date: Aug 2009
Location: UK
Putting your name on the ransom popup isn't the smartest move.
__________________
roadbloc is offline   2 Reply With Quote
Old Jun 9, 2014, 12:52 PM   #23
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by Otelm View Post
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!
Quote:
Originally Posted by ChrisA View Post
No, they tricked the users into giving up their passwords.

But who cares? If you have a recent backup you can simply re-set the phone. It's stupid to pay a ransom.
Read the article. People purchased an already in use account.

"One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked."
__________________
Throw us one Russell---John Fox Super Bowl 48
Peace is offline   4 Reply With Quote
Old Jun 9, 2014, 12:52 PM   #24
pdaholic
macrumors regular
 
Join Date: Jun 2011
Once I heard about this and how they did it, I made a conscious effort to change passwords for all my important websites (ebay, amazon, etc). I had a couple of websites that had the same password for years. Always good to keep things more secure.
pdaholic is offline   0 Reply With Quote
Old Jun 9, 2014, 12:53 PM   #25
Serban
macrumors 68020
 
Join Date: Jan 2013
Hackers arrested and hired at Apple to improve security
Serban is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 05:49 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC