Hackers Involved in Locking and Ransoming Apple Devices in Australia Arrested

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jun 9, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Two weeks ago, hackers hijacked several iOS and Mac devices in Australia, remotely locking them via iCloud and demanding a ransom from the owner to get the device unlocked.

    "Device locked by Oleg Pliss," read the hijacker's message, along with a demand for $50 to $100. Quite a few users were affected and while early speculation suggested iCloud may have been hacked, Apple confirmed that iCloud was not compromised, and that hackers had instead gained access to Apple IDs and passwords, likely through other site breaches where they used similar credentials.

    [​IMG]
    The two hackers behind the attacks have now been detained by Russian authorities, reports The Sydney Morning Herald.
    According to Russian site MKRU [Google Translate), the two hackers were caught after appearing on camera withdrawing a victim's ransom money from an ATM. The site also confirms the hackers gained access to Apple IDs and passwords via phishing pages and social engineering techniques, then used that information to lock devices. Russian users were also affected, which led to the investigation.

    One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked.

    During the attacks, users who had passcodes enabled on their devices were able to bypass the hack, but those who had not previously set a passcode were out of luck, requiring a full reinstall of iOS. Apple recommends using a passcode with iOS devices, as well as two-step authentication, which can help thwart attacks like this one.

    Article Link: Hackers Involved in Locking and Ransoming Apple Devices in Australia Arrested
     
  2. macrumors 65816

    ionjohn

    Joined:
    Jun 5, 2013
    Location:
    Canada
    #2
    May they be hanged
     
  3. macrumors 603

    Michaelgtrusa

    Joined:
    Oct 13, 2008
    Location:
    Everywhere And Nowhere
    #3
    Justice and long jail time. I will say this, you have not seen anything yet.
     
  4. macrumors newbie

    Joined:
    Apr 19, 2013
    #4
    hell's yeah!

    ...now give them a job in cupertino and get our devices safe.
     
  5. macrumors member

    Komrad808

    Joined:
    May 23, 2010
    Location:
    On an active volcano
    #5
    YAY! Now with todays technology, find the missing Malaysia plane!
     
  6. macrumors 6502

    Joined:
    Oct 6, 2013
    #6
    I'm glad that it wasn't an iCloud breach
     
  7. macrumors 6502a

    TsunamiTheClown

    Joined:
    Apr 28, 2011
    Location:
    Fiery+Cross+Reef
    #7
    Was wondering if they do firing squad in Australia myself.
     
  8. macrumors 68000

    Joined:
    Mar 1, 2010
    #8
    Which is what we expected.
     
  9. macrumors 68000

    AngerDanger

    Joined:
    Dec 9, 2008
    Location:
    Male
    #9
    If they did the same to the perpetrators of phishing schemes on Windows or Android, they'd need a bigger police cruiser…
     
  10. macrumors regular

    regkilla

    Joined:
    Mar 19, 2013
    Location:
    California
    #10
    SOBs.
     
  11. macrumors newbie

    Joined:
    Nov 18, 2013
    #11
    ArrestGate!

    People are being arrested because of Apple's security fail!1!

    Apple si d00med!
     
  12. macrumors 68000

    MartinAppleGuy

    Joined:
    Sep 27, 2013
    #12
    Take 'em away boys :p
     
  13. macrumors 6502a

    EdgardasB

    Joined:
    Apr 14, 2014
    Location:
    Lithuania
    #13
    lol? they didn't hacked or breach Apple security, they used simple phishing scamming scheme and found some stupid ppl who doesn't care about their protection while using passwords like 123456...
     
  14. macrumors 68000

    Antares

    #14
    Send them to a Gulag! Let them lose their youth in confinement and forced labor.
     
  15. macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #15
    No, they tricked the users into giving up their passwords.

    But who cares? If you have a recent backup you can simply re-set the phone. It's stupid to pay a ransom.
     
  16. HMI
    macrumors 6502a

    HMI

    Joined:
    May 23, 2012
    #16
    123456 !
    OMG! I need to go change my password!!
    :p
     
  17. macrumors 68000

    keysofanxiety

    Joined:
    Nov 23, 2011
    #17
    The compromise wasn't on Apple's end; they got the end-users' Apple ID details by methods outside device hacking.
     
  18. macrumors 604

    MacsRgr8

    Joined:
    Sep 8, 2002
    Location:
    The Netherlands
    #18
    LOL, I assume sarcasm.
     
  19. macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #19
    Likely not. This is the second time the guy has been arrested for this. I think they just turn them loose.

    I think all you need to do if this happens is connect the phone to iTunes and re-set the phone.
     
  20. macrumors 68000

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #20
    This was user error.

    1) Passcodes should be used, as recommended by Apple.

    2) Unique passwords should be used for each service, as recommended by most online services.

    Failing to do those led to be vulnerable. Nothing that Apple can do to make this any better without biometrics on all devices.
     
  21. macrumors 6502

    lotzosushi

    Joined:
    Jan 10, 2007
    #21
    There's also a lot of torrent files that iTunes users upload and when you look at the detailed information it also lists their iTunes ID/email. That's totally their own fault though if they're sharing something with their own account.
     
  22. macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #22
    Putting your name on the ransom popup isn't the smartest move.
     
  23. macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #23
    Read the article. People purchased an already in use account.

    "One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked."
     
  24. macrumors 6502a

    pdaholic

    Joined:
    Jun 22, 2011
    #24
    Once I heard about this and how they did it, I made a conscious effort to change passwords for all my important websites (ebay, amazon, etc). I had a couple of websites that had the same password for years. Always good to keep things more secure.
     
  25. macrumors 68040

    Joined:
    Jan 8, 2013
    #25
    Hackers arrested and hired at Apple to improve security
     

Share This Page