MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,070
14,826



Two weeks ago, hackers hijacked several iOS and Mac devices in Australia, remotely locking them via iCloud and demanding a ransom from the owner to get the device unlocked.

"Device locked by Oleg Pliss," read the hijacker's message, along with a demand for $50 to $100. Quite a few users were affected and while early speculation suggested iCloud may have been hacked, Apple confirmed that iCloud was not compromised, and that hackers had instead gained access to Apple IDs and passwords, likely through other site breaches where they used similar credentials.

australian_ios_device_hacked.jpeg
The two hackers behind the attacks have now been detained by Russian authorities, reports The Sydney Morning Herald.
The hackers - aged 17 and 23 - were detained in the course of "operational activities" by the Russian Interior Ministry, Russia's Ministry of Internal Affairs said. They are both residents of the Southern Administrative District of Moscow and one has already been tried before, it said.
According to Russian site MKRU [Google Translate), the two hackers were caught after appearing on camera withdrawing a victim's ransom money from an ATM. The site also confirms the hackers gained access to Apple IDs and passwords via phishing pages and social engineering techniques, then used that information to lock devices. Russian users were also affected, which led to the investigation.

One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked.

During the attacks, users who had passcodes enabled on their devices were able to bypass the hack, but those who had not previously set a passcode were out of luck, requiring a full reinstall of iOS. Apple recommends using a passcode with iOS devices, as well as two-step authentication, which can help thwart attacks like this one.

Article Link: Hackers Involved in Locking and Ransoming Apple Devices in Australia Arrested
 

razbiz

macrumors newbie
Apr 19, 2013
9
4
hell's yeah!

...now give them a job in cupertino and get our devices safe.
 
Comment

AngerDanger

macrumors 603
Dec 9, 2008
5,222
26,958
If they did the same to the perpetrators of phishing schemes on Windows or Android, they'd need a bigger police cruiser…
 
Comment

Otelm

macrumors newbie
Nov 18, 2013
27
38
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!
 
Comment

EdgardasB

macrumors 6502a
Apr 14, 2014
618
80
Lithuania
...now give them a job in cupertino and get our devices safe.

lol? they didn't hacked or breach Apple security, they used simple phishing scamming scheme and found some stupid ppl who doesn't care about their protection while using passwords like 123456...
 
Comment

HMI

Contributor
May 23, 2012
552
30
lol? they didn't hacked or breach Apple security, they used simple phishing scamming scheme and found some stupid ppl who doesn't care about their protection while using passwords like 123456...

123456 !
OMG! I need to go change my password!!
:p
 
Comment

coolfactor

macrumors 603
Jul 29, 2002
5,033
5,451
Vancouver, BC
...now give them a job in cupertino and get our devices safe.

This was user error.

1) Passcodes should be used, as recommended by Apple.

2) Unique passwords should be used for each service, as recommended by most online services.

Failing to do those led to be vulnerable. Nothing that Apple can do to make this any better without biometrics on all devices.
 
Comment

lotzosushi

macrumors 6502
Jan 10, 2007
417
375
There's also a lot of torrent files that iTunes users upload and when you look at the detailed information it also lists their iTunes ID/email. That's totally their own fault though if they're sharing something with their own account.
 
Comment

Peace

Cancelled
Apr 1, 2005
19,546
4,555
Space The Only Frontier
ArrestGate!

People are being arrested because of Apple's security fail!1!

Apple si d00med!

No, they tricked the users into giving up their passwords.

But who cares? If you have a recent backup you can simply re-set the phone. It's stupid to pay a ransom.

Read the article. People purchased an already in use account.

"One method of obtaining login information involved a pre-owned account filled with movies and music that was sold to an unsuspecting victim. Once the person linked their own details with the account, it was vulnerable to being hijacked."
 
Comment

pdaholic

macrumors 65816
Jun 22, 2011
1,386
1,340
Once I heard about this and how they did it, I made a conscious effort to change passwords for all my important websites (ebay, amazon, etc). I had a couple of websites that had the same password for years. Always good to keep things more secure.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.