Mikey Campbell
Russian police on Tuesday said they arrested two hackers supposedly responsible for "hijacking" Apple products via Find My iPhone, locking owners out until they pay a ransom to regain access.
According to a statement from Directorate K, the Russian Interior Ministry's cyber crime arm, the alleged hackers could face up to two years in jail if found guilty of perpetrating the hijackings, reports Re/code.
Directorate K would not disclose how many Apple product owners had been hit by the attacks and declined to comment on whether the victims were nationals or foreigners. Since the hackers went through Apple's iCloud, they could potentially have hit targets anywhere in the world.
The ministry believes the attackers used Find My iPhone to break into users' devices and lock them remotely. Instead of using brute force or password reuse, the department said the pair of alleged hackers relied on two main scams.
"The first involved gaining access to the victim's Apple ID by means of the creation of phishing pages, (gaining) unauthorized access to email or using methods of social engineering," the ministry said. "The second scheme was aimed at attaching other people's devices to a prearranged account."
The latter scheme relied on offering Apple IDs with attached media content for rent, thus allowing the hackers to take control of a target device.
While the statement failed to recognize a series of recent attacks outside of Russia, the arrested hackers' tactics are identical to those used to break into iPhones, iPads and Macs in Australia, New Zealand, the U.S. and Canada.
At the time, multiple users reported being locked out of their Apple devices through Find My iPhone's remote lock feature. A message sent to many devices read, "Device hacked by Oleg Pliss," and directed owners to pay up to $100 to a Russia-based PayPal account for a device unlock.
For its part, Apple released a statement days after the hijacks were first reported, saying iCloud was not compromised in the scam.
Charles Martin
Christine McKee
Wesley Hilliard
Malcolm Owen
Andrew Orr
William Gallagher
Sponsored Content
10 Comments
No one was sent to Siberia for the rest of their lives?
Is hijacking something for ransom ever a good idea?
Wonder what all the trolls will say about this. They're STILL yapping on saying Apple's iCloud servers were hacked into when the most likely scenario was people simply not being careful with their Apple ID's.
They'll probably be bunking with Snowden and comparing notes in their luxury accommodations. You can't believe anything a government cyber crime/intelligence department says about anything. What did the CIA just tweet?
"We can neither confirm nor deny that this is our first tweet."
Are these the people that were hijacking the Australian iCloud account users' devices.