Two arrested in Russia after confessing to Apple ID ransom scheme

“Russian authorities say two people from Moscow have confessed to a ‘ransomware’ attack on a number of Apple device owners, mainly in Australia, during May,” Charles Arthur reports for The Guardian.

“An official statement on the Russian Ministry of Internal Affairs website says that the duo, who live in the capital, hatched the scheme, which they carried out first by creating a ‘phishing’ site to collect iCloud logins, and then locking the devices,” Arthur reports. “People in Australia woke up to find a message on their iPhone, iPad or Mac saying “Device hacked by Oleg Pliss” and that to unlock it they should pay a ransom of $100. Some users in New Zealand, the US and UK were also affected. Apple had said only that the attack was not a break-in to its iCloud system, and that the affected users’ login details must have been compromised elsewhere. It has not released figures on how many people were affected, though data from Australia and Apple’s discussions boards seem to suggest that dozens were hit by it”

“The two perpetrators – who were not named, but who were said to have been born in 1991 and 1998, which would make them about 23 and 16 – also confessed to another scheme, where they would connect a new device to a hijacked iCloud account, and then use it to acquire large amounts of media such as music and shows – which they then advertised for sale online. One of those arrested had previously been tried on hacking charges, the ministry said,” Arthur reports. “Russia has been a centre for a number of criminal hackers, with organised crime sometimes involved in schemes to break computer security systems around banks and other high-profile organisations.”

Read more in the full article here.

MacDailyNews Take: The problem was/is that some people use one password for everything they do online and, when one thing gets compromised (eBay, for example), everything is accessible to criminals.

Use unique passwords and Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.

[Thanks to MacDailyNews Reader “David G.” for the heads up.]

Related articles:
Apple: iCloud not compromised in Apple ID ransom scheme – May 28, 2014
How to defend against ‘Oleg Pliss’ iCloud attack on Apple devices – May 27, 2014
Australian Apple Macs, iPhones, iPads hijacked, digitally held for ransom – May 27, 2014

6 Comments

    1. “Don’t surf porn sites!” well that just sounds unAmerican to me. If and when you do surf porn sites, be sure its on a Mac running OSX. LOL

      And NEVER give out your information from an email. Get out of mail, go to your web site and log in there. Just common sense.

      o>-< 🙂 Just saying.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.