Security News

Moscow Hacking Duo Confess to Hijacking and Locking Apple Devices

Posted on by


UPDATED: This article has been updated to reflect that those arrested in Moscow may not be connected with the “Oleg Pliss” attack.

Russian authorities appear to have scored a victory against cybercrime, extracting a confession from a Moscow duo in connection with a mysterious “ransomware”-style attack that hit owners of iPhones, iPads and Macs.

Last month many iPhone, iPad and iMac users, predominantly based in Australia, discovered that their devices had been “hacked by Oleg Pliss” and were told to transfer funds to the hackers in order to unlock their devices.

Locked iMac. Image source: Sydney Morning Herald

Locked iMac. Image source: Sydney Morning Herald

There was rabid speculation as to what might have caused the problem, why it was concentrated on Apple users in the Antipodes, and what possible motivation might have driven the hackers to hijack iCloud accounts and exploit the “Find my iPhone” feature to lock down devices.

Now, the story may have become a little clearer.

According to an official statement on the Russian Ministry of Internal Affairs website, a similar attack was launched against Russian-speaking Apple customers after hackers created a simple phishing website, designed to trick unsuspecting Apple users into entering their iCloud login credentials.

With that information collected, it was child’s play for the hackers to log in to the real iCloud interface and command victims’ devices to display a message and lock themselves down, as if they had been stolen or mislaid.

Media reports claim that the two perpetrators — a 23-year-old called “Ivan” and an unnamed 17-year-old — also confessed to connecting new devices to hijacked iCloud accounts, through which they would download music, movies and TV shows. Computers, SIM cards and smartphones allegedly used for criminal purposes were seized during a police raid of the hackers’ apartments.

According to a report in the The Sydney Morning Herald, the hackers made the mistake of allowing CCTV cameras to catch them withdraw victims’ payments from a cash machine.

Security blogger Thomas Reed reports that this Russian attack predates the “Oleg Pliss” messages that appeared on the devices of users predominantly based in Australia and New Zealand last month.

Reed says that although very similar, there is no indication yet that the same hackers were behind both the Russian and Australian attacks.

If the same technique was used in both attacks, it would mean that the “Oleg Pliss” attack didn’t involve a vulnerability in the “Find my iPhone” process being exploited to trigger the lock down, as that wouldn’t have explained why the vast majority of victims came from Australia and New Zealand.

Furthermore, it would debunk the notion that the hackers broke into an Apple server and made off with users’ iCloud IDs and passwords.

Which is good news for all of us.

How to stop having your iCloud account being hacked in future

Phishing continues to be a thriving business, and it is becoming increasingly common to see iCloud accounts targeted just like online banks, PayPal, or social media sites.

To better protect your iCloud account, and prevent a hacker from locking down your device and demanding a ransom, use two-factor authentication.

Apple 2FA

Two-factor authentication (sometimes called two step verification) makes life much harder for hackers attempting to hijack control of your accounts and devices, as it means they require more than just your username and password. They also need a one-time password (OTP) that is sent to your device itself.

In addition, you can set up a 14-digit recovery key that you can print out and keep in safe place. Apple suggests you keep the recovery key to regain access to your account, or if you ever lose access to your devices or forget your password.

Take steps to protect your online accounts, and always be on the lookout for phishing attacks!

Thanks to Thomas Reed for explaining that media reports connecting the Moscow arrests to the Oleg Pliss attack may be inaccurate.

Do you use Apple iCloud? Do you think Apple users take security seriously enough? Leave a message below sharing your thoughts.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →