UPDATED: This article has been updated to reflect that those arrested in Moscow may not be connected with the “Oleg Pliss” attack.
Russian authorities appear to have scored a victory against cybercrime, extracting a confession from a Moscow duo in connection with a mysterious “ransomware”-style attack that hit owners of iPhones, iPads and Macs.
Last month many iPhone, iPad and iMac users, predominantly based in Australia, discovered that their devices had been “hacked by Oleg Pliss” and were told to transfer funds to the hackers in order to unlock their devices.
Locked iMac. Image source: Sydney Morning Herald
There was rabid speculation as to what might have caused the problem, why it was concentrated on Apple users in the Antipodes, and what possible motivation might have driven the hackers to hijack iCloud accounts and exploit the “Find my iPhone” feature to lock down devices.
Now, the story may have become a little clearer.
According to an official statement on the Russian Ministry of Internal Affairs website, a similar attack was launched against Russian-speaking Apple customers after hackers created a simple phishing website, designed to trick unsuspecting Apple users into entering their iCloud login credentials.
With that information collected, it was child’s play for the hackers to log in to the real iCloud interface and command victims’ devices to display a message and lock themselves down, as if they had been stolen or mislaid.
Media reports claim that the two perpetrators — a 23-year-old called “Ivan” and an unnamed 17-year-old — also confessed to connecting new devices to hijacked iCloud accounts, through which they would download music, movies and TV shows. Computers, SIM cards and smartphones allegedly used for criminal purposes were seized during a police raid of the hackers’ apartments.
According to a report in the The Sydney Morning Herald, the hackers made the mistake of allowing CCTV cameras to catch them withdraw victims’ payments from a cash machine.
Security blogger Thomas Reed reports that this Russian attack predates the “Oleg Pliss” messages that appeared on the devices of users predominantly based in Australia and New Zealand last month.
Reed says that although very similar, there is no indication yet that the same hackers were behind both the Russian and Australian attacks.
If the same technique was used in both attacks, it would mean that the “Oleg Pliss” attack didn’t involve a vulnerability in the “Find my iPhone” process being exploited to trigger the lock down, as that wouldn’t have explained why the vast majority of victims came from Australia and New Zealand.
Furthermore, it would debunk the notion that the hackers broke into an Apple server and made off with users’ iCloud IDs and passwords.
Which is good news for all of us.
Phishing continues to be a thriving business, and it is becoming increasingly common to see iCloud accounts targeted just like online banks, PayPal, or social media sites.
To better protect your iCloud account, and prevent a hacker from locking down your device and demanding a ransom, use two-factor authentication.
Two-factor authentication (sometimes called two step verification) makes life much harder for hackers attempting to hijack control of your accounts and devices, as it means they require more than just your username and password. They also need a one-time password (OTP) that is sent to your device itself.
In addition, you can set up a 14-digit recovery key that you can print out and keep in safe place. Apple suggests you keep the recovery key to regain access to your account, or if you ever lose access to your devices or forget your password.
Take steps to protect your online accounts, and always be on the lookout for phishing attacks!
Thanks to Thomas Reed for explaining that media reports connecting the Moscow arrests to the Oleg Pliss attack may be inaccurate.
Do you use Apple iCloud? Do you think Apple users take security seriously enough? Leave a message below sharing your thoughts.
