Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on June 9th, 2014 at 9:03 PM EDT
A couple weeks ago, a number of iOS users in Australia and New Zealand had their devices locked with a ransom message, by hackers who had gained access to the victims’ iCloud accounts through still-unknown means. Today, Russia’s Ministry of Internal Affairs announced that two hackers had been arrested for iCloud hacking. Just as there was much bad reporting of the Aussie hack by mainstream tech press, the inaccurate reports about these arrests have already begun.
MacLife has already posted an article confusing these two incidents, and making the mistaken assumption that these hackers were arrested for their role in the Australian incident. However, there’s nothing at this point to indicate this is actually true. These hackers may turn out to be involved, but they also may not. Let’s take a deeper look.
First, it’s important to understand what happened in the Australian hack. The incident began, to my knowledge, on May 26. It involved iOS devices being locked by a hacker claiming to be named “Oleg Pliss” and demanding a varying ransom through varying payment sites. With only a very few exceptions, all affected users were in Australia or New Zealand.
The two Russian hackers who were arrested, however, were involved in a different incident, described by the Russian site MacDigger. According to this article, published on May 18, this incident involved devices being locked in a very similar manner, except that the message said (translated from Russian):
Your device is locked in relation to the complaint. And can help you unlock it. Check your email!
Upon checking their e-mail, affected users found a message attempting to scam them out of money in exchange for unlocking their device. This hack apparently only affected Russian users, from what I can determine, and occurred prior to the Australian hack.
This is admittedly a very similar event. It is entirely possible that these individuals were behind the Australian hack as well, there’s no denying that. However, there is also nothing at all to indicate that they were behind it, either. The Australian hack could have been a copycat who figured out or knew how the Russian hack was accomplished. There could be a single hacker who has obtained iCloud account information, and who is selling that information to other hackers by the region those hackers reside in. It’s even possible that there is a vulnerability in iCloud servers in certain regions, if there are actually iCloud servers in Russia and Australia. There are many possibilities.
The bottom line is that we still know very little about either of these attacks, and we should not make the assumption that the hackers behind the Australian hack have been taken off the streets. The Russian hackers who were arrested may or may not be responsible.