We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Russian iCloud hackers arrested

Published June 9th, 2014 at 9:03 PM EDT , modified June 9th, 2014 at 9:03 PM EDT

A couple weeks ago, a number of iOS users in Australia and New Zealand had their devices locked with a ransom message, by hackers who had gained access to the victims’ iCloud accounts through still-unknown means. Today, Russia’s Ministry of Internal Affairs announced that two hackers had been arrested for iCloud hacking. Just as there was much bad reporting of the Aussie hack by mainstream tech press, the inaccurate reports about these arrests have already begun.

MacLife has already posted an article confusing these two incidents, and making the mistaken assumption that these hackers were arrested for their role in the Australian incident. However, there’s nothing at this point to indicate this is actually true. These hackers may turn out to be involved, but they also may not. Let’s take a deeper look.

First, it’s important to understand what happened in the Australian hack. The incident began, to my knowledge, on May 26. It involved iOS devices being locked by a hacker claiming to be named “Oleg Pliss” and demanding a varying ransom through varying payment sites. With only a very few exceptions, all affected users were in Australia or New Zealand.

The two Russian hackers who were arrested, however, were involved in a different incident, described by the Russian site MacDigger. According to this article, published on May 18, this incident involved devices being locked in a very similar manner, except that the message said (translated from Russian):

Your device is locked in relation to the complaint. And can help you unlock it. Check your email!

Upon checking their e-mail, affected users found a message attempting to scam them out of money in exchange for unlocking their device. This hack apparently only affected Russian users, from what I can determine, and occurred prior to the Australian hack.

This is admittedly a very similar event. It is entirely possible that these individuals were behind the Australian hack as well, there’s no denying that. However, there is also nothing at all to indicate that they were behind it, either. The Australian hack could have been a copycat who figured out or knew how the Russian hack was accomplished. There could be a single hacker who has obtained iCloud account information, and who is selling that information to other hackers by the region those hackers reside in. It’s even possible that there is a vulnerability in iCloud servers in certain regions, if there are actually iCloud servers in Russia and Australia. There are many possibilities.

The bottom line is that we still know very little about either of these attacks, and we should not make the assumption that the hackers behind the Australian hack have been taken off the streets. The Russian hackers who were arrested may or may not be responsible.

Tags: , ,


  • Lee Maxwell says:

    Very interesting and scary stuff. Interesting that these two scams apparently only happened in two different nations, and no attempt has been made [so far] in the US. Apple being Apple, it may be awhile before they comment publicly on this, if they ever do. That is a conundrum in itself: Should Apple comment to allay any fears, or remain silent since these are localized problems, or only comment when they’ve figured out what is going on so they have something substantial to release? Or do they, as they’ve done in the past, ignore the problem because responding to it may hurt sales, and only deal with it when the cost of remaining silent exceeds the cost of admitting a problem exists, then taking some action?

    • Thomas says:

      Apple actually already commented about the Australian hack, to say that the cause appeared to be due to hackers gaining access to individual Apple ID accounts, and not an Apple ID or iCloud breach.

This post is more than 90 days old and has been locked. No further comments are allowed.