twitter facebook rss

Two iPhone hackers probably behind the Oleg Pliss attacks arrested in Russia

Posted by on June 11, 2014.

Ministry of Internal Affairs of the Russian Federation

Ministry of Internal Affairs of the Russian Federation

A Monday announcement by the Russian Interior Ministry claims that two men have been arrested following reports that iPhones have been blocked remotely and that ‘attackers’ have demanded money in order to release them. Although the Ministry announcement made no mention of non-Russian attacks, it seems almost certain that these are the same hackers behind the Oleg Pliss attacks primarily in Australia and New Zealand, but also in other countries.

However, any suggestion that Russia is changing its stance on hacking (Britain and America have long protested that Russia does not sufficiently cooperate in international investigations and will not extradite known cybercriminals) should be dismissed. It would appear that these two men made a fundamental mistake in their criminal activities – they also hacked other Russians within Russia and attracted the attention of the Russian police. Incidentally, Russia isn’t simply being awkward in its refusal to extradite – it is forbidden by its constitution to send Russian citizens for trial in a foreign country; and unless the crime is committed in Russia, there is no Russian law that has been broken and for which they can be tried.

The Oleg Pliss attacks first reported in Australia simply locked the victim iPhones and delivered a ransom message via the Find My iPhone feature. The ransom was $100. It wasn’t strictly ‘ransomware’ since no malware was involved – but the effect was the same.

Monday’s announcement now explains how this scam was effected. Two separate methods were used. Both involved gaining access to the victim’s iCloud account. The first was simply to acquire the victim’s credentials through hacking email accounts or using phishing pages or other social engineering tactics. The second method was the use of a ‘special offer’ that promised ‘a large amount of media content’. “As soon as someone accepted the offer and linked their device to the account, attackers hijacked the devices,” explains Kaspersky’s ThreatPost.

Once the attackers had gained control via iCloud, they could use the inbuilt iPhone features to lock the device and deliver their ransom message via Find My iPhone – in other words, they reversed the purpose of those features by ‘persuading’ the system that they were the owners, while the true owners were the thieves.

The problem with this scam is that there is no malware that Apple can block in the future: it is the business process rather than the device software that is hacked. That means that other hackers can use the same methods again and again in the future – and it is quite likely that there will be other copycat attempts in the future.

David Harley

David Harley

Last month David Harley gave the best advice you’ll get in order to prevent this happening to you in the future:

Irrespective of what part of the world you live in, the most important (hopefully) preventative measure is to enable Apple’s 2-factor authentication for Apple ID credentials… Essentially, this allows you to authenticate using a password, a 4-digit PIN (verification code) texted to a trusted device at each login, and also generates a 14-digit recovery for emergency. This might also be a good time to change your AppleID password and ensure that you’re not re-using a password that might have been compromised from another service.

Use of Apple’s 2FA will make it a lot harder for any future attackers to break into your iCloud account and ‘steal’ your iPhone.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, News_hacks | Tags: , , , , , , ,