iCloud hackers who held iOS devices ransom detained in Russia

By , Jun 9, 2014

Ivan Russia Hacker

The Sydney Morning Herald reports that Russian authorities have detained two young hackers for hijacking iOS devices through iCloud and holding them ransom for payment. The suspects, both residents of the Southern Administrative District of Moscow, are a 23-year-old named Ivan and an unnamed 17-year-old that served as his accomplice.

Russia’s Ministry of Internal Affairs announced on Monday that the hackers were detained during the course of “operational activities” by the Russian Interior Ministry. The hackers were caught on closed-caption TV after attempting to withdraw ransom payment from an ATM machine. The ministry also noted that one of the suspects has already been tried before… 

The 23-year-old Ivan is “madly keen on computers and hacking,” according to the Russian media outlet MKRU. “The young man never studied or worked and was always looking for easy ways to make money,” the publication said of him. Not much is known about his accomplice, outside of the fact that he is six years younger than Ivan.

After searching their apartments, Russian authorities seized PCs, SIM cards, phones, and literature on hacking from the hackers. The report claims that both hackers gave a confession, although it still isn’t fully clear if they were responsible for the ransom attacks in Australia, or a similar hack that some Russian users fell victim to just days later.

Oleg Pliss

A few weeks ago, some iPhone and iPad users in Australia turned to the Apple Support Communities to report a mysterious message locking them out of their devices. Hackers had managed to remotely lock devices through iCloud, and then demanded payment of between $50 to $100 to relinquish control. A fake alias Oleg Pliss was used, and an email address was provided for payment.

Apple soon confirmed that the hack was not the result of an iCloud breach:

Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.

It was initially believed that recent security vulnerabilities on the web, such as the Heartbleed bug, allowed for the hackers to carry out the hack. In actuality, the Russian Ministry of Internal Affairs has confirmed that the duo was able to gain access to Apple ID accounts through phishing websites, unauthorized email access and social engineering techniques.

The hack also involved a pre-arranged iCloud account:

“The pre-arranged account was one that hackers owned and then ‘leased’, or sold, to users that offered a bunch of movies and music on it. But in order to access the content, users needed to link their devices to the account, which left it vulnerable to being hijacked by hackers who knew its log-in details.”

These recent hacks emphasize the importance of maintaining your security online. It is highly recommended that you regularly change your password and enable two-step authentication on your account. If you want to go one step further, it might be worth looking into a password manager like 1Password for generating and storing unique passwords across all services.

  • Share:
  • Follow:
  • vivalaivsca

    dont arrest them, hire them! these kids are obviously AWESOME!!!

    • lemonhead

      how is that awsome from any perspective?

      These people are low, fishing attacks are like the lowest under hackers, anybody who knows how to register a domain and make a website can do it…

      • Chris

        I think you’ve confused the internet term “phishing” with an outdoor activity.

        anybody who knows how to register a domain and make a website can do it

        That’s pretty bold to say, you’ve essentially implied that I or anyone else can create a phishing scam just by owning a domain, there is a lot more involved then that.

      • lemonhead

        Yeah I did. English isn’t my native language…

        i will edit it, but I still think my argument is quite valid from my point of view…

        just copy the CSS of the site you want to scam add your backend to it and send it via bots to random people.

        Quite easy if you ask me, there are even some sites, which offer you lists of e-mail adress + the personal info to it.

    • ✪ aidan harris ✪

      Depends on how they ‘hacked’ peoples devices. I think the media is blowing this all out of proportion since iCloud wasn’t even breached. They likely used social engineering or phishing to gain user login details and nothing more. When people think of hackers they generally think of people hacking into computers, servers, databases, etc and not just gaining access to a users account and holding it and devices attached to it ransom…

      • lemonhead

        exactly, these people have the skill level of HTML maybe with some JavaScript haha

        heck even I could pull this of…

    • http://www.idownloadblog.com/ Joe Rossignol

      These are not white hat hackers though. They are accused of a crime.

    • Maxim∑

      so punish them by hiring them?

      • Oscar Nigma

        Their punishment must be more severe…

    • Dan

      The young man never studied or worked and was always looking for easy ways to make money

      Solid resume.

    • poop

      Let the NSA hire them. Then the NSA can snoop into people’s iClouds as well as their everything else.

  • Framboogle

    Apple should hire him instead.

    • ✪ aidan harris ✪

      I don’t think Apple would have any need for them

    • 空白

      He’s just a thief. No need to glorify him.

  • mlee19841

    Good to see. That was fast.

  • n0ahcruz3

    This is absurd apples security is top notch. We dont need anti virus, anti malware spyware. iOS is walled garden. :p

    • ✪ aidan harris ✪

      iOS is but users aren’t. Users are a bunch of idiots with weak security and can be compromised through social engineering or phishing…

      • jack

        True

      • n0ahcruz3

        I know, i was being sarcastic.

    • 空白

      No OS is impervious.

  • Tom

    Momma Russia

  • Damian

    And here Russia comes again.

    The mother of negative news and events

    • iHanano

      No. Middle East is.

      • Damian

        Middle East has a social conflict and other problems that need to be solved.

        Russia on the other hand is a corrupted mess with propaganda and other unacceptable things. Bassicsly Russia’s problems will never be solved because the rulers enjoy their money too much

      • Guest

        Propganda worse then the fake news we get from CNN and MSNBC? Did you know the White House pays for and writes news stories? There’s a video on YouTube with the president saying he will continue to write and pay for stories.

      • Damian

        Yeah yeah sure. I guess entire world has fake news. Even Poland which is a direct neighbour to russian-Ukraine conflict

  • Jonathan

    While everyone’s saying hire them, I’m curious as to why there are stuffed animals behind him.

    • Dani Hayes

      In soviet Russia, beanie babies collect you.

  • Muhammad !

    I Love HACKERS !

  • Technocrz!

    they should salute him first then start kicking his AsS.