A hacker going by the handle of Oleg Pliss is attempting a daring new type of cybercrime against Apple Inc.’s (NASDAQ:AAPL) mobile devices such as iPhone and iPads, according to recent reports. To extort money from people owning consumer electronics from the Cupertino firm, Mr. Pliss (real name unknown) locks iPhones and iPads remotely. He then sells access to their own device back to the owner for the sum of $50 or $100, deposited to a PayPal account.
Most of those affected by the attack live in Australia at the moment, either indicating Mr. Pliss’ area of familiarity or because of some Internet characteristic there that make his hack function more smoothly there. In many cases, no new apps or software were installed recently by the user, making the source of the attacks somewhat mysterious.
The name used by the hacker, Oleg Pliss, is that of an Oracle software developer, plus several other people, including a Ukrainian banker and several Russians. The message that affected users see is hardly subtle. They are greeted by a pop-up stating “This device has been hacked by Oleg Pliss. For unlock device” followed by an OK button.
The construction “for unlock device” instead of “to unlock device” bears a close resemblance to the type of grammatical error a Russian speaker would make if relatively unfamiliar with English. However, it is also very easy for someone fluent in English to spoof “foreign”-sounding mistakes in order to divert the authorities from tracking down a homegrown cybercriminal.
The use of PayPal seems a rather ham-handed approach when nearly anonymous payment services such as Bitcoin are available. A PayPal account can be tracked with relative ease once official computer assets are brought to bear against it. Bitcoin leaves no paper trail and would seem to fit Mr. Pliss’ scheme better, though less people use it and perhaps the hacker deemed he was more likely to obtain his money if he used the most popular payment system in the wrold.
Apple Inc. (AAPL) offers a workaround on their site, which is actually useful for all types of lockouts and device disabling. The easiest way is to sync the iPhone with iTunes, creating a backup of all the data on it, and then restore the phone. Alternatively, if the user has no active iTunes account, the iPhone can be started in recovery mode and connected to iTunes for the first time. Restoration is then carried out in the same way.