Two youthful hackers using the alias “Oleg Pliss” were arrested in Moscow yesterday for their scheme to bilk Apple Inc. (NASDAQ:AAPL) customers out of $100 apiece with their ransomware attacks. Ransomware is a relatively new phenomenon, in which hackers obtain a person’s passwords, access their iPhone or iPad, lock them out, and demand a ransom payment in exchange for unlocking the mobile device so the actual owner can use it again.
The two hackers, using the stolen name of a software developer, reportedly struck numerous accounts based in Australia, plus some in New Zealand, England, and the United States. The cybercriminals achieved access via an iCloud feature, “Find My [Device],” which enables locking an iPhone, iPad, iPod, or Mac through the Internet, assuming that the device is switched on and connected. Though this is intended as a security feature for Apple (AAPL) device users, the two young Russians turned the process briefly to their profit.
Those affected by the scheme found their device locked, with the message “Device hacked by Oleg Pliss” on the screen. This honest appraisal was followed by a demand for a $100 ransom to unlock the device. Material obtained from the hacked devices was also sold online to generate additional cash for the pair.
The Russian police declined to name the suspects, but revealed that they are 16 and 23 years old respectively. The pair has a criminal record involving earlier hacking efforts, which likely helps explain the speed with which the authorities located and seized them. According to the Ministerstvo Vnutrennih Del (MVD), or Ministry of Internal Affairs, of the Russian Federation, the two hackers were arrested in the Southern Administrative District of Moscow, taken from an apartment filled with electronics equipment and hacking literature.
The MVD’s report also indicated the accused had already confessed to their illegal scheme after being taken into police custody. They are to be tried under Part 2 of Article 272 of the Criminal Code, “Unauthorized Access to Computer Information.”
Apple Inc. (AAPL) denied that iCloud itself had been hacked, stating that the passwords involved must have been phished at other locations. Informal investigation on the Apple forums revealed few to no common links between the users except for iCloud use, however. The Russian MVD states that other hacker teams are believed to be working on compromising Apple’s security for profit in a similar manner to the pair recently arrested.