Russia Arrests Two in Connection With Apple 'Find My Phone' Hijacking

By Reuters | Updated: 11 June 2014 10:52 IST

Russian police have arrested two alleged hackers they say extorted money from users of Apple devices by locking them and demanding payment to free them up again.

The suspects, one a teenager and the other in his early 20s, could be jailed for two years if tried and convicted in a relatively rare cybersecurity case in which the arrests have been announced by Russian authorities.

The suspects, residents of Moscow, were arrested by the Interior Ministry's cybercrime department - Directorate K - and have given self-incriminating evidence, according to a ministry statement issued on Monday.

The ministry did not say how many Apple users were affected or whether there were victims outside Russia. Australia users recently complained of similar attacks,

It said the suspects exploited Apple's Find My iPhone app, which allows users to find and lock devices they believe to be lost or stolen, to extort money from victims using two methods.

(Also Read: iOS 7 bug reportedly allows Find My iPhone to be disabled without password)

"The first involved gaining access to the victim's Apple ID by means of the creation of phishing pages, (gaining) unauthorised access to e-mail or using methods of social engineering," it said.

"The second scheme was aimed at attaching other people's devices to a pre-arranged account" by offering Apple IDs with media content for lease on the Internet, which enabled the suspects to gain control of the devices, the statement said.

Apple said that its own services had not been hacked and users who got notices their phones were locked could regain control by entering passcodes and changing their Apple identification. Users without passcodes could get help in Apple stores.

Apple cautioned users against using the same password on multiple sites, since breaches on one site could prompt criminals to try the same passwords elsewhere.

Cybersecurity experts and Western law enforcement agencies have raised questions about Russia's commitment to fighting hackers, some accused of attacks on Western government and business computers, on its own soil.

Though Russian authorities have made more arrests in recent years, officials in the United States and Britain continue to complain about lack of cooperation. Since Russia does not extradite anyone for offences committed elsewhere as a matter of law, hackers must be suspected of breaking domestic Russian law before charges are filed.

Police launched a search for suspects in the past few months, when they began receiving reports of devices being hijacked by hackers demanding money, K Directorate said.

(Also Read: US court dismisses man's conviction for hacking celebrity iPad tablets)

It said officers confiscated computer hardware, SIM cards, phones and how-to literature on hacking in searches of the suspects' apartments in southern Moscow.

Russian daily MK reported that the suspects were identified in part thanks to surveillance-camera footage showing them withdrawing cash from ATMs using bank cards linked to accounts into which they told victims to transfer money.

The Interior Ministry said one of the suspects had been convicted of a crime earlier. According to MK, he practised a lower-tech form of extortion: stealing license plates from neighbours' cars and selling them back to their owners.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.