russian hackers arrested
June 12, 2014

Russian Hackers Arrested After Attempted Extortion Scheme

Peter Suciu for - Your Universe Online

This week, Russian authorities announced the arrest of two alleged hackers, both residents of Moscow, who were believed to have been behind a recent Apple extortion scheme. The pair allegedly locked users' iCloud access and then demanded payment from the rightful owners to free them up them.

An official statement on the Russian Ministry of Internal Affairs website said the duo carried out the "ransomware: attack by creating a "phishing" site that collected iCloud logins. From this the pair was able to lock the devices. The Russian ministry confirmed the attackers utilized features which were introduced into recent versions of the iOS mobile operating system including "Find my iPhone."

A second scheme was aimed at attaching other people's devices to a prearranged account by offering Apple IDs with media content for lease online, the ministry reported. This enabled the suspects to gain control of the devices.

The suspects were arrested by the Interior Ministry's cyber crime department – Directorate K – and reportedly had given self-incriminating evidence.

The Russian authorities reported finding computer equipment, SIM cards and handsets that were believed to have been used in criminal activities as well as literature on hacking of computer systems. The two alleged hackers were charged under Part 2 article 272 of the Criminal Code (Unlawful Access to Computer Information).

The ministry did not disclose how many Apple users may have been hit by this ransomware scam. It was initially reported by re/code that it was not known if the pair had targeted foreigners in their attacks. However, last month redOrbit reported there had been a wave of such ransomware schemes in Australia and New Zealand.

The British Guardian newspaper reported the pair had confessed to a number of such attacks on Apple devices, including those that occurred in Australia in May. The pair is thus believed to be the true identity behind the so-called "Oleg Pliss" – the name that appeared in the ransomware messages.

For now, Oleg Pliss is still the only name coming out of Russia in this particular case.

The Russian authorities have not provided details on the suspects, except to note they were born in 1991 and 1998 respectively – which means they would be about 23 and 16 years of age. One of the two had been previously arrested and tried on hacking charges in the past.

According to re/code, the Russian daily newspaper MK reported police in Russia had identified the two suspects in part due to surveillance-camera footage which showed them withdrawing cash from ATMs using bank cards linked to the accounts that victims had transferred money into.

While it is now believed the pair was responsible for the ransomware attacks in Australia, it is unlikely the two will be tried there, reported re/code. Russian authorities have increased efforts to crack down on hackers, but in general Russia does not reportedly extradite anyone for offenses committed internationally, as a matter of local law. Therefore, the hackers need to be suspected of actually breaking domestic law before charges can be filed.

The pair could be jailed for up to two years if tried and convicted.