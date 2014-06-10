(Adds Apple comment. Changes blocking to locking.)
By Steve Gutterman and Joseph Menn
MOSCOW/SAN FRANCISCO, June 10 Russian police
have arrested two alleged hackers they say extorted money from
users of Apple devices by locking them and demanding
payment to free them up again.
The suspects, one a teenager and the other in his early 20s,
could be jailed for two years if tried and convicted in a
relatively rare cybersecurity case in which the arrests have
been announced by Russian authorities.
The suspects, residents of Moscow, were arrested by the
Interior Ministry's cybercrime department - Directorate K - and
have given self-incriminating evidence, according to a ministry
statement issued on Monday.
The ministry did not say how many Apple users were affected
or whether there were victims outside Russia. Australia users
recently complained of similar attacks,
It said the suspects exploited Apple's Find My iPhone app,
which allows users to find and lock devices they believe to be
lost or stolen, to extort money from victims using two methods.
"The first involved gaining access to the victim's Apple ID
by means of the creation of phishing pages, (gaining)
unauthorised access to e-mail or using methods of social
engineering," it said.
"The second scheme was aimed at attaching other people's
devices to a pre-arranged account" by offering Apple IDs with
media content for lease on the Internet, which enabled the
suspects to gain control of the devices, the statement said.
Apple said that its own services had not been hacked and
users who got notices their phones were locked could regain
control by entering passcodes and changing their Apple
identification. Users without passcodes could get help in Apple
stores.
Apple cautioned users against using the same password on
multiple sites, since breaches on one site could prompt
criminals to try the same passwords elsewhere.
Cybersecurity experts and Western law enforcement agencies
have raised questions about Russia's commitment to fighting
hackers, some accused of attacks on Western government and
business computers, on its own soil.
Though Russian authorities have made more arrests in recent
years, officials in the United States and Britain continue to
complain about lack of cooperation. Since Russia does not
extradite anyone for offences committed elsewhere as a matter of
law, hackers must be suspected of breaking domestic Russian law
before charges are filed.
Police launched a search for suspects in the past few
months, when they began receiving reports of devices being
hijacked by hackers demanding money, K Directorate said.
It said officers confiscated computer hardware, SIM cards,
phones and how-to literature on hacking in searches of the
suspects' apartments in southern Moscow.
Russian daily MK reported that the suspects were identified
in part thanks to surveillance-camera footage showing them
withdrawing cash from ATMs using bank cards linked to accounts
into which they told victims to transfer money.
The Interior Ministry said one of the suspects had been
convicted of a crime earlier. According to MK, he practised a
lower-tech form of extortion: stealing license plates from
neighbours' cars and selling them back to their owners.
