Support The Moscow Times!

Police Arrest 2 For Hacking Apple Accounts From Moscow

Cybersecurity experts and Western law enforcement agencies have raised questions about Russia's commitment to fighting hackers

Russian police have arrested two alleged hackers they say extorted money from users of Apple devices by locking them and demanding payment to free them up again.

The suspects, one a teenager and the other in his early 20s, could be jailed for two years if tried and convicted in a relatively rare cybersecurity case in which the arrests have been announced by Russian authorities.

The suspects, residents of Moscow, were arrested by the Interior Ministry's cybercrime department — Directorate K — and have given self-incriminating evidence, according to a ministry statement issued on Monday.

The ministry did not say how many Apple users were affected or whether there were victims outside Russia. Australia users recently complained of similar attacks.

It said the suspects exploited Apple's Find My iPhone app, which allows users to find and lock devices they believe to be lost or stolen, to extort money from victims using two methods.

"The first involved gaining access to the victim's Apple ID by means of the creation of phishing pages, (gaining) unauthorized access to e-mail or using methods of social engineering," it said.

"The second scheme was aimed at attaching other people's devices to a prearranged account" by offering Apple IDs with media content for lease on the Internet, which enabled the suspects to gain control of the devices, the statement said.

Apple said that its own services had not been hacked and users who got notices their phones were locked could regain control by entering passwords and changing their Apple identification. Users without passwords could get help in Apple stores.

Apple cautioned users against using the same password on multiple sites, since breaches on one site could prompt criminals to try the same passwords elsewhere.

Cybersecurity experts and Western law enforcement agencies have raised questions about Russia's commitment to fighting hackers, some accused of attacks on Western government and business computers, on its own soil.

Though Russian authorities have made more arrests in recent years, officials in the U.S. and Britain continue to complain about lack of cooperation. Since Russia does not extradite anyone for offenses committed elsewhere as a matter of law, hackers must be suspected of breaking domestic Russian law before charges are filed.

Police launched a search for suspects in the past few months, when they began receiving reports of devices being hijacked by hackers demanding money, K Directorate said.

It said officers confiscated computer hardware, SIM cards, phones and how-to literature on hacking in searches of the suspects' apartments in southern Moscow.

Russian daily MK reported that the suspects were identified in part thanks to surveillance-camera footage showing them withdrawing cash from ATMs using bank cards linked to accounts into which they told victims to transfer money.

The Interior Ministry said one of the suspects had been convicted of a crime earlier. According to MK, he practiced a lower-tech form of extortion: stealing license plates from neighbors' cars and selling them back to their owners.

See also:

U.S. Charges Russian Citizen in Cyber Conspiracy

Read more

Independent journalism isn’t dead. You can help keep it alive.

The Moscow Times’ team of journalists has been first with the big stories on the coronavirus crisis in Russia since day one. Our exclusives and on-the-ground reporting are being read and shared by many high-profile journalists.

We wouldn’t be able to produce this crucial journalism without the support of our loyal readers. Please consider making a donation to The Moscow Times to help us continue covering this historic time in the world’s largest country.