Hackers are threatening to wipe out a large cache of data from 300 Million Apple accounts unless a ransom is paid.
Labelling themselves as the ‘Turkish Crime Family’, the group or individual is demanding that £75,000 is to be paid in popular crypto-currency Bitcoin, or £100,000 worth of iTunes gift cards in exchange for deleting the data on the Apple accounts. The hackers have provided screenshots of email communication between themselves and Apple’s security team and have also uploaded a YouTube video of them allegedly logging into some of the stolen accounts.
IT security experts from AlienVault, DomainTools, Tripwire and ESET discuss the validity of the threat and provide advice for iPhone users.
Paul Calatayud, Chief Technology Officer at FireMon:
I believe these claims are accurate, but also most likely not caused by Apple. If you do not add two factor strong authentication to any account, there is a chance that the password has been exposed, harvested, or guessed. For example, if my e-mail account happens to be from yahoo, and that account is affected by the breach that just occurred, then there is a chance that the attackers are already able to compromise other accounts I hold such as my appleid. I suspect Apple is well aware of this and their position will be to quickly assist anyone that may be affected by providing them options to re protect their account, but since it’s not Apple that most likely was not a contributor to the compromises, they will not be paying any ransoms.
Chris Doman, security researcher at AlienVault:
“The attackers do seem desperate for publicity. Yesterday a Twitter account (turkcrimefamily) and Website (turkishcrimefamily[.]org) were created in their name, and today they claimed “The number of Apple credentials have increased from 519m to 627m, we are convinced it will keep growing until 7 April 2017”.
Apple has some of the best security people in the business, and it seems hard to believe they would have lost control of hundreds of millions of accounts. The attackers may have taken control of a small number of accounts, through everyday iCloud phishing attacks, and used that as ‘evidence’ to justify their more outlandish claims.
Apple users should be suspicious of any unexpected messages from Apple asking them to enter their credentials.”
Kyle Wilhoit, senior security researcher at DomainTools:
“Without verifiable proof, there is no way to say this is a valid threat. The conflicting information from the attackers themselves doesn’t lend credence to their ransom. Because of this lack of evidence, there’s not much you can do. But, there are basic preventative privacy and security setting changes on your iPhone that can help protect against many different types of attacks. First, ensure your iPhone is up to date. In addition, disable fingerprint security with Touch ID. This will prevent purchases by using your fingerprint as authentication. Also, prevent other applications from uploading your data. For instance, don’t let Twitter access your iPhone contacts. For those that are paranoid about this, I would also recommend changing your password.”
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
“If this is legit the hackers would have had to obtain access to the individual user accounts via breaking the passwords of each of the user accounts or have acquired access to the Apple iCloud servers. The access to each user account is much more realistic since we have seen numerous reports of all the weak passwords people use for their computers and accounts. If the hackers have password access to individual user account they can erase phones remotely and change passwords for the Apple accounts. The hackers cannot remove backups for Apple devices from the cloud but changing the passwords will make it hard for the legitimate users to reset and recover their devices. Once the end user has access to their account they will be able to restore their device.
For end users make sure you are using strong passwords and enable 2 factor authentication as an added protection. Having a local backup of your device is always a good idea too. It is faster to restore a device locally than over the internet and having a small NAS (network Attached Storage) device at home for pictures and backups is a good investment to supplement the cloud backups.
This whole ransom seems odd. What are the hackers going to turn over the breached accounts? Why ask for iTunes gift cards? They have unique numbers that can be tracked and deactivated in seconds.”
Ondrej Kubovič, Security Specialist at ESET:
“We advise all our users to regularly backup their (valuable) data and store it on external drives that are not constantly connected to the network. This kind of prevention is very effective not just for cases such as the one described in the article, but also against ransomware attacks, which are very frequent across various platforms – including mobile.”