Slashdot Mirror
Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com)
A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
The military should take out the hackers with a drone strike. Then the military should use drone strikes on all the Slashdot users who will certainly defend these criminals or blame Apple and the victims. It's time that we have real deterrent against crimes like this.
Let's see if all this 2-factor authentication is everything it's cracked up to be!
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
Guys, if you're going to prison for extortion against a multi-billion dollar corporation then at least do it for more than $75k - that's just pathetic.
Dont they know a true evil genius must ask for one MILLION dollars!
Amateurs
So, if Apple can convince everybody to change their password, they will have zero stolen accounts? Or have the hackers already changed the passwords?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
One meeeeeelion dollars!
Do they know its Apple they have by the balls?
we both know you can read the ransom note just fine: put the damn headphone jack back in the phone. thanks. FBI: please ignore this message.
Love the cloud. Love the cloud. Love the cloud. Love the CLOUD.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report:
If Apple pays the data gets deleted - simple solution is to not pay. A far more complex solution is editing summaries at a 5th grade level or above.
I had a client a few years back that accidentally deleted 10 years worth of personal photos because they thought they were only deleting them from iCloud, not knowing it would delete it from their computer as well.
I say, if people are fucking stupid enough to entrust a third party with their data and not back it up independently, they get what they deserve.
Back up your shit, and back it up to YOUR OWN MEDIA.
It is pitch black. You are likely to be eaten by a grue.
You allegedly gained access to 300 million accounts belonging to one of the richest company on Earth and you only ask for 75k USD? I call it bullshit, sir. To me this pro hax0r smells more like an overconfident, self-loving teenager who has just discovered what keyloggers are and thinks he'll get rich if he sets the ransom low and uses his grandma's account as a proof.
+1 insightful and +1 underrated, because I am too lazy to log in, too drunk to remember or even look for my password, and too far away on another continent and too paranoid to allow remote access to my computer
or they'd be asking for a lot more money. But I hope they do it. Apple fan boy tears are the best tears. Burn that walled garden :)
I can't believe shit like this gets modded up. People like you - the ones who blame the user - give people like me a bad name.
They put it on iCloud - as far as they know, THAT IS A FUCKING BACKUP. They have independently set up an iCloud backup, as far as they are aware. Calling them stupid does nothing to address the cause, which in your example, is a shitty user interface provided by Apple that did not adequately inform the user of the effects of the action in question.
No, they do not "deserve" this. They made a simple mistake. We all do. Believing an iCloud copy is a reliable backup is a perfectly reasonable assumption to a layperson. They have a copy on their iPhone, and a backup copy in an iCloud account. Or conversely, they have a copy in an iCloud account, and a backup stored on their iPhone - THEIR OWN FUCKING MEDIA.
You seem to not understand that not everyone should be expected to maintain the level of knowledge you have on this matter. They don't understand it - so they place their trust in Apple - who, by all accounts, should know a hell of a lot more about this matter than they do.
"Government is like fire; a handy servant, but a dangerous master." -- George Washington
Why would anyone publicise blackmail. Seriously, think about it, makes no sense at all. It publicly forces Apple into a corner where they are aiding and abetting crime by paying the ransom, so no ransom can be paid. So a mass invasion of privacy, why, no ransom? So who benefits by a publicised mass invasion or privacy, someone who already hugely and grossly invades privacy on a mass scale and wants to attack Apple to prove it can not provide privacy. Only one culprit really fits that bill and corporate espionage on all sorts of scale was inevitable and is happening. So which corporation most hates Apples ability to sell 'you' privacy, whilst that disgusting filthy vile company is selling 'your' privacy, M$. This really does stink of a corporate funded attack, maybe not from the top but most certainly from a major investor.
For Apple to prove itself it must act with an extreme corporate legal vengeance, can Apple buy privacy, in this case it most certainly, by offering ten times the blackmail demand with reward for the culprits and those who paid them. Most likely source of the hackers, corrupt intelligence services, contracts or ex-agents (Turkey recently conducted a purge).
Chaos - everything, everywhere, everywhen
Try checking in with the real world some day.
-1 uninsightful and -1 overrated
Deleting all of your copies of data means you have no more copies, regardless of where those copies used to be.
How do you steal account info that Apple once claimed even it didn't have access to, such as the San Bernardino case? If the FBI could of just asked Apple for account info, it would have and no harm, no fuss. But it's not that simple. You can't just steal a cache of iCloud passwords. The Fappining for instance wasn't as simple as some 1980s "we're in" cliche. Here's some theories to illustrate: https://www.quora.com/How-were-the-photos-for-The-Fappening-obtained-How-did-the-leak-hack-occur-1. Also, when an account is signed into, you should get an email and an alert box shows up on an Apple device. Apple and the Turkish government should also get IP address info regarding an access to accounts. These things can be spoofed; however, a flea cannot fart in the Middle East without the U.S. knowing about it. If a problem we're to manifest out of this, it would be the compromise on Apple's part to ask for government to help in tracking the "hackers," whether they actually exist or not. They will enter the front and leave out the back, a door which they will create and never tell anyone, putting all iCloud users at a real risk. It wouldn't surprise me after the claim Apple made regarding already having fixed most of the Wikileaks Vault 7 vulnerabilities by the time it was posted, that the government is using the big bad Middle East terrorist allusion we've all been accustomed to having shoved down our throats as an easy to believe and not question red herring for an opportunity to get back in there. Asking for $75K for 300 million accounts, if true, is laughable regardless.
Would you like some more aspergers with your post?
I call total BULLSHIT on this story:
1) when you delete a picture there is a pop up warning you that the picture will be delete from ALL devices.
2) deleted pictures are not deleted, they are moved to the trash album, in which they reside for 30 days, then and only then they are truly deleted. You just go to the trash album, select the pics and tap the recover button.
What a rubbish comment 'Believing an iCloud copy is a reliable backup is a perfectly reasonable assumption to a layperson'' you should never make an assumption, it takes 5 mins to run a quick google search to confirm. I hate hearing people who are always looking to point the finger and blame someone else for their mistakes.
Careful not to cut yourself on all that edge. Look if people want to use technology they are going to have to know how it works. You can't protect someone from themselves. Once you grow up you will understand that.
The $75,000 dollar ransom seems a bit odd. however it nicely comes out at 4 accounts deleted per cent. Which perhaps results in the 75,000 coming about from the exchange rate. So if we look at countries where 0.25US=1Local dollar we get a 1 account for 1 cent outcome which seems like a fairly reasonable way to determine a cost (besides just asking for a cool million). so what comes close? Well Poland & Romania are the closest at a quick glance. Or maybe they are a bunch of mid-western basement dwellers who really do want $75,000.
Careful not to cut yourself on all that edge. Look if people want to use technology they are going to have to know how it works. You can't protect someone from themselves. Once you grow up you will understand that.
Exactly, don't want to read the manual then don't blame someone else when you fuck it up.
Do we have any idea how they managed to compromise 300k accounts?
Only $75K? That is a bundle of lint in Apple's left shirt pocket. A ransom this low almost guarantees this is a bogus claim.
Are you sure they're Turkish hackers? Didn't you really mean Russian hackers? There's only two kinds of hackers in the world: Russian hackers, and the hacker known as 4chan.
300 Million is roughly the population of the U.S.. Which basically means, they have everybody's account?
$75,000 is such a small sum for everybody, don't you think?
It could very well be bullshit, however, if you visit the trash on icloud there is an option to delete all, which will really delete the photos in a user-unrecoverable way.
ARE you afraid that AFTER waiting for 10 years, you will be TOO tempted to hit the DEL key on your macbook and WIPING everything you unknowingly uploaded to the Cloud?
FEAR NOT. Introducing the keyboard exercise! By doing a daily keyboard exercise per week, you can ensure your key-smashing excitement is well satisfied. It will also enhance your bodily excitement for a health life.
WHAT are you waiting for? Complete your daily keyboard exercise TODAY.
Disclaimers: May cause pain, numbness and soreness on head, fingers, foots and other body parts that you use to hit the keyboard. Bodily excitement not guaranteed. One copy of backup tempted for deletion required. Backups are not included.
While time will tell the extent of this, I have been recommending the following to my friends (copied verbatim from https://www.facebook.com/stuar... ).
.
As a precaution, here are some prudent tips:
1. Log into your Apple Account at https://appleid.apple.com/ and enable two-factor authentication if you haven't already (see https://support.apple.com/en-a...)
2. While you are there, if you have not changed your password in a while, consider doing that too (https://support.apple.com/en-au/HT201355).
3. As the threats include the threat of remotely wiping devices, you can disable this on each of your iCloud connected devices. See Macworld's good article on how to do this for each device type: http://www.macworld.co.uk/how-... . Note that if you do this, you will also be unable to use the Find my iPhone/iPad/Mac feature. Until more details come out, personally I feel this is acceptable given the risk.
4. When you are logged in at https://appleid.apple.com/acco..., check to ensure there are no devices you do not recognise under 'Devices'.
5. For the next few weeks, periodically do a local backup using iTunes of your iDevices. See https://support.apple.com/en-a... and click on 'Use iTunes'. I recommend you also set a backup password, this encrypts the backup and stores additional information making a future restore easier.
6. As always, BACKUP BACKUP BACKUP. For your Mac, I would already hope you have backups in place. If not, my favourite is CrashPlan http://crashplan.com/ and I have used it for years/put many friends onto it also.
Time will tell what will happen with these accounts, it never hurts to take a few prudent steps until the community at large knows more.
Hit me up on twitter @StuartCRyan
I agree. I think the connection of deleting an iCloud file == deleting a local copy makes about as much sense as destroying a backup tape and having it wipe your PC as well.
You should never make an assumption
The problem with that comment is that you have to know a certain amount of what you are doing in order to realize whether you are making an assumption or not. You might say a person should know at least that much about computers before using one, but that has never been who Apple sells to. Apple is supposed to 'just work'. These people probably don't know the difference between an email attachment and a file in the finder, so now their thinking they can't delete email attachment because it will affect their hard drive. If a person asks you to delete a file, just delete that file. Don't default to a behavior that deletes *ANOTHER* file that may be the last copy of the file anywhere. That's just stupid and that is hard for inexperienced people to understand.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Even Dr. Evil would find that sum laughable.
I do back mine up but I also don't upload anything to a remote server that I would not want public... unless I encrypt it first.
...stands for "idiot".
I've never used iCloud, I don't really understand #1. What if you legitimately want to remove your files just from iCloud, how do you do that then? It doesn't seem logical to me to respond to a user requesting to delete one representation of a file by deleting ALL representations of the file.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
George Washington did not say that.
Who said anything about keeping backups on site?
It is pitch black. You are likely to be eaten by a grue.
Meh.
Thinking of iCloud as a "backup" is akin to thinking that having 2 broadband modems will help when your ISP goes down.
It is pitch black. You are likely to be eaten by a grue.
the iTunes gift cards are probably marked.
I think you underestimate just how much I just dont care.
From:
http://www.news.com.au/technology/online/hacking/hackers-threaten-to-wipe-200-million-icloud-accounts-unless-apple-pays-ransom/news-story/efc53517cce9f030a14cb38b4bf34cf8
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services. We’re actively monitoring to prevent unauthorised access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
That doesn't mean they don't have a whole lot of accounts, just that its something the like the intersection of :
- people whose usernames and passwords were compromised in Ashley Maddison/Yahoo/Adobe/....
- people who re-used those credentials on Apple services
- people who still have only single factor authentication on their iCloud account
I SUPPOSE that could be 200+M , but that doesn't quite feel right in terms of scale.
The person he's replying to is the one with no empathy or ability to understand normal human behaviour.
..designed specifically to short the fluctuations on Apple's stock price no?
I'd like to add to this that people should also avoid proprietary file formats like the plague if they're interested in long-term storage. That nifty program to do X on MacOS will be gone with the wind in 10-20 years from now.
Austin Powers-references besides, that's actually a good idea:
- 75k USD is actually indeed a very small sum. So small that Apple's PR department can easily cough it up (there are probably rounding error on Apple's marketing budget that are bigger than that) without it even going noticed in Apple's finances.
i.e.: It's pretty cheap for Apple to hand the money just to make them shut up and get them out of mind.
- 75k USD can actually means a lot in Turkey (if the hacker group are truks, as they claim) given the local buying power. The sum might seem ridiculously small to the US /. audience, but it might be comfortable enough for the hacker.
- The hackers have even said that they would accept 75k in iTunes card. That's money that will eventually get spent on Apple goods and services anyway. Apple's tax evasion special...^H financists will probably find a way to write it of as a loss and still profite out of it.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I got 3 dozen spam emails the past couple of years urgung me to click on a URL, and "verify my Apple Icloud account". They probably got a bunch that way. Wonder if John Podesta got his account "hacked".
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
The summary says
A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data *if* Apple pays a ransom by early next month. (emphasis mine)
The article says they will delete the data *unless* Apple pays a ransom.
Those two statements mean the exact opposite. According to the summary, Apple can ignore these people and all will be well. I would be very upset id=f Apple paid somebody to delete my data!
I can't believe shit like this gets modded up. People like you - the ones who blame the user - give people like me a bad name.
They put it on iCloud - as far as they know, THAT IS A FUCKING BACKUP. They have independently set up an iCloud backup, as far as they are aware. Calling them stupid does nothing to address the cause, which in your example, is a shitty user interface provided by Apple that did not adequately inform the user of the effects of the action in question.
No, they do not "deserve" this. They made a simple mistake. We all do. Believing an iCloud copy is a reliable backup is a perfectly reasonable assumption to a layperson. They have a copy on their iPhone, and a backup copy in an iCloud account. Or conversely, they have a copy in an iCloud account, and a backup stored on their iPhone - THEIR OWN FUCKING MEDIA.
You seem to not understand that not everyone should be expected to maintain the level of knowledge you have on this matter. They don't understand it - so they place their trust in Apple - who, by all accounts, should know a hell of a lot more about this matter than they do.
No dumbass, the cloud is not a back up it is just meant to be accessible from everywhere.
Seems to be a superior system compared to bitcoin.
Apple sure do a good job of marketing it as a backup... http://www.apple.com/icloud/ https://support.apple.com/en-u...
Bullshit. You read idiots like you posting about cloud storage, etc. touting that you should "back up your data to a safe place." And APPLE ITSELF touts the cloud (rather ITS cloud) as being safe, secure and easy to use.
Then, after all that, Apple begins to (this is a RECENT development in IOS/Mac software) treat the iCloud as your storage, not your backup. No one says "hey, this is weird..." because until they delete their photo library from their LOCAL disk and it magically disappears from their iCloud account that, up until RECENTLY, was considered a BACKUP, the "change" to how Apple handles their cloud storage never comes up.
If you think this is how iCloud has always worked.... I point you to how iTunes works NOW v. when it STARTED.
So, "Meh" indeed.
That is a lot of Starbuck-sipping hipsters screenplays and novels at risk.
Someone is driving 300 mln icloud account pwd changes. Is it a setup to steal the new pwds? Who would want that?
Erm, did they really think that request through ?
It's a bit like robbing a bank, and then going back the next day and trying to deposit it into your own account.
Careful not to cut yourself on all that edge.
Edge? What edge are you even talking about? Did you just see someone else use that response and copy it without understanding what it means?
Apple sure do a good job of marketing it as a backup... http://www.apple.com/icloud/ https://support.apple.com/en-u...
Yeah, they market it as a means of backup for iOS devices, if you can't do local backups (or really, really hate iTunes) https://support.apple.com/en-us/HT203977. What does that have to do with the iCloud backup of a Mac the OP pretends exists?
Of course news about a fake are Fake News.
I'm sympathetic to the idea that we shouldn't be so quick to judge, but you're simply wrong on this one. When you delete a photo, it explicitly tells you that it's going to delete it from iCloud as well, and asks you to confirm. There's no excuse for not knowing that the photos will be deleted from iCloud. It tells you and asks you to confirm. Every single time.
iCloud is a cloud, it's not a remote drive. There's no concept of storing files only there and not here, or vice-versa. If you're deleting a photo from iCloud, then you're deleting the photo full stop. If you're deleting a photo from your device, you're deleting the photo full stop.