Australian Apple idevices hacked, hijacked and receive old fashioned ransom demands

May 29, 2014 |

For an age Apple users have felt more than a little special, if not smug, as they watched desktop devices were hit by viruses sent by hackers and other neer do wells of the cyberspace world.  That has changed over time with the feeling of invincibility giving way to a  general sense of superiority. Apple devices may not be perfect but they are not prone to wholesale hacking.

Based on 2 articles in the Sydney Morning Herald, Australian Apple iDevices hijacked, held to ransom and Apple device hijacking spreads to US as Aussies urged to change passwords, even that feeling of wellness may be misplaced.  Mac forums have been ablaze with commentary from less than enthused users (in My devices have been hacked. What do I do?) .  This is a significant data breach.  It will be interesting to see if it is reported to the Privacy Commissioner.  Under the current law there is no mandatory requirement to report data breaches.  Needless to say the Privacy Commissioner would look, if he looks, at compliance with Australian Privacy Principle 11.

The phenomena is best described in the former of the SMH articles which provides:

Owners of Apple devices across Australia are having them digitally held for ransom by hackers demanding payment before they will relinquish control.

iPad, iPhone and Mac owners in Queensland, NSW, Western Australia, South Australia and Victoria have reported having their devices held hostage.

One iPhone user, a Fairfax Media employee in Sydney, said she was awoken at 4am on Tuesday to a loud “lost phone” message that said “Oleg Pliss” had hacked her phone. She was instructed to send $50 to a PayPal account to have it unlocked.

What part of the hacker’s message looks like on an iMac screen.

It is likely hackers are using the unusual name as a front to get money from people. A real Oleg Pliss is a software engineer at tech company Oracle. A similar name is listed on LinkedIN as a banking professional in Ukraine, while there are others in Russia.

Meanwhile Avest, an anti virus firm, has suffered an breach of its data security systems.  The CEO posted a blog explaining the nature of the attack and the need for the AVAST forum to remain offline when he stated, in AVAST forum offline due to attack:

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.


Vince Steckler

CEO AVAST Software

 Please pause to digest an irony rich moment.

One Response to “Australian Apple idevices hacked, hijacked and receive old fashioned ransom demands”

  1. Australian Apple idevices hacked, hijacked and receive old fashioned ransom demands | Australian Law Blogs

    […] Australian Apple idevices hacked, hijacked and receive old fashioned ransom demands […]

Leave a Reply