Apple devices digitally Kidnapped

lclev · May 27, 2014

Has anyone seen or know of this article:
Apple devices digitally kidnapped in Australia, held for ransom - Los Angeles Times

From what I gather the best defense is to make my Apple ID password totally unique and then hope Apple doesn't get hacked. Interesting that the way they found to compromise an iPhone or iPad is by using user names and passwords obtained from other hacked companies.

Any thoughts?

Lisa

ArklightHD · May 27, 2014

Very worrying to read.

As you stated above, the best way to keep unwanted people from having access to your personal files and contacts is to have very secure passwords. Make sure that the passwords are alphanumeric and a mixture of both upper and lower cases.

An added tip would be to keep your passwords unique and not to use them on multiple websites.

Lifeisabeach · May 27, 2014

lclev said:
Has anyone seen or know of this article:
Apple devices digitally kidnapped in Australia, held for ransom*-*Los Angeles Times

From what I gather the best defense is to make my Apple ID password totally unique and then hope Apple doesn't get hacked. Interesting that the way they found to compromise an iPhone or iPad is by using user names and passwords obtained from other hacked companies.

Any thoughts?

Having unique passwords is exactly the best defense, although I also recommend using 2-factor identification anywhere it's offered (you can do so for your Apple ID). As user name/password lists get leaked from attacks on vulnerable websites, scores of hackers are re-trying those names/passwords on other sites to try and get in. This almost happened with me a few years ago when my login credentials got stolen for one website and someone tried to re-use it on Facebook. They were blocked because Facebook was already on top of the situation and the login request came from a foreign computer, but that was a wakeup call for me. Today I have unique, strong passwords for everything. It's impossible to keep up with all this, so a password manager is a must. I'm happy with 1Password, but there are a few alternatives out there.

lclev · May 27, 2014

I agree, unique passwords for each site is a must now. I have downloaded 1Password and I need to really take a hard look at it. Currently I have a list in Excel and I use a unique way of listing passwords and user names. If anyone where to look at it and try what they see it would not work. The user names or passwords are things I know or understand and would make no sense to anyone else. I got started using the method when password keepers were still off in the future. I guess I worry about how my unique style would translate to 1Password. Plus it is another new app to learn....

Lisa

harryb2448 · May 27, 2014

No problems here but then I do not use 1Password and make sure my mobile, 'puter, router and everything else has a strong 13 digit numeric and alpabetical password including some capitals. And going over Macintosh forums here seen nothing about it either.

lclev · May 27, 2014

harryb2448 said:
No problems here .... And going over Macintosh forums here seen nothing about it either.

I am glad. I found the story interesting. It originated in on an Australian website:

http://www.theage.com.au/digital-li...s-hijacked-held-to-ransom-20140527-zrpbj.html

It is plausible. If a hacker gets user names and passwords, goes to iCloud and starts inputting what they obtained it could happen. And it would not be an Apple security flaw because most people will use the same user name and password for every site because they are too lazy to set up a system to protect and track their passwords.

I imagine Apple has a lock out policy after so many tries but that can be circumvented.

Lisa

Lifeisabeach · May 27, 2014

It's on CNN now.

Hackers locking iPhones, demanding ransoms - CNN.com

One interesting theory:

One participant in the online discussion theorized the mass compromise may have been the result of hacking domain name system (DNS) servers used by Australian service providers to translate human readable addresses such as Apple.com into the IP addresses Internet routers rely on.

Such an attack, which has yet to be confirmed in this case, works by "poisoning" the lookup tables of DNS servers so they secretly direct people to impostor sites. Assuming this technique was at play in the iPhone and iPad locking, affected users who entered a password on what appeared to be Apple's site could have unknowingly provided it to the people behind the attack.

harryb2448 · May 28, 2014

Could well be. I have just changed ISPs and former had DNS address as '0.0.0.0' which would not take much hacking I guess. Currently it is a 12 digit address.

osxx · May 28, 2014

I thought this only happened on phones that were not password protected am I wrong?

TattooedMac · May 28, 2014

harryb2448 said:
No problems here but then I do not use 1Password and make sure my mobile, 'puter, router and everything else has a strong 13 digit numeric and alpabetical password including some capitals. And going over Macintosh forums here seen nothing about it either.

Its a huge thing, with a 28page thread in the Apple forums already. I reckon some people fell for the phishing scam a little while ago, where people were asked to go to their iCloud account and make sure their password and login credentials where right. It was a fake iCloud site, but I'm sure some fell for it, and this is where they got the password and iCloud details from . .

MYmacROX · May 28, 2014

osxx said:
I thought this only happened on phones that were not password protected am I wrong?

iPhones with screen lock passwords were not vulnerable.

TattooedMac said:
Its a huge thing, with a 28page thread in the Apple forums already. I reckon some people fell for the phishing scam a little while ago, where people were asked to go to their iCloud account and make sure their password and login credentials where right. It was a fake iCloud site, but I'm sure some fell for it, and this is where they got the password and iCloud details from . .

Ahh, that makes a lot of sense. I hadn't heard of that phishing email, but it goes to show how a measure of common sense can protect you. I guess a lot of people were fooled by it.

chscag · May 28, 2014

Ahh, that makes a lot of sense. I hadn't heard of that phishing email, but it goes to show how a measure of common sense can protect you. I guess a lot of people were fooled by it.

You mean there are folks who don't use common sense when they're on their computer? ;P

harryb2448 · May 28, 2014

Lol Charlie. Ohh you Texans!!

TattooedMac · May 28, 2014

MYmacROX said:
I guess a lot of people were fooled by it.

And its seems only us Aussies are the fools

All good though, as PayPal have said all senders of money are covered buy their Buyers Protection Policy

Lifeisabeach · Jun 9, 2014

Arrests have been made!

Russia arrests men accused of hijacking Australian Apple devices | Electronista

TattooedMac · Jun 9, 2014

Nice find there. Just goes to show the need to have different passwords for different sites you visit.
The love with 1Password makes this so much easier, now with their implementation of WatchTower and showing the Vulnerable sites. I have changed about 65% of them since the SSL Bug.

itasara · Jun 10, 2014

be ware of letting "techs" control your computer remotely

I made terrible mistakes when I was under a lot of stress. These so called techs got access because I gave it to them.. They didn't need a password. I redid new hard drive. MS word didn't work. I had the original disks and key, but the key did not work and it was correct. Got message that directed me to a help tech place, but it was an independent place outsourced. I was stupid. It cost me a lot of money and these people fixed it but I found out a lot of my applcations were missing. Found in trash later. Had to restore from back up a month at least back which I should have done to begin with. My computer may have been compromised but too long a story to go into now. Now I am very weary and untrustful. Just make sure when you need tech help that you go to the legitimate number and not just one that shows up or pops up on the internet or on the computer. :Not-Amused:

TattooedMac · Jun 10, 2014

itasara said:
I made terrible mistakes when I was under a lot of stress. These so called techs got access because I gave it to them.. They didn't need a password. I redid new hard drive. MS word didn't work. I had the original disks and key, but the key did not work and it was correct. Got message that directed me to a help tech place, but it was an independent place outsourced. I was stupid. It cost me a lot of money and these people fixed it but I found out a lot of my applcations were missing. Found in trash later. Had to restore from back up a month at least back which I should have done to begin with. My computer may have been compromised but too long a story to go into now. Now I am very weary and untrustful. Just make sure when you need tech help that you go to the legitimate number and not just one that shows up or pops up on the internet or on the computer.

Good point, and sorry to hear you got done over. Its always the best option to use a local number out of the Yellow Pages (Aust) when you have a Computer problem. As Apple has said nothing in iCloud was compromised, doubles my belief that this was done with a phishing Scam that hit us Aussies a few moths ago now, and these hackers were sitting waiting for the right time to hit us.
@-3 months after someone went to a fake iCloud page and put in their credentials, would arouse suspicion as if it was done straight away.
They were clever, but nice to see PayPal do their part as well.

itasara · Feb 12, 2015

Sometimes I have to give over control

Recently I had another problem with MS word.. pop up saying I had to reinstall it. It still worked but this popup came up everytime I started ms word. With companies like MS there is no local help. I sometimes ask Apple who is helpful but not with third parties like Microsoft. I thought I had the official number.I called. Got the I can fix this for you for $95 +. I smelled a fish so I said no thanks. A wonderful person either on the apple user group or maybe here told me what to do. A license was missing and it was a Quick fix by myself and now cured. It's very discouraging not knowing whom to trust and no matter what number I call for microsoft everyone wants to charge me and not help me!!

Now other times like when my hp wireless printer doesn't work I need to let them into my computer to fix it. However I pretty much know who they are; at least so far so good. But there are a lot of companies trying to fix ms word and I don't believe they are legitimate. And they give out info that could easily be fixed with the correct information.

If I didn't need MS word I would surely delete it, but it works well for me and I don't want to change and take the chance that others won't be able to get my "other" documents.

chscag · Feb 12, 2015

But there are a lot of companies trying to fix ms word and I don't believe they are legitimate. And they give out info that could easily be fixed with the correct information.

If I didn't need MS word I would surely delete it, but it works well for me and I don't want to change and take the chance that others won't be able to get my "other" documents.

Then you've been going to the wrong places or have been misled. MS Word for the Mac has an excellent help forum available for free and it's sponsored by Microsoft and staffed with very knowledgeable people. They also provide support for Excel, Powerpoint, and Outlook. Here is the LINK.

Of course you should ask here first before going there. ;D

Apple devices digitally Kidnapped

lclev

ArklightHD

Lifeisabeach

lclev

harryb2448

lclev

Lifeisabeach

harryb2448

osxx

TattooedMac

MYmacROX

chscag

Well-known member

harryb2448

TattooedMac

Lifeisabeach

TattooedMac

itasara

TattooedMac

itasara

chscag

Well-known member

Shop Amazon