Hello.
The following story is pasted from ZDnet and may be of concern to anyone
who uses an Apple product, as it is possible that a certain amount of
Apple accounts may have been compromised by hackers. I would advise
users to make two changes and you should be OK, even if a large amount
of accounts have been compromised. First, if you do nothing else, enable
two-factor authentication. Once this is enabled, anybody who attempts to
sign into Apple's iCloud service with your user name and password will
be unable to do so, as a verification code will be sent to your
smartphone and, without entering that verification code, nobody can sign
in as you. Secondly, changing your password certainly would not hurt.
You can manage your AppleId by going to
http://appleid.apple.com
Here is the text of the article.
Apple iCloud ransom demands: The facts you need to know
Welcome to the wonderful world of security nuance.
Zack Whittaker <http://www.zdnet.com/meet-the-team/us/zack-whittaker/>
By Zack Whittaker
<http://www.zdnet.com/meet-the-team/us/zack-whittaker/> for Zero Day
<http://www.zdnet.com/blog/security/> | March 23, 2017 -- 22:53 GMT
(15:53 PDT) | Topic: Security <http://www.zdnet.com/topic/security/>
* 10
<http://www.zdnet.com/article/apple-icloud-ransom-what-you-need-to-know/#comments-06bca96b-a22a-4fc5-973f-9406b8a0218b>
* 1828
* 446
*
*
*
(Image: file photo)
Hackers are demanding Apple pay a ransom in bitcoin or they'll blow the
lid off millions of iCloud account credentials.
Beyond the primary headline, however, there are a bevy of loose ends and
nuances to ponder.
So far, we know that a London-based hacker group, calling itself the
Turkish Crime Family, has claimed to have access to 250 million accounts
(at the time of writing). The hackers are threatening to reset the
passwords on those iCloud accounts and remotely wipe iPhones if Apple
doesn't pay a ransom by April 7. Those demands have since changed and
increased. Motherboard, which first reported
<https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom>
the story, noted that the media-hungry group has approached multiple
outlets, possibly to help its extortion efforts.
ADVERTISING
ADVERTISING
inRead invented by Teads <http://teads.tv/inread-outstream/>
inRead invented by Teads <http://inread-experience.teads.tv/>
More security news
* Senate votes to repeal broadband privacy rules
<http://www.zdnet.com/article/senate-votes-to-repeal-broadband-privacy-rules/>
* Apple iCloud ransom demands: The facts you need to know
<http://www.zdnet.com/article/apple-icloud-ransom-what-you-need-to-know/>
* Google proposes sending Symantec to TLS sin bin
<http://www.zdnet.com/article/google-proposes-sending-symantec-to-tls-sin-bin/>
* Contact centers branded the 'Achilles heel' of the enterprise
<http://www.zdnet.com/article/contact-centers-branded-the-achilles-heel-of-the-enterprise/>
For its part, Apple has said it hasn't been hacked. In a brief statement
to sister-site CNET
<https://www.cnet.com/news/hackers-apple-extortion-icloud-account-iphone/>,
the company said the data came from "previously compromised third-party
services," and that it is "actively monitoring to prevent unauthorized
access to user accounts."
That seems to tie in with what the hackers said in an email to some
members of the press late on Wednesday. The hackers denied any direct
breach of Apple systems. What muddies the water is that the hackers also
appear in some cases to have passwords that have been only used for
iCloud. Welcome to the wonderful world of security nuance.
We have worked for the past few days to get to the bottom of this.
Here's what we've learned.
ZDNet obtained a set of 54 credentials from the hacker group for
verification. All the 54 accounts were valid, based on a check using the
site's password reset function. (You can learn more about how we verify
data breaches here
<http://www.zdnet.com/article/how-not-to-verify-a-data-breach/>.)
These accounts include "icloud.com," dating back to 2011, and legacy
"me.com" and "mac.com" domains from as early as 2000. The list of
credentials contained just email addresses and plain-text passwords,
separated by a colon, which according to Troy Hunt
<https://www.troyhunt.com/heres-how-i-verify-data-breaches/>, data
breach expert and owner of notification site Have I Been Pwned
<https://haveibeenpwned.com/>, makes it likely that the data "could be
aggregated from various sources."
We started working to contact each person, one by one, to confirm their
password. Most of the accounts are no longer registered with iMessage
and could not be immediately reached.
However, 10 people in total confirmed that their passwords were
accurate, and have now changed them.
Those 10 people we spoke to were based in the UK, and had UK cell phone
numbers. All the people we spoke to were on different cell networks. (A
person representing the hacker group, who is allegedly no longer a
member, told me that the data is "handled in groups" but would not
explain how or why. The hackers refused to hand over a US-based sample
of accounts.)
The same 10 people confirmed that they had used the same password since
opening their iCloud accounts.
According to the responses, most of the people had the same passwords on
their accounts for "about four or five years" since iCloud's debut. One
person said specifically that the password he confirmed with us was no
longer in use as of about two years ago, which narrows down the possible
date of a breach or multiple breaches to somewhere between 2011 and 2015.
Some of the people we spoke to only own iPhones, while others own Macs
and iPads but do not own an iPhone. That may rule out if an individual
Apple product line was compromised in some way.
We also asked if their accounts were used on other services to
potentially verify if another site had been compromised.
Most of the people we spoke to confirmed that they used their iCloud
email address and password on other sites, such as Facebook and Twitter.
However, three people said that their iCloud email address and password
were unique to iCloud, and were not used on any other site -- a key
anomaly that, if accurate, we can't explain.
Two of the people we spoke to confirmed that someone had tried to reset
their iCloud accounts in the past day. One of the people said that they
had received login notifications on Twitter, which used the same iCloud
email address and password. This seems fitting with the hackers'
apparent desires to reset accounts as they claim.
"All from London [where the hackers claim to be located], from different
browsers at the same time," confirmed the iCloud account holder.
Security 101
Tips for protecting your privacy from hackers and spies
<http://www.zdnet.com/article/simple-security-step-by-step-guide/>
Tips for protecting your privacy from hackers and spies
<http://www.zdnet.com/article/simple-security-step-by-step-guide/>
Take these simple steps to help protect yourself against hackers and
government surveillance.
* Read More
<http://www.zdnet.com/article/simple-security-step-by-step-guide/>
It's clear that there's something to the hackers' claims, given that
they have some working iCloud account credentials. But it's not known
exactly how many, or if the sample that was sent was representative of
the wider pool or was carefully selected.
Based on our experience and our interactions with the group and its
members, it's evident that the group is naïve and inexperienced. Based
on its grandiose claims and its cherry-picking media outlets to cover
its claims, it's also clear that the group is gunning for publicity.
When we began asking the group questions, the conversation quickly
turned to whether or not CBS News (which like ZDNet is also owned by
CBS), would also cover the group's claims.
The group also appears disorganized, and unable to maintain order within
its own ranks -- seen by the apparent "firing" of one of its members,
who ran the Twitter account. It also can't seem to stay on message, as
evidenced by the need to correct the record after reporters
"misunderstood the situation."
"A breach means nothing in 2017 when you can just pull the exact same
user information in smaller scales through companies that aren't as
secure," said the group in a Pastebin post <http://pastebin.com/kKm4Vwkx>.
We can't be sure that this is something big, but based on our reporting,
we can't say that it's nothing.
Those using two-factor authentication
<https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/>
or Apple's trusted device system should be protected.
But concerned users should change their Apple iCloud password through
this link <https://iforgot.apple.com/password/verify/appleid>. Look for
the green padlock icon in the address bar and that the web address
clearly says "iforgot.apple.com".
Change your password to a long password with differently-cased letters
and numbers with special characters. Using a password manager can
considerably help in generating strong passwords, as well as storing
them. We have more security advice here
<http://www.zdnet.com/article/simple-security-step-by-step-guide/>.
Apple did not respond to questions we sent earlier on Thursday.
Z
--
David Goldfield, Assistive Technology Specialist Feel free to visit my
Web site WWW.DavidGoldfield.Info
You are invited to visit the moderator's Web site at WWW.DavidGoldfield.Info
for additional resources and information about assistive technology training
services.
To unsubscribe from this list, please email
blind-philly-comp-request@xxxxxxxxxxxxx with the word unsubscribe in the
subject line.
To subscribe from another email address, send email to
blind-philly-comp-request@xxxxxxxxxxxxx with the word subscribe in the subject
line.
To contact the list administrator, please email
blind-philly-comp-moderators@xxxxxxxxxxxxx
