Andrea Danti / Shutterstock
Russian police have arrested two alleged hackers they say extorted money from users of Apple devices by blocking them and demanding payment to free them up again.
The suspects, one a teenager and the other in his early 20s, could be jailed for two years if tried and convicted in what would be a relatively rare cyber security case in which Russian authorities have announced arrests.
The suspects, residents of Moscow, were arrested by the Interior Ministry’s cyber crime department — Directorate K — and have given self-incriminating evidence, according to a ministry statement issued on Monday.
The ministry did not say how many Apple users were hit by the scam nor whether any were foreigners outside Russia.
It said the suspects exploited Apple’s Find My iPhone app, which is meant to allow users to find and block devices they believe have been lost or stolen, to extort money from victims they targeted, using two methods.
“The first involved gaining access to the victim’s Apple ID by means of the creation of phishing pages, (gaining) unauthorized access to email or using methods of social engineering,” it said.
“The second scheme was aimed at attaching other people’s devices to a prearranged account” by offering Apple IDs with media content for lease on the Internet, which enabled the suspects to gain control of the devices, the statement said.
Cyber security experts and Western law enforcement agencies have raised questions about Russia’s commitment to fighting hackers on its soil, who have been blamed for some attacks on Western government and business computers in the past.
Though Russian authorities have made more arrests in the past few years than previously, officials in the United States and Britain continue to complain about alleged poor cooperation. Since Russia does not extradite anyone for offences committed elsewhere as a matter of law, hackers must be suspected of breaking domestic Russian law before any charges are filed.
Police began searching for suspects in the past few months, when they began receiving reports of devices being hijacked by hackers demanding money, K Directorate said.
It said officers confiscated computer hardware, SIM cards, phones and how-to literature on hacking in searches of the suspects’ apartments in southern Moscow.
Russian daily MK reported that police had identified the suspects in part thanks to surveillance-camera footage showing them withdrawing cash from ATMs using bank cards linked to accounts into which they told victims to transfer money.
The Interior Ministry said one of the suspects had been convicted of a crime earlier. According to MK, he had practiced a lower-tech form of extortion: Stealing license plates from neighbors’ cars and selling them back to their owners.
(Writing by Steve Gutterman; Editing by Mark Heinrich)