Apple Disputes Hacker Group's Claim of Massive iCloud Breach
By Shirley Siluk / CIO Today. Updated March 23, 2017.
Contrary to a hacker group's claims, Apple said none of its systems, including iCloud and Apple ID, have been breached recently. However, the company said it is keeping an eye open for potential problems and recommends that users employ security measures such as strong passwords and two-factor authentication.
According to a report Tuesday in Motherboard, a group calling itself the "Turkish Crime Family" claimed it could remotely access hundreds of millions of Apple accounts and could use that access to wipe users' devices. The hacker(s) said they would do so on April 7 unless Apple paid a ransom of $75,000 to $100,000.
In another Apple-related development, the news leak organization WikiLeaks today posted new documents from the Central Intelligence Agency (CIA) that purport to show how the agency can infect Apple products to gain persistent access to Mac computers, iPhones, and other devices. The new disclosure is the second WikiLeaks release of classified "Vault 7" information from the CIA.
Apple: 'No Breaches of Any Systems'
"There have not been any breaches in any of Apple's systems including iCloud and Apple ID," a company spokesperson told us today via email. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."
Writing in Motherboard earlier this week, Joseph Cox said the self-identified "Turkish Crime Family" had provided his publication with screenshots purportedly showing the hackers' email conversations with members of Apple's security team. One of the email conversations appeared to show Apple employees asking the hackers to remove a YouTube video showing how they were able to access one woman's iCloud account.
"This is a weird story, and I'm skeptical of some of the details," cybersecurity expert Bruce Schneier noted this morning on his blog. "Presumably Apple has decided that it's smarter to spend the money on secure backups and other security measures than to pay the ransom. But we'll see how this unfolds."
U.K.-based security analyst Graham Cluley echoed that skepticism, but added he hoped the reports called attention to the importance of Apple users employing strong security precautions.
"What we don't know is whether the email exchanges between the hackers and Apple are real or faked, and -- indeed -- whether the so-called 'Turkish Crime Gang' really has access to a large number of Apple users' credentials," Cluley wrote in a blog post on Tuesday. "Other than the video of the elderly woman's iCloud account being broken into, there has been no evidence shared with the media to suggest that the hackers' claims of having gained access to a large database of Apple usernames and passwords are legitimate."
CIA 'Infecting iPhone Supply Chain'
Earlier today, WikiLeaks posted new information on its Web site that it said shows several CIA projects can gain persistent access to Apple devices via malware. Documents published alongside the WikiLeaks news release referenced projects with names such as "Sonic Screwdriver," "DarkSeaSkies," and "Triton."
The WikiLeaks documents are the second set of "Vault 7" files to be published by the organization since earlier this month. The first cache of more than 8,700 documents, published March 7, revealed details about CIA efforts to hack vehicle controls, smart appliances, phones, and computers.
One of the new documents released today is what WikiLeaks said is a manual for an iPhone-targeting CIA tool called NightSkies 1.2.
"Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones, i.e., the CIA has been infecting the iPhone supply chain of its targets since at least 2008," the WikiLeaks news release stated. "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."