The issue of information security is always rather delicate, even more in recent days when you have followed several thorny cases, such as the massive leak of Yahoo! account and recent publications of WikiLeaks. Are of little surprise, but also many fears, the statements of the last few hours regarding a potential breach of iCloud account in great style, damaging Apple as much as its users.
To threaten the Cupertino company and iCloud user is a hacker group falling within the category of “black hat“, i.e. those who carry out violations of systems in order to reap profits and other illegal benefits (as opposed to hackers “white hat“, which instead act as researchers of flaws in order to report it to the companies involved and improve their security solutions). The “Turkish Crime Family“, as has been identified, contacted various online publications, including Motherboard, in order to give public visibility as much to herself as to his intent. The site editors have been provided several screenshots as well as a link to a video uploaded to YouTube, regarding the contacts that took place in recent weeks between the group and the security engineers at Apple.
It speaks of redemption: the “Turkish Crime Family” has in fact asked Apple to pay a sum by 7 April in exchange for giving to attack iCloud. Otherwise, after that date they will proceed to a cancellation in block remotely of personal data in the account violated. Further complicating the matter is the raising of mail carried by hackers. If initially there was talk of $ 75,000 BitCoin or $ 100,000 in iTunes gift cards, the site CSO says that now the ransom was raised to $ 150,000, with a promise to increase it further every three days, because of a users in possession of the group database malicious even bigger than initially stated. The total of at risk account, in the absence of security measures such as authentication, two-step, even amount to over 220 million. Finally, in addition to the monetary motive, he is reported on a more political, related to the recent arrest in the US of two people involved in the leak Yahoo!.
The main hope is that all these threats prove to be a big bluff. For its part, Apple says it is so, as reported in Fortune a spokesman. If the hazard were true, however, it must be hoped that the group be vanquished before 7 April and / or Apple acting in advance with an automatic reset the password for all users who have not set access 2FA. In the meantime, the best advice to give to them is to not wait for the next moves of the parties and proceed immediately to the change of the password is the activation of access to two-step.