Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 14 MINUTES AGO.
You are here: Home / Data Security / Apple Disputes Massive iCloud Hack
Apple Disputes Hacker Group's Claim of Massive iCloud Breach
Apple Disputes Hacker Group's Claim of Massive iCloud Breach
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
23
2017
Contrary to a hacker group's claims, Apple said none of its systems, including iCloud and Apple ID, have been breached recently. However, the company said it is keeping an eye open for potential problems and recommends that users employ security measures such as strong passwords and two-factor authentication.

According to a report Tuesday in Motherboard, a group calling itself the "Turkish Crime Family" claimed it could remotely access hundreds of millions of Apple accounts and could use that access to wipe users' devices. The hacker(s) said they would do so on April 7 unless Apple paid a ransom of $75,000 to $100,000.

In another Apple-related development, the news leak organization WikiLeaks today posted new documents from the Central Intelligence Agency (CIA) that purport to show how the agency can infect Apple products to gain persistent access to Mac computers, iPhones, and other devices. The new disclosure is the second WikiLeaks release of classified "Vault 7" information from the CIA.

Apple: 'No Breaches of Any Systems'

"There have not been any breaches in any of Apple's systems including iCloud and Apple ID," a company spokesperson told us today via email. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

Writing in Motherboard earlier this week, Joseph Cox said the self-identified "Turkish Crime Family" had provided his publication with screenshots purportedly showing the hackers' email conversations with members of Apple's security team. One of the email conversations appeared to show Apple employees asking the hackers to remove a YouTube video showing how they were able to access one woman's iCloud account.

"This is a weird story, and I'm skeptical of some of the details," cybersecurity expert Bruce Schneier noted this morning on his blog. "Presumably Apple has decided that it's smarter to spend the money on secure backups and other security measures than to pay the ransom. But we'll see how this unfolds."

U.K.-based security analyst Graham Cluley echoed that skepticism, but added he hoped the reports called attention to the importance of Apple users employing strong security precautions.

"What we don't know is whether the email exchanges between the hackers and Apple are real or faked, and -- indeed -- whether the so-called 'Turkish Crime Gang' really has access to a large number of Apple users' credentials," Cluley wrote in a blog post on Tuesday. "Other than the video of the elderly woman's iCloud account being broken into, there has been no evidence shared with the media to suggest that the hackers' claims of having gained access to a large database of Apple usernames and passwords are legitimate."

CIA 'Infecting iPhone Supply Chain'

Earlier today, WikiLeaks posted new information on its Web site that it said shows several CIA projects can gain persistent access to Apple devices via malware. Documents published alongside the WikiLeaks news release referenced projects with names such as "Sonic Screwdriver," "DarkSeaSkies," and "Triton."

The WikiLeaks documents are the second set of "Vault 7" files to be published by the organization since earlier this month. The first cache of more than 8,700 documents, published March 7, revealed details about CIA efforts to hack vehicle controls, smart appliances, phones, and computers.

One of the new documents released today is what WikiLeaks said is a manual for an iPhone-targeting CIA tool called NightSkies 1.2.

"Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones, i.e., the CIA has been infecting the iPhone supply chain of its targets since at least 2008," the WikiLeaks news release stated. "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.