Apple ‘hacker’ held iPhone data to ransom, discovers crime doesn’t pay
LightRocket via Getty Images
A cyber-criminal, claiming to be a member of the “Turkish Crime Family” hacking group, tried to blackmail Apple after threating to delete hundreds of millions of Apple accounts. Kerem Albayrak was sentenced December 20 at Southwark Crown Court in London, having pleaded guilty to blackmail charges.
The strange story of the Turkish Crime Family Apple ‘hacker’
Albayrak, from North London, first came to the attention of the U.K. National Cyber Crime Unit (NCCU) after contacting Apple on March 12, 2017. He claimed that he had gained access to millions of iCloud account details. While iPhone users have recently been warned that they need to update to iOS 13.3 or risk getting locked out of their devices, Albayrak proposed to delete their data instead. He threatened to factory reset more than 250 million iCloud accounts, effectively holding iPhone user data to ransom, as well as “other” Apple accounts totaling 319 million in all. Apple contacted law enforcement in the U.S. and the National Crime Agency (NCA) led the investigation in the U.K. As well as deleting the accounts, Albayrak also threatened to sell his databases online if Apple didn’t pay up.
While Apple is now offering payments of up to $1.5 million (£1.1 million) to ethical hackers who find security problems in its products, Albayrak wanted a little less for his unethical actions. According to the NCA, Albayrak demanded that Apple made a payment of $75,000 (£57,500) in crypto-currency or, somewhat bizarrely, $100,000 (£77,000) worth of iTunes gift cards.
Apple hacker boasted online
In an online posting made March 23, 2017, Albayrak disputed those numbers. “This sum of $75,000 is very inaccurate,” Albayrak said, claiming that the actual demand was for “$75,000 per person which was later upped to $100,000 per person.” Albayrak claimed there were seven members of the Turkish Crime Family and that he had “also requested additional stuff from Apple.”
In that same online post, Albayrak said that his hacking group would “have enough power to factory reset 150 accounts per minute per script,” and that they could process 17 scripts per server.
He also posted a YouTube video showing him gaining access to what he claimed to be random iCloud accounts, and sent a link to Apple security and the media to bolster his demands. Not having covered his tracks particularly well, and with a penchant for making those public boasts online, Albayrak was arrested March 28, 2017, by NCA officers.
Not such a master cyber-criminal after all
Albayrak turned out to be less of a master hacker than his demands suggested. The NCA said that the investigation had “confirmed the findings of Apple that there were no signs of a network compromise.” In fact, the data Albayrak had was “from previously compromised third-party services which were mostly inactive,” according to the NCA.
Albayrak pleaded guilty to one count of blackmail and two counts of unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer. He was sentenced December 20 and received a two year suspended jail term along with 300 hours of unpaid work and an electronic curfew for six months.
“Albayrak wrongly believed he could escape justice after hacking into two accounts and attempting to blackmail a large multi-national corporation,” Anna Smith, a senior investigative officer for the NCA, said. “During the investigation, it became clear that he was seeking fame and fortune,” Smith said.
If you are not an iPhone hacker either, but you are concerned about security threats to your smartphone, then head over and read How To Secure Your iPhone: 12 Experts Reveal 26 Essential Security Tips.