A 22-year-old citizen of the city of London, England, was sentenced to two years in prison, later reduced to community service, after trying to blackmail Apple into providing him with the equivalent of $100,000 in iTunes gift cards. His bargaining chip, he said, would be his supposed access to 319 million iCloud accounts, which he threatened to delete or reset if the iPhone maker didn’t obey him.
“Alleged Access”, as Apple has not identified any security breaches or unauthorized access to any iCloud account or other services offered. Concluding that it was a bluff, Cupertino’s company sued authorities in the US and the UK, with Britain’s National Crime Agency (NCA) leading the investigation.
“NCA cybercrime officers arrested Kerem Albayrak at his north London residence. Digital devices have been seized, including his smartphone, computers and hard drive. NCA investigators found telephone records showing that Albayrak acted as the spokesman for a self-titled ‘Turkish Criminal Family’ hacker group. For the group, he said ‘the attack will happen with 99.9% certainty. Even if it doesn’t, you’ll get a lot of media attention”, says the statement issued by the authorities.
Still citing the statement, the NCA said it had found evidence of successful intrusions, but these were outsourced services, meaning they were not directly related to Apple and were much smaller than Albayrak said.
“The investigation also confirmed Apple’s findings that there were no signs of compromised network services. The data Albayrak claimed to possess was actually from previous outsourced services, most of which were already inactive. Asked about his activities, Albayrak told officials that ‘when you get pulled into it [cybercrime], the thing scales and becomes interesting when it becomes illegal’. The cyber criminal looking for fame also said, ‘When you have power on the Internet, it’s like being famous and everyone respects you, and everyone is looking for it now.’
The NCA pointed out that other companies that face the same type of threat follow Apple’s lead and bring the authorities to investigate. “Albayrak mistakenly believed that he could escape justice after attempting to hack two accounts and blackmail a multinational corporation. During the investigation, it became clear that he sought only fame and fortune. But cybercrime is not worth it. The NCA is committed to bringing cybercriminals to justice. It is imperative that victims report such situations as soon as possible and retain all evidence.”
According to NCA documentation, Albayrak was sentenced to two years in prison, later commuted to 300 hours of unpaid community service, and was prevented from using electronic devices or accessing the Internet at times determined by the court. The extortion attempt itself took place in 2017, but the practice of British justice secrecy meant that it was only reported now.