UK authorities sentenced hacker who blackmailed Apple for $100,000

A 22-year-old man was sentenced for his involvement in an extortion attempt against Apple, he threatened to mass-hack iCloud accounts.

Kerem Albayrak, a 22-year-old man from North London who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays a ransom, was sentenced today in London.

In March 2017, crooks claimed to have over 627 millions of iCloud credentials and threatened to wipe date from iPhones, iPads and Macs if Apple did not pay $150,000 within two weeks. Kerem Albayrak claimed to be a spokesman for the “Turkish Crime Family

Members of the group which calls itself Turkish Crime Family also claimed that they were involved in selling databases of stolen credentials for the past few years.

Albayrak and his accomplices requested the payment of $75,000 in crypto-currency or $100,000 worth of iTunes gift cards within April 7, 2017, for deleting the copy of the stolen database. Albayrak was arrested in late March 2017 by the NCA’s National Cyber Crime Unit.

“On 12 March 2017 he emailed Apple Security claiming to have iCloud account details which he planned to sell online on behalf of his “internet buddies.” reported the NCA.

“A week later Albayrak filmed himself accessing two apparently random iCloud accounts. He posted the video on YouTube and sent the link to Apple security, as well as multiple media outlets. Two days later the demand increased to $100,000 and a threat to factory reset every icloud account in his possession. Apple contacted law enforcement in the UK and US and the NCA led the UK side of investigation.”

The investigation conducted by the NCA confirmed Apple’s findings that there were no signs of a network compromise.

When asked about the motivation of his action, Albayrak told NCA investigators “once you get sucked into it [cyber crime], it just escalates and it makes it interesting when it’s illegal,” “when you have power on the internet it’s like fame and everyone respects you, and everyone is chasing that right now.”

On December 2, the man pleaded guilty to one count of blackmail and two counts of “unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer.”

On 20 December, Albayrak was sentenced at Southwark Crown Court and given a two year suspended jail term, full 300 hours of unpaid work in the neighbourhood, and a six-month electronic curfew.

“Albayrak wrongly believed he could escape justice after hacking into two accounts and attempting to blackmail a large multi-national corporation,” said Anna Smith, a Senior Investigative Officer for the NCA. “During the investigation, it became clear that he was seeking fame and fortune. But cyber-crime doesn’t pay. The NCA is committed to bringing cyber-criminals to justice. It is imperative that victims report such compromises as soon as possible and retain all evidence.”

Kerem Albayrak was sentenced this week to a two-year suspended jail term, 300 hours of unpaid work, and a six-month electronic curfew.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – iCloud, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]