Apple is being blackmailed
An unknown group of hackers, self-labeling themselves as “Turkish Crime Family”, is blackmailing Apple for ransom with a strict deadline of April 7.
Their demand—$75,000 in Bitcoin or Ethereum cryptocurrency, or $100,000 worth of iTunes gift cards. If Apple fails, they threaten to remotely wipe out over 300 million iPhone and iCloud accounts.
Why publicize your nefarious activity?
This bizarre story was first published by Motherboard after the hackers involved approached the media outlet themselves, in an apparent effort to pressure Apple to cave in to their demands.
As a hacker from the team explained in an email to Motherboard, “I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing”.
Screenshots shared by the hackers supposedly show discussions with Apple’s security team.
Furthermore, it appears that the Apple security team asked the group to remove a YouTube video allegedly showing an unnamed member of the gang using stolen credentials to access an elderly woman’s iCloud account and view photos that had previously been backed online.
Involving the media has been an increasing technique used by online extortionists to leverage against victims.
For example, hackers have recently listed millions of healthcare organization records in the ‘dark web’ and reached out to media deliberately.
They went to the media to extort companies into paying money in exchange for protecting patient data files.
Similarly, a group of hackers, TheDarkOverlord went to media when demanding ransom from investment banks in exchange for not releasing hacked files.
Software vulnerability is a well-known concern for companies.
In a recent (legally organized) hacking competition, participants exploited unknown weakness in software of both Adobe Reader and Apple to hack into them successfully.
Security concerning personal data storage has also made news, most notably in 2014, when celebrity accounts were broken into and personal photos were shared online.
This is bananas
In this particular case with the Turkish Crime Family, beyond what the hackers have shared with Motherboard, there is little proof of the authenticity of threats.
[clickToTweet tweet=”‘What we don’t know is if the email exchanges between the hackers and Apple are real or faked’ -Cluley” quote=”Graham Cluley, a British computer security expert noted on a blog, “What we don’t know is whether the email exchanges between the hackers and Apple are real or faked, and – indeed – whether the so-called “Turkish Crime Gang” really has access to a large number of Apple users’ credentials.””]
Apple has not responded to media requests on this matter so far.