Apple has received a ransom threat from a hacking group claiming to have access to data for up to 800 million iCloud accounts.
The hackers, said to be a London-based group called the “Turkish Crime Family,” have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of US$700,000. They have given the company an ultimatum to respond by April 7.
Apple reportedly has denied that the group succeeded in hacking its systems, maintaining that it obtained the email addresses and passwords from previously compromised third-party services. Apple is working with law enforcement on the threats.
The data set in the iCloud hack matches the data found in the 2012 hack of 117 million accounts on LinkedIn, according to some published reports.
However, the Turkish Crime Family strongly denied that in a message to TechNewsWorld on Friday.
Correcting the Message
The initial reports of a ransom demand of just $75,000 were incorrect, the group said in response to our email query. It actually demanded $100,000 for each of its seven members, plus “extra stuff from Apple that are worth more to us than money,” which it promised Apple it would keep secret.
The group also told TechNewsWorld that the only member based in London is Kerem Albayrek, who is facing charges related to listing a hacked Yahoo database for sale. It claimed that its iCloud ransom demands were in part to spread awareness of Albayrek, as well as of Karim Baratov, a Canadian resident charged earlier this month, along with a second hacker and two Russian FSB agents, in the 2014 breach of 500 million Yahoo account holders.
The group told TechNewsWorld that it showed Apple scan logs that contain 800 million iCloud accounts, and that Apple claimed the data had come from outside sources.
The group said it planned to launch a website that would list iCloud user names, last names, dates of birth and a captcha of their current location from an iCloud app.
The site will not disclose passwords initially, the group said, but it would do so “most probably in the future.”
Shaking Down Apple
The Turkish Crime Family threat should be taken seriously, said Pierluigi Paganini, a cybersecurity analyst and member of the Cyber Group G7 2017 Summit in Italy.
“I consider the threat is credible, even if it is quite impossible to know the exact number of iCloud credentials in the hands of hackers,” he told TechNewsWorld.
The group is known in the hacking underground for the sale of stolen databases, Paganini said.
The group reportedly has approached several media outlets directly; it told TechNewsWorld that it had been in contact with five.
However, it is unlikely that the group’s efforts to stir public pressure against Apple will be effective, noted Mark Nunnikhoven, vice president for cloud research at Trend Micro, in an online post.
Apple is too large and has too many resources to give in to public pressure, he pointed out.
The group’s demands are similar to a shakedown in the physical world, in which criminals demand monthly payments to “protect” a business, Nunnikhoven noted.
“In the digital world, the pressures that make victims pay (e.g. keeping your store in one piece) don’t apply,” Nunnikhoven wrote.
“With iCloud accounts, Apple has the ultimate safety valve … they control the infrastructure behind the accounts,” he added. “Which removes most of the pressure points criminals could use.”
There is no evidence of state involvement in this cyberthreat, Nunnikhoven told TechNewsWorld.
However, there is “mounting evidence that this is a group whose eyes are bigger than their stomachs,” he suggested. “Selling credentials on the underground is rather commonplace. Attempting to extort one of the biggest companies on the planet with poor quality data is quite another.”
A report in ZDNet appeared to lend credence to some of the hacking group’s claims, however. The group provided 54 credentials to the publication, which were verified as authentic based on a check of the password reset function.
Most of the accounts were outdated, but 10 people did confirm to the publication that the obtained passwords were legitimate and that they since had changed them. Those 10 people were living in the UK, and had UK mobile numbers.
Trend Micro is urging iCloud users to protect their accounts by using two-factor authentication, and also to use a password manager.
A password manager helps users create unique passwords for every account and stores them remotely so that hackers cannot access one or two accounts and thereby gain access to many more.
The FBI declined to comment for this story.
Apple officials did not respond to our request to comment, and a Yahoo spokesperson was not immediately available.