A group of hackers is blackmailing Apple, putting forth their intention to wipe millions of iPhones, including iCloud accounts, unless the company agrees to pay a ransom before April 7.
According to a report by Motherboard, the cybercriminals identify themselves as the "Turkish Crime Family". They are demanding $75,000 in Bitcoin or Ethereum (another rising crypto-currency), or $100,000 worth of iTunes gift cards, in exchange for deleting the alleged data they have collected.
It was revealed that the hackers provided screenshots of alleged email exchanges with Apple, including one where a member of Apple"s security team asked if the criminals can provide a sample of the data they have stolen.
To prove that they mean business, the "Turkish Crime Family" supposedly uploaded a YouTube video of them logging in from one of the compromised accounts. It is said the accessed iCloud account is that of an elderly woman, and it contains backed-up photos. The remote wiping of the device is enabled on the account as well.
"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel, as it"s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," reads a message from an alleged member of Apple"s security team.
The conversation continued, with said Apple security worker threatening to send the conversation to authorities.
Motherboard notes some inconsistencies with the hackers" statements; according to one of the emails, they claim to have access to over 300 million Apple email accounts, including those with @icloud and @me domains. However, another declaration from the group said that they had a total of 559 million accounts stolen.
Apple has not publicly commented yet regarding the issue, according to the report.
Whether there is any truth to the hackers" claims is still unknown. Other than the aforementioned old woman"s account, there is no strong evidence that the group has indeed procured millions of accounts with an ability to wipe all of them in just a few taps.
Still, it pays to enhance the security of your Apple accounts, by using strong passwords, two-factor authentication, and always staying away from phishing scams that are out to steal your personal data.
Update: The "Turkish Crime Family" got in touch with Neowin to provide additional information, and clear up some of the statements initially mentioned.
They correct the $75,000/$100,000 iTunes gift card demand, stating:
The "75,000" request is false and was the initial sum for a split of the DB before we decided to do what we"re doing, we requested $100,000 for each of our members which is 7 in total or $1 million worth in iTunes vouchers for instant resale at 60% of the original gift card value + Some private stuff that we have agreed not to publicize as we believe it may ruin Turkish Crime Family & Apple relations. The second thing is worth more to us than money.
They further share that they are "determined" that Apple will force their users to reset their iCloud passwords to stop them, acknowledging that this might mean server issues and customer complaints for the company.
The Turkish Crime Family also explained their motivation behind the planned attack:
We"re doing this because we can, and mainly to spread awareness for Karim Baratov & Kerem Albayrak which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America. Kerem Albayrak on the other hand is being accused of listing the Yahoo database for sale online
The group is still strengthening their infrastructure, with more people getting involved with them day to day providing the database for the attack on April 7. In their calculations, they have the ability to wipe 38,250,000 million accounts per hour, which definitely can spell danger for millions of iCloud accounts worldwide.
Source: Motherboard via Hot For Security