Hackers threaten to wipe millions of iCloud accounts if Apple doesn't pay ransom by 7 April
'This is just the start,' the hacker group wrote.
Hackers are reportedly demanding $75,000 (£59,932) in ransom from Apple claiming they have access to over 300 million Apple email accounts. Going by the name "Turkish Crime Family," the group of hackers have threatened to wipe the data of millions of users if Apple fails to pay up by 7 April.
Motherboard reports the group has demanded a $75,000 ransom in either Bitcoin or Ethereum. They are also reportedly willing to accept $100,000 worth of iTunes gift cards as payment.
"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told the site.
To prove their claims, members of the hacking group reportedly provided Motherboard with screenshots of alleged emails between the group and Apple's security team and access to an email account reportedly used to communicate with the Cupertino company.
The group is also said to have given the site a video, uploaded to YouTube, allegedly showing them browsing through a number of stolen iCloud accounts.
According to the emails allegedly exchanged between Turkish Crime Family and Apple, a member of the company's security team asked them to take down the YouTube video "as it's seeking unwanted attention" and said they "do not reward cyber criminals for breaking the law". The team member also warned that archived communications with the group would be sent to the authorities.
However, the hacker group did not provide any proof of the cache's existence or explain how they gained access to the stolen accounts, which allegedly includes iCloud and @me domains as well.
Apple declined Motherboard's request for comment.
Members of the group were also reportedly inconsistent about their claim with one of the hackers claiming they had 559 million accounts. The Turkish Crime Family Twitter account, however, claims 200 million iCloud accounts will be affected in the April cyberattack.
"We are a new organization," the group wrote from a newly created Twitter account under the handle @turkcrimefamily. "The 7 April 2017 attack isn't going to be our only one. This is just the start."
Update:
A representative for the hacker group told IBTimes UK that their action is not politically motivated.
"We are doing this because this because we can and mainly to spread awareness for Karim Baratov and Kerem Albayrak, which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America," the group wrote in an email. "Kerem Albayrak on the other hand is being accused of listing the database for sale online."
The hackers claimed they have been selling private databases over the past few years, but decided not to resell their @iCloud, @Me and @Mac extension Apple domains since there "wasn't a popular demand for them at the time due to Apple's security measures".
"So we decided to put it to good use," they said. "We are also determined that Apple will force their user's to reset their password to stop us. If they do not they are going to face really serious server issues and customer complaints."
The hackers claimed they are originally from Istanbul, Turkey, but now "rep" Green Lanes, North London. They noted that they are strengthening their infrastructure and acquiring more servers for the 7 April attack, adding that this will not be their only cyberattack targeting "big companies".
"What we don't know is whether the email exchanges between the hackers and Apple are real or faked, and – indeed – whether the so-called 'Turkish Crime Gang' really has access to a large number of Apple users' credentials," security expert Graham Cluley wrote on Bitdefender's Hot for security blog.
"However, if it's true that the hackers are attempting to engage with the media in an attempt to increase their chances of a substantial payout then that would be in line with an increasingly common technique deployed by extortionists."
© Copyright IBTimes 2024. All rights reserved.