Hacker avoids prison for 2017 iCloud blackmail attempt

Posted:
in General Discussion edited June 2020
A hacker involved in an attempt to blackmail Apple with a threat to delete 319 million iCloud accounts and factory reset millions of iPhones and iPads in 2017 has avoided going to prison after a London court handed down a two-year suspended sentence.




Kerem Albayrak, 22 from North London, pleaded guilty to one count of blackmail to a Southwark Crown Court on December 2, and previously admitted to two related counts of "unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer." In sentencing on Friday, the court gave Albayrak a two-year suspended jail term, along with an order to perform 300 hours of volunteer work and a six-month electronic curfew.

The attempted blackmail took place in March 2017, by a group called the "Turkish Crime Family." According to the UK National Crime Agency, which investigated the crime in collaboration with authorities in the US, Albayrak was the spokesperson for the hacker collective.

The group threatened Apple with the factory reset of 319 million user accounts on iCloud, as well as dumping collected databases online if the demand was not met. After contacting Apple Security with the initial threat and not receiving an adequate response within a week, he doubled the demand to $75,000 in cryptocurrency or one thousand $100 iTunes gift cards.

Albayrak also created a YouTube video where he accessed two seemingly random iCloud accounts as a form of proof, which was sent to Apple as well as media outlets. A small collection of UK-based iCloud accounts were also provided to media for verification.

Albayrak was arrested, and a search of seized devices confirmed his involvement in the group. In one conversation, the hacker bragged to the rest of the group that "the attack will happen 99.9%. Even if it doesn't, you're still going to get A LOT of media attention."

He went on to tell investigators of the need for fame. "When you have power on the Internet, it's like fame, and everyone respects you," Albayrak claimed. "Everyone is chasing that right now."

"Albayrak wrongly believed he could escape justice after hacking in to two accounts and attempting to blackmail a large multi-national corporation," said Anna Smith, a senior investigative officer for the NCA. "During the investigation it became clear that he was seeking fame and fortune. But cyber-crime doesn't pay."

At the time of the attempted blackmail, Apple said that its systems were not compromised, with the NCA investigation confirming there were no signs of a breach. Albayrak did have data that could be used in an attack, but it was collected from breaches of third-party services, and most of the accounts were inactive.

In emails sent from the Turkish Crime Family group to AppleInsider, the group claimed it had the capability to factory reset 150 accounts per minute, per script, that each server under its control could handle 17 scripts, and that there were 250 servers. Emails sent after the raid claimed Albayrak was innocent and that he "only provided" databases to the group.
«1

Comments

  • Reply 1 of 21
    lkrupplkrupp Posts: 9,628member
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.
    MacQcwilliamhjahbladeBebecharlesatlasronnJFC_PAtmaypscooter63watto_cobra
  • Reply 2 of 21
    lkrupp said:
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.
    I can't say it better so I'll just say it again.  This is why this crap continues.
    JFC_PAwatto_cobraFLMusicjony0
  • Reply 3 of 21
    1st1st Posts: 443member
    look like he did get his fame without paying too much.  
    watto_cobraFLMusic
  • Reply 4 of 21
    lkrupp said:
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.
    No, it really doesn't. Psychopaths and Narcissists don't think they'll get caught, and don't pay attention to what happens to other people when they get caught.

    "electronic curfew" (took one simple Google search) is basically electronic monitoring of his location. Typically that's an ankle bracelet.
    watto_cobraGeorgeBMac
  • Reply 5 of 21
    Rayz2016Rayz2016 Posts: 6,957member
    So that’s the sentence for extortion is it?

    Seems that crime does pay. 
    cornchipwatto_cobranetmagejony0
  • Reply 6 of 21
    dysamoriadysamoria Posts: 3,430member
    lkrupp said:
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.
    It’s a nonviolent (and victimless?) offense. Putting nonviolent offenders in prison is a great way to harden them, making them apt to commit worse offenses in future.

    Prison isn’t a solution for all crimes.
    GeorgeBMacCloudTalkin
  • Reply 7 of 21
    dysamoriadysamoria Posts: 3,430member
    This 22-year-old was looking for fame...? Sounds more like a 15-year-old.
  • Reply 8 of 21
    DAalsethDAalseth Posts: 1,811member
    lkrupp said:
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.
    Not at all.
    By suspending the sentence the court is saying he is no threat. It is now on public record that while he did try to extort Apple, he’s nothing more than a wannabe script kiddie with no actual skills,. He isn’t worth spending the money to lock up because he’s such a talentless poser. I can’t imagine any jail time that would be worse punishment for this POS. He wanted to be remembered, and he will be. He will be remembered as a total fake, and get laughed out of any hacker group he tries to slink into.
    cornchipmacpluspluswilliamhwatto_cobraCloudTalkinjeffharris
  • Reply 9 of 21
    cornchipcornchip Posts: 1,865member
    But cyber-crime doesn't pay." 



    unfortunately, it does though. I know of 2 or 3 people personally who have been ripped off to the tune of thousands, to tens of thousands of dollars via “cybercrime”. The criminals will never be found.

    this guy and his team just weren’t very smart. which is a good thing. the problem is that the next guys might be smarter.
    watto_cobranetmage
  • Reply 10 of 21
    Threaten to delete 319 million iCloud accounts or pay me $75K which is what the custodians normally gather when they vacuum up Apple HQ at night.  Or, upping their demands, 1000 $100 iTunes cards which can be redflagged and traced or voided before use).  This guy is not the brightest criminal bulb in the planet.
    watto_cobranetrox
  • Reply 11 of 21
    Whether or not virtual, credible, induced by addiction, it’s blackmail by an adult.
    On an immense scale.
    To be sentenced accordingly.
    edited December 2019 watto_cobranetmagestevenoz
  • Reply 12 of 21
    GeorgeBMacGeorgeBMac Posts: 10,699member
    lkrupp said:
    A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.

    Ahh!  It sounds like you are one of those who favor minimum sentences and mass incarceration.
    ...  So how's that been working out for you hardliners?   Get any results yet?  

    Most of the world has come to realize that the punishment needs to fit the person, the crime and the circumstances and is abandoning the nonsense of just throwing every law breaker in jail for years and decades because all it does is cost society a LOT of money and does little or nothing to prevent crime.

    Part of that also is that it is the small time criminals who spend years in jail while the white collar criminals get bonuses and golden parachutes.   I wonder how much Boeing is paying the guy they fired on Sunday because he oversaw the development of the flawed, unsafe plane that killed hundreds of innocents?
    DAalseth
  • Reply 13 of 21
    jd_in_sbjd_in_sb Posts: 1,600member
    Sounds like Fake Blackmail. He had no capability to do what he threatened to do. 
    normmdewme
  • Reply 14 of 21
    That kid threatened to WIPE MY ICLOUD ACCOUNT?

    I don't care if he is a young idiot... he said he'd do it.

    This isn't attempted very often... so make him an example to other 'wannabe' destructive hackers for money.

    I'd put him behind bars for a few years, if I had been the judge... and then let him evangelize about not being stupid with technology.



  • Reply 15 of 21
    knowitallknowitall Posts: 1,648member
    A hacker involved in an attempt to blackmail Apple with a threat to delete 319 million iCloud accounts and factory reset millions of iPhones and iPads in 2017 has avoided going to prison after a London court handed down a two-year suspended

    ...

    "Albayrak wrongly believed he could escape justice after hacking in to two accounts and attempting to blackmail a large multi-national corporation," said Anna Smith, a senior investigative officer for the NCA. "During the investigation it became clear that he was seeking fame and fortune. But cyber-crime doesn't pay."

    ...

    In emails sent from the Turkish Crime Family group to AppleInsider, the group claimed it had the capability to factory reset 150 accounts per minute, per script, that each server under its control could handle 17 scripts, and that there were 250 servers. Emails sent after the raid claimed Albayrak was innocent and that he "only provided" databases to the group.
    Cyber crime doesn't pay. What a stupid remark.
    edited December 2019
  • Reply 16 of 21
    DAalsethDAalseth Posts: 1,811member
    stevenoz said:
    That kid threatened to WIPE MY ICLOUD ACCOUNT?

    I don't care if he is a young idiot... he said he'd do it.

    This isn't attempted very often... so make him an example to other 'wannabe' destructive hackers for money.

    I'd put him behind bars for a few years, if I had been the judge... and then let him evangelize about not being stupid with technology.



    And I could threaten to blow up the moon and rain the debris down on Earth unless I get one million Beyoncé albums. Should I go to jail for that? What he was threatening was not only not within his ability, it wasn't possible. That's why Apple just turned it over to law enforcement, and never took it seriously.
  • Reply 17 of 21
    netroxnetrox Posts: 1,095member
    I chuckled when he said he demands 1,000 $100 gift cards... as if they're not traceable.
  • Reply 18 of 21
    DAalseth said:
    stevenoz said:
    That kid threatened to WIPE MY ICLOUD ACCOUNT?

    I don't care if he is a young idiot... he said he'd do it.

    This isn't attempted very often... so make him an example to other 'wannabe' destructive hackers for money.

    I'd put him behind bars for a few years, if I had been the judge... and then let him evangelize about not being stupid with technology.



    And I could threaten to blow up the moon and rain the debris down on Earth unless I get one million Beyoncé albums. Should I go to jail for that? What he was threatening was not only not within his ability, it wasn't possible. That's why Apple just turned it over to law enforcement, and never took it seriously.

    Threats, even unrealistic ones, are a form of assault.
    But, we do need to do more to fight these online assaults.   Currently somebody attacks a major organization like Apple or Target -- well, more correctly, they don't attack the organization but the customer data that they hold -- and the organization gets away almost scott free, the lawyers make a ton of money, the perpetrator is seldom caught and faces little punishment if they do.   And, the losers are us.
  • Reply 19 of 21
    dewmedewme Posts: 3,944member
    jd_in_sb said:
    Sounds like Fake Blackmail. He had no capability to do what he threatened to do. 
    I agree, this Dr Evil wannabe was all smoke and bluff with no ability to carry out an attack. Throwing around big numbers doesn't make the bluff real. It's like someone with a .22 pistol threatening to take down the entire US military, or at least the US Army. 

    This guy probably needs psychiatric counseling more than hard jail time. The real problem here is that we have these massive open-loop self-publishing platforms like YouTube, Facebook, Instagram, etc., that allow anyone to spew whatever they want into the collective idiotsphere of twisted and tormented minds that slurp it all up like gravy.  There's no way to control it (although Russia and China are trying to) so it just comes down to individual responsibility, critical thinking, and self regulation. So I guess I'm saying - we're all kind of screwed. 
  • Reply 20 of 21
    nceencee Posts: 856member
    It will happen one day, it will.

    The scary thing isn't the one(s) who makes threats, it's the one(s) who say "I/we just hacked and did the deed instead of telling you what they will do if you don't pay, we decided to do it, so you'll know we are serious" now pay up!

    Back-up or wish you did.

    It is not "If it happens" it is "When it happens" and it will, sadly enough.


Sign In or Register to comment.