Kerem Albayrak, a cyber criminal from North London, has been sentenced to a two year suspended jail term, 300 hours of unpaid work and a six-month electronic curfew in the UK for trying to extort Apple after claiming that he had access to 319 million iCloud accounts.
A prominent member and a spokesperson for a hacker group named "Turkish Crime Family", Albayrak wrote an email to Apple Security in March 2017, claiming that he had access to hundreds of millions of iCloud accounts of Apple's customers and that he would factory reset them if Apple didn't pay him either $75,000 in cryptocurrency or a thousand $100 iTunes gift cards.
Not only did Albayrak create a sense of urgency by increasing the ransom amount to $100,000 shortly thereafter, he also posted his exploits online by sharing videos that showed him accessing two random iCloud accounts.
Rather than responding to him, Apple decided to contact law enforcement authorities in the UK and the US and stated that Albayrak's claims were false as the data he had access to was from previously compromised third-party services which were mostly inactive.
Investigators from the NCA arrested Albayrak from his residence in North London in March 2017 after carrying out a raid and seizing his phone, computers and hard drive that ultimately provided vital evidence concerning his criminal activities.
Albayrak engaged in cyber crime to become famous online
The investigators found that he engaged in cyber crime to gain recognition in the online world and that he believed a win over Apple would result in "A LOT of media attention" for him and his cyber crime group.
"Once you get sucked into it [cyber crime], it just escalates and it makes it interesting when it’s illegal. When you have power on the internet it’s like fame and everyone respects you, and everyone is chasing that right now," he told NCA investigators.
On Friday, Albayrak was sentenced by the Southwark Crown Court to a two year suspended jail term, 300 hours of unpaid work and a six-month electronic curfew, three weeks after he pleaded guilty to blackmailing Apple as well as to two counts of unauthorised acts with intent to impair the operation of or prevent/hinder access to a computer.
"Albayrak wrongly believed he could escape justice after hacking into two accounts and attempting to blackmail a large multi-national corporation. During the investigation, it became clear that he was seeking fame and fortune. But cyber-crime doesn’t pay," said Anna Smith, a Senior Investigative Officer for the NCA.
"The NCA is committed to bringing cyber-criminals to justice. It is imperative victims report such compromises as soon as possible and retain all evidence."
Aussie teenager hacked into Apple's mainframe and stole 90GB data
In September last year, a 16-year-old boy from Melbourne, Australia, was given eight months probation by The Children’s Court after he admitted to hacking into Apple's mainframe and stealing 90GB of data that contained "authorised keys" that granted log-in access to user accounts.
Apple blocked the teenager's access to its mainframe as soon as it got wind of the cyber attack and claimed that the breach did not result in the compromise of any personal information. The hacking took place in 2017 and the teenager pleaded guilty for his activities in August last year.
"Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal system. A mobile phone and hard drive were also seized and the IP address ... matched the intrusions into the organisation. The purpose was to connect remotely to the company’s internal systems," the Crown Prosecutor told the Court.