A twenty-two-year-old hacker has agreed that he tried to threaten Apple company by alleging that he had data of accounts of millions of iPhone users and that he would destroy these accounts if not given the ransom. The hacker is known to be Kerem Albayrak, living in North London, who scared to clear more than 300 million Apple users' iCloud accounts, demanding that the company gave him iTunes reward vouchers amounting to £76,000 ($1,00,000), as a ransom. However, while enquiring about the issue, Apple discovered that Kerem's claims were false, and he didn't jeopardize the company's safety system.
Kerem has been charged with the crime of data breach and blackmailing and has been sentenced 2 years of jail imprisonment, and 300 hours of community service (unpaid). Two years back, in March 2017, Kerem e-mailed Apple company's safety unit, declaring to have hacked more than 300 Million iCloud accounts of Apple users. To strengthen his claim, Kerem showed him hacking two iCloud accounts in a video that he uploaded on Youtube. The hacker blackmailed to trade the iCloud accounts' data, drop his data on the internet and restore the iCloud accounts if he was denied by Apple to give his iTunes bonus voucher-request. Kerem also agreed to accept cryptocurrency as a payoff, saying he would accept a return of $75,000, but later raised it to $1,00,000. 2 weeks after the threat was sent, Kerem was caught in his house in north London, by the London police.
The attack is called Credential Stuffing-
Apple examined his allegations but was unable to obtain any solid proof that the users' iCloud accounts were hacked. "The hacker collected passwords and e-mail addresses from different aids, that were exposed recently on charges of the data breach," says UK's National Crime Agency in its inquiry. It further says that the hacker sought his chance, checking whether the user had similar iCloud accounts and passwords. The attack is known as 'Credential Stuffing,' which allows the process to complete faster.
While the investigation was in process, Kerem told the investigators, "You have fame and everyone starts to respect you, once you have power on the internet." Along with the 300 hours of unpaid community service, Kerem has also received an electronic curfew of 6 months. "Kerem thought that he could avoid prosecution when he hacked 2 iCloud accounts and blackmailed Apple, an MNC giant," says Anna Smith, senior investigative officer, NCA.
