Group Demands Apple Pay
Ransom for iCloud Credentials
Apple has received a ransom threat from a
hacking group claiming to have access to data for up to 800 million iCloud
accounts.
The hackers, said to be a London-based group
called the "Turkish Crime Family," have threatened to reset passwords
and remotely wipe the iPhones of millions of iCloud users if Apple fails to
hand over a total of US$700,000. They have given the company an ultimatum to
respond by April 7.
Apple reportedly has denied that the group
succeeded in hacking its systems, maintaining that it obtained the email
addresses and passwords from previously compromised third-party services. Apple
is working with law enforcement on the threats.
The data set in the iCloud hack matches the data
found in the 2012 hack of 117 million accounts on LinkedIn, according to some
published reports.
However, the Turkish Crime Family strongly
denied that in a message to TechNewsWorld on Friday.
Correcting the Message
The initial reports of a ransom demand of just
$75,000 were incorrect, the group said in response to our email query. It
actually demanded $100,000 for each of its seven members, plus "extra
stuff from Apple that are worth more to us than money," which it promised
Apple it would keep secret.
The group also told TechNewsWorld that the only
member based in London is Kerem Albayrek, who is facing charges related to
listing a hacked Yahoo database for sale. It claimed that its iCloud ransom
demands were in part to spread awareness of Albayrek, as well as of Karim
Baratov, a Canadian residentcharged earlier
this month, along with a second hacker and two Russian FSB agents,
in the 2014 breach of 500 million Yahoo account holders.
The group told TechNewsWorld that it showed
Apple scan logs that contain 800 million iCloud accounts, and that Apple
claimed the data had come from outside sources.
The group said it planned to launch a website
that would list iCloud user names, last names, dates of birth and a captcha of
their current location from an iCloud app.
The site will not disclose passwords initially,
the group said, but it would do so "most probably in the future."
Shaking Down Apple
The Turkish Crime Family threat should be taken
seriously, said Pierluigi Paganini, a cybersecurity analyst and member of the
Cyber Group G7 2017 Summit in Italy.
"I consider the threat is credible, even if
it is quite impossible to know the exact number of iCloud credentials in the
hands of hackers," he told TechNewsWorld.
The group is known in the hacking underground
for the sale of stolen databases, Paganini said.
The group reportedly has approached several
media outlets directly; it told TechNewsWorld that it had been in contact with
five.
However, it is unlikely that the group's efforts
to stir public pressure against Apple will be effective, noted Mark
Nunnikhoven, vice president for cloud research at Trend Micro, in an online post.
Apple is too large and has too many resources to
give in to public pressure, he pointed out.
The group's demands are similar to a shakedown
in the physical world, in which criminals demand monthly payments to
"protect" a business, Nunnikhoven noted.
"In the digital world, the pressures that
make victims pay (e.g. keeping your store in one piece) don't apply,"
Nunnikhoven wrote.
"With iCloud accounts, Apple has the ultimate
safety valve ... they control the infrastructure behind the accounts," he
added. "Which removes most of the pressure points criminals could
use."
There is no evidence of state involvement in
this cyberthreat, Nunnikhoven told TechNewsWorld.
However, there is "mounting evidence that
this is a group whose eyes are bigger than their stomachs," he suggested.
"Selling credentials on the underground is rather commonplace. Attempting
to extort one of the biggest companies on the planet with poor quality data is
quite another."
Credible Threat
A report in ZDNet appeared to lend credence to
some of the hacking group's claims, however. The group provided 54 credentials
to the publication, which were verified as authentic based on a check of the
password reset function.
Most of the accounts were outdated, but 10
people did confirm to the publication that the obtained passwords were
legitimate and that they since had changed them. Those 10 people were living in
the UK, and had UK mobile numbers.
Trend Micro is urging iCloud users to protect
their accounts by using two-factor authentication, and also to use a password
manager.
A password manager helps users create unique
passwords for every account and stores them remotely so that hackers cannot
access one or two accounts and thereby gain access to many more.
The FBI declined to comment for this story.
Apple officials did not respond to our request
to comment, and a Yahoo spokesperson was not immediately available.
This is technology blog providing information about latest technology, tricks and many more.
ConversionConversion EmoticonEmoticon