Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hacker avoids prison for 2017 iCloud blackmail attempt

Last updated

A hacker involved in an attempt to blackmail Apple with a threat to delete 319 million iCloud accounts and factory reset millions of iPhones and iPads in 2017 has avoided going to prison after a London court handed down a two-year suspended sentence.

Kerem Albayrak, 22 from North London, pleaded guilty to one count of blackmail to a Southwark Crown Court on December 2, and previously admitted to two related counts of "unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer." In sentencing on Friday, the court gave Albayrak a two-year suspended jail term, along with an order to perform 300 hours of volunteer work and a six-month electronic curfew.

The attempted blackmail took place in March 2017, by a group called the "Turkish Crime Family." According to the UK National Crime Agency, which investigated the crime in collaboration with authorities in the US, Albayrak was the spokesperson for the hacker collective.

The group threatened Apple with the factory reset of 319 million user accounts on iCloud, as well as dumping collected databases online if the demand was not met. After contacting Apple Security with the initial threat and not receiving an adequate response within a week, he doubled the demand to $75,000 in cryptocurrency or one thousand $100 iTunes gift cards.

Albayrak also created a YouTube video where he accessed two seemingly random iCloud accounts as a form of proof, which was sent to Apple as well as media outlets. A small collection of UK-based iCloud accounts were also provided to media for verification.

Albayrak was arrested, and a search of seized devices confirmed his involvement in the group. In one conversation, the hacker bragged to the rest of the group that "the attack will happen 99.9%. Even if it doesn't, you're still going to get A LOT of media attention."

He went on to tell investigators of the need for fame. "When you have power on the Internet, it's like fame, and everyone respects you," Albayrak claimed. "Everyone is chasing that right now."

"Albayrak wrongly believed he could escape justice after hacking in to two accounts and attempting to blackmail a large multi-national corporation," said Anna Smith, a senior investigative officer for the NCA. "During the investigation it became clear that he was seeking fame and fortune. But cyber-crime doesn't pay."

At the time of the attempted blackmail, Apple said that its systems were not compromised, with the NCA investigation confirming there were no signs of a breach. Albayrak did have data that could be used in an attack, but it was collected from breaches of third-party services, and most of the accounts were inactive.

In emails sent from the Turkish Crime Family group to AppleInsider, the group claimed it had the capability to factory reset 150 accounts per minute, per script, that each server under its control could handle 17 scripts, and that there were 250 servers. Emails sent after the raid claimed Albayrak was innocent and that he "only provided" databases to the group.



21 Comments

🎁
lkrupp 19 Years · 10521 comments

A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.

🎁
williamh 13 Years · 1048 comments

lkrupp said:
A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.

I can't say it better so I'll just say it again.  This is why this crap continues.

🕯️
1st 18 Years · 428 comments

look like he did get his fame without paying too much.  

🌟
mknelson 9 Years · 1148 comments

lkrupp said:
A suspended sentence, 300 hours of community service, a six month “electronic curfew”, (whatever that means) and staying out of further trouble with the law (reported elsewhere on tech news sites). This is why this crap continues. A slap on the wrist will not deter anything. Hard time behind bars will get some of these asshole’s attention, maybe.

No, it really doesn't. Psychopaths and Narcissists don't think they'll get caught, and don't pay attention to what happens to other people when they get caught.

"electronic curfew" (took one simple Google search) is basically electronic monitoring of his location. Typically that's an ankle bracelet.

🎁
Rayz2016 8 Years · 6957 comments

So that’s the sentence for extortion is it?

Seems that crime does pay.