Gift cards or the iPhone gets it: Hackers threaten Apple with millions of remote wipes

'Turkish crime family' says Bitcoin's also OK

Updated Hackers who claim to have gained access to over 300 million iCloud and Apple email accounts are threatening to wipe user data unless Apple pays a ransom.

The self-styled "Turkish Crime Family" are threatening to remotely wipe millions of iThings unless Apple pays it $75,000 in crypto-currency or $100,000 in iTunes gift cards before a April 7 deadline.

Evidence of the supposed breach is far from conclusive. The hackers provided screenshots of alleged emails between the group and Apple's security team to Motherboard. This has left security watchers sceptical about the alleged breach.

Several researchers are speculating that the whole thing might be an elaborate bluff. Apple denies it has been hacked, and says the login details came from compromised third-party services. In other words, some people's iCloud email addresses and passwords were also used with other websites that have been hacked, leaking shared credentials to crooks who claim they've been able to pop Apple's systems.

Lee Munson, security researcher at Comparitech.com, commented: "Whether the group has the means to do as it claims is debatable – supposed correspondence with Apple and a YouTube video showing the takeover of an account may well have been faked – but what is not up for debate is Apple’s resolve to not pay a ransom to make the group back down.

"While Apple’s stance that it will 'not reward cyber criminals for breaking the law' is the right one to take, I cannot help but wonder if the option to pay $100,000 in iTunes gift cards, rather than $75,000 in untraceable crypto-currency, could have been explored in association with law enforcement."

David Kennerley, director of threat research at Webroot, said: "The big question for Apple is what procedures are in place to prevent the destructive action threatened by the hackers? Without a full understanding of what the hackers really have, the true quantity and how they came by it, everything thereafter can only be a best-guess scenario." Chris Doman, security researcher at SIEM vendor AlienVault, added: "The attackers do seem desperate for publicity. Yesterday a Twitter account (turkcrimefamily) and Website (turkishcrimefamily[.]org) were created in their name, and today they claimed 'The number of Apple credentials have increased from 519m to 627m, we are convinced it will keep growing until 7 April 2017'.

"Apple has some of the best security people in the business, and it seems hard to believe they would have lost control of hundreds of millions of accounts. The attackers may have taken control of a small number of accounts, through everyday iCloud phishing attacks, and used that as 'evidence' to justify their more outlandish claims.

"Apple users should be suspicious of any unexpected messages from Apple asking them to enter their credentials," he added. ®

Updated to add: Representatives of the self-styled Turkish Crime Family have been in touch with El Reg and other media outlets to say that a former member who talked to Vice spoke out of turn. It say it wants $700,000 from Apple ($100,000 for each of its members) not the $75,000 previously reported. It went on to claim that it has obtained more than 600 million iCloud and other Apple credentials.

"200 Million iCloud accounts will be factory reset on April 7 2017," it went on to threaten.

In a Pastebin post, the group claimed it compiled the credentials without any security breach at Apple, hinting that password re-use and a breach at a third-party provider might be behind the problem. As before the group has provided no evidence of substance to substantiate its various claims.

OK, then.


Biting the hand that feeds IT © 1998–2017