After news had emerged earlier this week that a hacker group called Turkish Crime Family (TCF) is holding millions of Apple ID accounts for ransom, Apple said that its servers and databases were not hacked. Instead, the company said that hackers may be using user databases acquired from massive data breaches that affected other parties, such as LinkedIn.
Since the initial disclosure, the TCF reached out to media to provide additional details about their anti-Apple quest, explaining some of their reasoning behind the attack.
In an email from a TCF domain to BGR that was likely distributed to other members of the media, the hackers say they’re still committed to unleashing the attack come April 7th, unless Apple pays up.
The message, which reads like an ad-hoc press release coming from a hackers startup — the email does come from a “press” email account — explains that the report that said the hackers want $75,000 in ransom is false. The hackers also claim that all the communication with Apple was done via ICQ, and all the chats were kept private.
“[We] requested $100,000 for each of our members which is 7 in total or $1 million worth in iTunes vouchers for instant resale at 60% of the original gift card value + Some private stuff that we have agreed not to publicize as we believe it may ruin Turkish Crime Family and Apple relations,” the hackers say. “The second thing is worth more to us than money.”
The hackers say that Apple will force users to reset their passwords to stop them and avoid “serious server issues and customer complaints.”
The TCF group claims it can reset some 2,550 iPhones per minute per server, which amounts to over 38 million accounts per hour. As for the number of affected accounts, it was bumped “from 519 million to 627 to then 717 million.” A Twitter account for the group mentioned that 200 million iCloud accounts will be factory reset.
200 Million iCloud accounts will be factory reset on April 7 2017
— Turkish Crime Family (@turkcrimefamily) March 21, 2017
Why are they targeting Apple? Well, strangely enough, this appears to be some sort of retaliation for the recent measures the Department of Justice has taken against the four hackers that breached Yahoo in 2014, an attack that may have affected more than 500 million users.
“We’re doing this because we can, and mainly to spread awareness for Karim Baratov and Kerem Albayrak which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America,” the hackers said. “Kerem Albayrak on the other hand is being accused of listing the Yahoo database for sale online.”
The group says this isn’t a political attack, and that the TCF is a new criminal organization with a lot of resources and power. “This is just the start,” they say. They even have a media department.
The attack on Yahoo was actually a military operation conducted by Russia, the FBI’s investigation proved, so it’s strange to see the hackers claim this isn’t political.
Is this threat real? That remains to be seen. I think it’s rather unlikely for this massive remote iPhone wipe to happen. Not because Apple confirmed its servers were not hacked but because of this whole messy PR campaign coming from the hackers. But fo yourself a favor and change your Apple ID password especially if you’ve been using it for any of the online services that were hacked in recent years.