Supposed Hackers Demanding Massive Ransom from Apple

Ray Walsh

Ray Walsh

March 28, 2017

A cybercriminal gang believed to be from London has been demanding ransom money from Apple for over a week. The self-confessed hackers are called Turkish Crime Family, are active on Twitter, and claim that they are seven in number. The nefarious hackers say that they have the credentials for 750 million iCloud accounts in their possession. In addition, the boastful hackers claim that they have managed to verify that 200 million of those passwords work.

Last Wednesday, Turkish Crime Family (TCF) gave Apple the deadline of 7 April to come up with the (original) ransom of $75,000. In return, the hackers promised not to breach the accounts of Apple’s users. Apple’s response was to issue a statement to iPhone and iCloud users, reassuring them that no one has penetrated their systems and that everything is fine.

So, what do Turkish Crime Family claim they will do? According to the hackers, they will erase as many iCloud accounts as they can using those credentials. Doing so would cause chaos for Apple consumers and the firm alike.

Ransom Inflation

Originally, TCF demanded the ransom in either bitcoins or the newer cryptocurrency, ether (a currency that is transacted through the Ethereum platform). In addition, the hacking collective said that Apple could stump up the money in gift vouchers if it preferred (but for the higher rate of $100,000). Now – despite Apple’s claims that all is well – the ransom has been massively raised by the Turkish Crime Family. The sum now being demanded is an incredible $700,000:

“The “$75,000” request is false and was the initial sum for a split of the DB before we decided to do what we’re doing, we requested $100,000 for each of our members which is 7 in total or $1 million worth in iTunes vouchers for instant resale at 60% of the original gift card value.”

While it is possible that TCF is trying to hoodwink Apple into paying the ransom, the seven hackers’ steadfastness is making some people uneasy. In addition, evidence has surfaced that at least some of the credentials that the gang claim to have are genuine. TCF provided the website ZDNet with the login details for 54 iCloud accounts. According to ZDNet, those credentials were real.

As further proof of their ability to get into accounts, TCF released a Youtube video that demonstrates them getting into people’s accounts.

Show Me the Money!

When the story first broke, a spokesperson for TCF made the following comment:

“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing.”

So why isn’t Apple showing any signs of fear? According to a statement made by the tech giant, they have uncovered no evidence that their systems have been hacked. However, Apple has admitted that the credentials may have been acquired in a different manner:

“The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

As such, it seems possible that TCF might actually have what it needs to follow up on its threat. The fact that the hacking collective has put the ransom up is certainly concerning. What is incredibly suspect, however, is how much info we already know about this group of self-confessed hackers. Usually, hackers stay out of the limelight, attempting to disguise who and where they are as much as possible.

Hidden Hand

Tor, proxies, and Virtual Private Networks (VPNs), are the name of the game for savvy hackers: smoke and mirror tactics to attempt to draw the eye away from who the real hackers are. As such, this attack seems somewhat amateur. Zack Whittaker has commented that when ZDNet communicated with TCF, one of the group’s primary motivations appeared to be publicity:

“When we began asking the group questions, the conversation quickly turned to whether or not if CBS News (which like ZDNet is also owned by CBS), would also cover the group’s claims.”

Of course, it is possible that the cybercriminals believe that Apple is more likely to cave under the pressure of consumer fear. It is also possible that, despite the belief that they are based in London, the hackers are in fact playing a cleverer game than thought. The truth is that nobody knows. What we do know, is that Apple is working hand in hand with the authorities to attempt to pinpoint the hackers’ location.

Change Your Password!

One theory is that, because people use the same passwords on different sites, this group of hackers may simply be using passwords gained from previous hacks such as those that happened to Yahoo and LinkedIn.

The Yahoo hack culminated with credentials for millions of accounts being sold on the dark web. In fact, just last week another five million accounts were spotted for sale. As such, it is possible that TCF bought the credentials they intend to wipe iCloud accounts with online.

With that in mind, anybody concerned that Apple might lose control of the situation (should they continue to refuse to pay up the ransom) is strongly advised to change their password. In reality, it is important to change passwords once in awhile anyway. In addition, to be secure from circumstances such as these, it is always best to have secure and different passwords for each subscription or account that you have.

Admittedly, this isn’t always easy, as it can be hard to remember so many passwords. One good solution is to use a reliable password manager, like KeePass. That way you only need to remember one password to access all of your different (complicated) passwords.

In addition, it is possible to set up two-factor authorization for iCloud accounts. Simply go to, log in with your iCloud credentials, and go down to settings. This will stop anybody from being able to access your account even if they get hold of your password.

Ignore the Call

In addition, scammers are piggybacking on TCF extortion attempts in order to commit a scam of their own. Reportedly, people have been receiving calls from scammers who claim to be Apple. These calls are not real, so if you receive one, hang up at once and do not hand over any of your credentials.

What Next?

Perhaps the most intriguing bit of information that has emerged so far, is that at least one of the accounts that has been exposed by the hackers (in an attempt to verify their claims), has a password that has allegedly never been used on another site. This raises the level of intrigue even further. Apple’s statement assures the public that it has not been hacked:

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

A unique password, however, would appear to stand in opposition to Apple’s claim. Or does it? It is possible that this is all part of TCF’s game plan: a large-scale attempt at social engineering.

With that in mind, I would recommend that the authorities look closely at the accounts that have so far been released to the press, and in particular the one with the unique password. After all, if Apple really hasn’t been hacked, then that unique password could be a huge clue: whoever owns that iCloud account could be in on the hustle.

Sky News Interview?

Finally, last night TCF announced on its Twitter account that one of its members was in a Skype meeting with Sky News. So far, 12 hours later, nothing has been released. Hilariously, the tweet claims that a member called Turkish Troy is in a conversation with the media giant – even showing a picture of the alleged hacker in question. Worst hackers ever, or biggest hoaxers ever? For now, you decide.

Opinions are the writer’s own.

Title Image credit: Apple iCloud logo

Image credit: SvedOliver/

Image credit: Irina Strelnikova/

Exclusive Offer
Get NordVPN for only