A 22-year-old Londoner has been convicted of attempting to blackmail Apple out of $100,000 worth of iTunes cards after falsely claiming he had access to 319 million iCloud accounts.

He variously threatened to sell access to the account details, and to reset all the accounts…

Apple reported the extortion attempt to law enforcement agencies in both the US and UK, and Britain’s National Crime Agency (NCA) led the investigation.

Officers from the NCA’s National Cyber Crime Unit arrested Kerem Albayrak at his home address in north London. Digital devices were seized including his phone, computers, and hard drive.

NCA investigators found phone records showing Albayrak was the spokesperson for a hacker group calling themselves ‘Turkish Crime Family.’

He bragged to the group ‘the attack will happen 99.9%. Even if it doesn’t you’re still going to get A LOT of media attention.’

Apple said there was no evidence that Albayrak or the TCF had compromised any accounts, and the NCA confirmed this. Albayrak appears to have been something of a Walter Mitty character.

The NCA investigation also confirmed the findings of Apple that there were no signs of a network compromise. The data Albayrak claimed to have was actually from previously compromised third-party services that were mostly inactive.

When asked about some of his activities, Albayrak told NCA investigators ‘once you get sucked into it [cybercrime], it just escalates and it makes it interesting when it’s illegal.’

The fame-hungry cybercriminal went on to say, ‘When you have power on the internet it’s like fame and everyone respects you, and everyone is chasing that right now.’

The NCA said that it is important for other firms threatened in this way to follow Apple’s example and report the crime.

Albayrak wrongly believed he could escape justice after hacking in to two accounts and attempting to blackmail a large multinational corporation.

During the investigation, it became clear that he was seeking fame and fortune. But cybercrime doesn’t pay.

The NCA is committed to bringing cybercriminals to justice. It is imperative victims report such compromises as soon as possible and retain all evidence.

Albayrak was convicted of the attempt to blackmail Apple and sentenced to two years in prison, but this was suspended subject to carrying out 300 hours of unpaid work, complying with a six-month electronic curfew and staying out of further trouble with the law.

The extortion attempt was originally made in 2017 but can only be reported following the conviction.

Source: 9to5mac