iCloud Hacker Demanded $175,000 Ransom to be Paid in Bitcoin

A hacker who filmed himself accessing Apple iCloud accounts has appeared in a U.K. court.

Kerem Albayrak had demanded around $175,000 in ransom be paid in Bitcoin and Apple iTunes vouchers for the non-disclosure of sensitive user data.

Apple Hacker Charged in Connection with Bitcoin Blackmail

An IT analyst from north London has been charged with one count of blackmail and two counts of unauthorised acts intending to hinder access to a computer. Albayrak appeared at Westminster Magistrates’ court where he was granted unconditional bail until his case is heard at Southwark Crown Court on November 14.

According to a report in the U.K.’s Daily Mail, Albayrak had recorded himself hacking into iCloud accounts and posted the footage on YouTube. He then contacted Apple and demanded $170,000 to be paid in Bitcoin and iTunes vouchers. He warned the global tech giant that he would disclose the personal details taken from the 319 million users’ accounts he had gained access to if they did not meet his demands.

During court proceedings today, it was revealed that Albayrak initially requested around $75,000 before upping his demands to double that figure. He finally settled on $174,000 in Bitcoin and around $1,000 worth of iTunes vouchers.

The prosecution’s legal representative, Lorna Vincent, stated:

“Mr Karem Albayrak is accused of sending emails to Apple making financial demands for downloading database iCloud accounts and factory resetting those iCloud accounts… He entered into the accounts of the alleged victims and posted a video of his hack onto YouTube.”

Albayrak is far from the first to make such ransom demands on big companies. His efforts are reminiscent of last year’s WannaCry ransomware attack. Based on the same principle of blackmailing firms with threats of releasing sensitive data, the malware attack infected hundreds of thousands of computers across the globe. The hacker behind it was able to evade authorities for over a year, but was arrested last month.

In a number of decidedly more analogue attacks, people replaced data as the cornerstone upon which to leverage Bitcoin blackmails. In July of this year, a businessman from Cape Town was kidnapped and a demand of 50 BTC was made for his safe return. Liyaqat Parker was returned to his family in September. It is unknown if the ransom was met.

Likewise, in Ukraine last December, a crypto-analyst from the EXMO exchange platform was also kidnapped. Once again, those responsible demanded Bitcoin for his safe return. In this example, the demands were met and Pavel Lerner was returned just days later.

Fortunately, authorities were able to track Albayrak down before any harm could be done with the data he reportedly managed to access. This is hardly surprising, given how amateurish the young hacker went about coordinating his attack.