Last week, Motherboard first reported that a group of hackers calling themselves the Turkish Crime Family was attempting to extort Apple. The group has threatened to remotely wipe a number of Apple devices via alleged access to corresponding iCloud accounts, unless the company pays up.
The reason this was an interesting story in the first place was because the hackers deliberately went to the media, ostensibly in an attempt to place more pressure on Apple. Now, it appears the hackers have created a feedback loop of sorts, by promising exposure for other groups or individuals in exchange for access to more Apple accounts.
"I can guarantee you at least 10 articles from the world's biggest news media outlets/agencies," someone in control of the Turkish Crime Family Twitter account allegedly wrote in a direct message to paid breach notification site LeakBase. LeakBase has given Motherboard legitimate database samples in the past, and provided alleged screenshots of the conversation.
"You pay us and provide us all @icloud.com, @me.com and @mac.com extension Apple domain combo lists/dbs [lists of email addresses and passwords] and we'll promote the fuck out of your website," the message adds, before allegedly asking for $3,000 from LeakBase.
Last week the Turkish Crime Family told Motherboard its collection of accounts relied on breaches from websites and services other than Apple, and analyses of relatively small datasets indicate that is how the hackers are allegedly able to log into some accounts.
The Turkish Crime Family confirmed in an email they were trying to exchange media exposure for more compromised accounts.
Hackers taking advantage of the media in extortion attempts is a novel and growing approach. Recently, a hacking group called The Dark Overlord breached a slew of companies, stole their data, and then took the data to journalists in order to pressure victims into paying ransoms. From all accounts, the Turkish Crime Family is following a similar strategy: after Motherboard first reported the news of the extortion attempt, someone from the group sent a copy of the article to Apple, along with the message, "They're gonna keep coming."
Media coverage of the group and its activities has exploded over the past week, with outlets across the world picking up on the story. Unfortunately, many publications included the alleged number of iCloud accounts in their article headlines, even though little evidence has been provided that the hackers have access to anywhere near that number of accounts (ZDNet did obtain two sets of credentials of varying size). Motherboard is not printing the total number of alleged accounts in this article, as the claims are still unsubstantiated.
As the Turkish Crime Family allegedly wrote in their message, "The media outlets write whatever we tell them."
Update: This piece has been updated to include comment from the Turkish Crime Family, and the headline has been adjusted accordingly.