Did Apple quietly pay off hackers to secure your iCloud?
The group, calling themselves the Turkish Crime Family, claimed to infiltrate Apple security and had access to millions of account names and passwords.
A few weeks back, news broke that hackers were claiming to hold millions of iCloud accounts hostage. They were threatening to reset the accounts and wipe all data from them. The group, calling themselves the Turkish Crime Family, had claimed to infiltrate Apple security and had access to millions of account names and passwords.
An online news and conversational site, Motherboard, broke the piece in March claiming that they had been contacted directly by the group. The group provided the site with screenshots of email strings between the group and the Apple security team. It also provided a YouTube video showing the group accessing an account of what seems to be an elderly woman and remotely deleting the contents.
Details were sketchy about the hack
At first, the group was threatening to restore over 300 million accounts to their factory settings. Doubts were raised about the validity of the hack as the number more than doubled to 627 million accounts within a few days. It was claimed that various other hackers were stepping forward to assist in the operation and had account information of their own.
The ransom amount was also uncertain. The initial ransom demand was $75 000, in any online currency including Bitcoin or Ethereum. A subsequent demand was later released at over $400 000.
Apple gave very little response to the hack
Apple refused to comment on the claims at first. But eventually, they came back denying the hack to their systems. They have insisted that there are no breaches. They did, however, shift the blame to third party services. In a statement from an Apple spokesperson, they claimed to not be involved in the matter.
“There have not been any breaches in any of Apple’s systems, including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
The Turkish crime family claim payment was made
Hello everybody, look what we have here https://t.co/I3B0wh1Udv
— Turkish Crime Family (@turkcrimefamily) April 7, 2017
The hackers had given Apple until 7 April 2017 to pay the ransom and, in the days leading up to this, had become increasingly vocal on Twitter. Apple, however, seemed to make no move and appeared to have stepped away from the controversy.
On the evening of the 7th, the group claimed victory in the matter. They posted an address showing hundreds of Bitcoins had been posted in their wallet. The post indicated that a total of 401.731 bitcoin was paid in the early evening of 7 April. This is equivalent to R6,731,059,044.50! There are doubts, however, that the payment was in fact made by Apple due to their silence in the matter.
Data breaches cost companies millions
Many theories have been circulating that the company decided to quietly pay the hackers off without causing a media storm. This could be very likely due to the controversy caused by a hack of this type. The sheer reputational damage to the company could cost it millions of dollars. It could also lose the company millions of customers and result in them being made vulnerable to lawsuits.
There are hundreds of corporate giants who have, in the past, fallen victim to hacks and cyber attacks. Not only did it cost the companies millions in damages, but these attacks have created PR storms that have taken years to recover from. In a hack in 2014, for example, eBay had the personal information of more than 145 million users stolen, including login credentials and physical addresses. It cost the company more than $200 million. In the same year, Russian hackers stole the information of more than 76 million client accounts from JP Morgan. The cost to the bank is estimated at $1 billion, despite spending a $250 million annual budget on cyber security.
So, the question remains, did Apple weigh up the risks of a billion-dollar controversy and simply quietly pay the hackers? Or was this a ploy by an organisation to get their name on the map? What do you think?
Brought to you by CompareGuru