A 22-Year-Old Was Convicted For Attempting To Blackmail Apple For $100,000 In iTunes Gift Cards

An anonymous reader quotes a report from Gizmodo: A 22-year-old boss backed by a gangster cabal of "internet buddies" has been thwarted and convicted in their attempt to blackmail Apple, the UK's National Crime Agency reports. In 2017, London-based Kerem Albayrak made Apple an offer they couldn't refuse: deliver $100,000 in iTunes gift cards or $75,000 in cryptocurrency or kiss 319 million iCloud accounts goodbye. On Friday, a court sentenced him to a two year suspended jail term.

On March 12th, 2017, Albayrak, don of hacker syndicate the "Turkish Crime Family," sent Apple Security and several media outlets a YouTube video showing him apparently logging in to two victims' iCloud accounts. The NCA reports that Albayrak had threatened to factory reset the accounts and sell the database vis-a-vis his "internet buddies," boasting to outlets that he'd had access to 300 million accounts (a figure which was later increased to 559 million). They gave Apple until April 7th to fill their demands, Apple Insider has reported. One week and zero gift cards later, they upped their demands and reportedly sent ZDNet a set of 54 sample accounts. ZDNet confirmed their authenticity, though the plot thickened: at least one account had been compromised years prior. Apple and UK authorities ultimately found that the Turkish Crime Family had not, in fact, successfully compromised the network, and concluded that the data came from an unrelated breach of largely defunct third-party services. Albayrak pleaded guilty to one count of blackmail and two counts of unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer. He was handed a two year suspended jail term, 300 hours of unpaid labor, and six months of "electronic curfew" (an ankle bracelet).

Not a day in jail, huh?

[raymorris]

300 hours community service ain't too bad if you get caught.

Re:

[jellomizer]

But is Apple allowed to make the ankle bracelet?
I am sure Apple can make a fine ankle bracelet, without any plastic parts, and with good quality capacitors.
if they want to save some money they use pack in some Samsung batteries.

Re:

[MightyMartian]

That's a nice internet you got there. Pity if something were to happen to it?

Re:Not a day in jail, huh?

[alvinrod]

I don't know how the sentencing changes for repeat offenders, but unless someone is a serious threat to the people around them or at a significant risk of immediately committing additional offenses, I don't see a lot of benefit of putting people in jail. It doesn't seem like anyone was irrevocably harmed by what this knucklehead did from what I gather.

He's probably screwed out of a lot of careers or jobs for at least a decade just having a record and 300 hours of community service is just shy of 40 days of doing 8-hours of work. It's also necessary to consider that most of his crime was talking a lot of shit that he really couldn't back up.

If we just want to inflict a lot of punishment on people because we feel like they should suffer, we may as well just go back to flogging people in public. It seems about as effective as a detriment as locking people in jail and wastes a lot less of everyone's time. Otherwise we should focus on restitution towards victims and reducing recidivism.

$600 billion - $6 trillion

[raymorris]

I didn't say he should go to jail. I was a bit surprised he didn't.

> If we just want to inflict a lot of punishment on people because we feel like they should suffer

The annual damage from cybercrime is between $600 billion - $6 trillion. In the US, it's $60 billion - $120 billion, or about $625 per household per year. So roughly equivalent to if your house was broken into EVERY YEAR. That's the problem I want to solve. I imagine if your house was burglarized every single year, you'd want to take strong measures to make that stop. Part of handling that problem is to make it clearly not worth the risk for offenders to try.

Probably the BEST value, the most effective way to reduce cybercrime for a given amount of effort, is to stop using social security numbers to authenticate people for opening new accounts. That's what the data breach / identity theft economy is based on. It's based on stealing social security numbers and birthdates in order to use them for opening fraudulent accounts. The system treats the social security number as a secret password - a password you hand out to a ton of people and never change. Fixing that is job number one. I just did a position paper talking about that and a proposal to fix it.

Another important aspect is that this criminal expected to get $100,000. If he's unlucky and gets caught, he has to work 40 days. That's a pretty good bet! Heads you get $100,000, tails you work 40 days. His friends should try the same scheme again, if they are better at math than ethics.

Re:

[alvinrod]

In the US, it's $60 billion - $120 billion, or about $625 per household per year. So roughly equivalent to if your house was broken into EVERY YEAR.

I get that it's a problem, but how much of that actually originates in the U.S. though, because outside of asking other countries to do something to arrest these people, there's not much we can do other than look at prevention measures that you suggest.

The other side of this is how much have you personally been damaged? Sure there's an argument that any businesses that are hit must ultimately pass on expenses to consumers, but if you or I as an individual take steps to minimize potential damages to our o

And people he knows

[raymorris]

I don't necessarily disagree with anything you said. I think this point could stand expansion:

> That just doesn't make much economic sense unless he's going to keep offending again and again in the future

I think you have to look at him AND his buddies. When I was a teenager, I hung around some people who did some stuff. When a couple of the guys got SERIOUS jail terms, some of us decided we didn't want that for ourselves. It's not just about making him stop, it's about the next guy thinking about mayb

Re:

[raymorris]

> The other side of this is how much have you personally been damaged? Sure there's an argument that any businesses that are hit must ultimately pass on expenses to consumers, but if you or I as an individual take steps to minimize potential damages to our own selves then we're making good decisions on a personal level and don't directly benefit much from anything third parties like the justice system might be doing about the problem.

I have to disagree there. You can make all the good decisions you want

Re:

[Lady Galadriel]

...

Probably the BEST value, the most effective way to reduce cybercrime for a given amount of effort, is to stop using social security numbers to authenticate people for opening new accounts. That's what the data breach / identity theft economy is based on. It's based on stealing social security numbers and birthdates in order to use them for opening fraudulent accounts. The system treats the social security number as a secret password - a password you hand out to a ton of people and never change. Fixing that is job number one. I just did a position paper talking about that and a proposal to fix it.

...

Before the turn of the century, the state of Hawai'i used to use your social security number as your driver's license number. Even though it was against both federal recomendations and a violation of your privacy. But, what were you to do? No driver's license, no car.

I'd guess Hawai'i has changed that policy since then.

Re:Not a day in jail, huh?

[jellomizer]

Besides my snarky comment earlier. I don't think Jail time is Just for the punishment, not neither is just community service.

I feel it may be more just for him to owe Apple $150,000 in damages and he cannot get out of it with bankruptcy. So for the next 20-30 years of his life, he will have to pay for his crimes, and in general live a lower quality of life.

Many people with criminal intent, tend to treat their activities like a gamble.
If Apple pays up, I win big.
If Apple does nothing, neutral.
If I get caught, I loose little

Having a Just punishment system around white collar crimes is really needed to deter such activities. Because criminals don't think on why what they are doing is wrong. Just that the system want to punish them if they get caught. Being that he is scamming for money as a reward, a punishment of money is just, as well easier to factor in a cost analysis.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[raymorris]

> Because criminals don't think on why what they are doing is wrong. Just that the system want to punish them if they get caught. Being that he is scamming for money as a reward, a punishment of money is just, as well easier to factor in a cost analysis.

Your overall analysis makes sense. Based on my observations, it seems reasonable to estimate the bad guy gets caught one of every 10-20 crimes. That factors into the risk analysis - they think they probably won't get caught.

If there is a 50% of getting a

Re:

[Impy the Impiuos Imp]

He's probably screwed out of a lot of careers or jobs for at least a decade

I dunno. The two biggest continents and many smaller countries are crammed with computer scammery. "Experienced capo of The Turkish Crime Family" should get the foot in the door of myriad job openings.

Re:

[freak0fnature]

The irony is that many countries that have judicial corporal punishment also have relatively low crime rates. Fear of pain is a deterrent.

Re:

[rldp]

Surprised? Child grooming gangs get similar sentences in the UK.

It's part and parcel. Simple as.

Re:

[raymorris]

Would you say this is pretty consistent? Heads I get to steal $100,000, tails I get caught and have to work a couple months?

If so, that sounds like a good deal for anyone making under $200K from honest work.

iTunes gift cards?

[jellomizer]

I mean if you really want you and your associates to be tracked and complacent in criminal activity. Downloads with cards from these numbers will bring you to the special Apple store, with Apps, which will break into your phone, and less anonymously send your info over to the police.

But being the guy only got community service. I expect his gang is paying off the legal system.

Re:

[jellomizer]

Yes, but that brings it down to 1 degree of separation to the crime syndicate. Who did you buy this from? This guy on ebay (shows the account) or from that guy on the street.

The big part of cyber crimes is the anonymity. To being able to track back 1 or 2 levels of separation makes investigation possible.

Re:

[alvinrod]

They aren't going to use the cards themselves. They would sell them through shady channels and they'd be used by hundreds or thousands of other people around the world. Perhaps you could try to trace the cards back from there to figure out where they've come from, but that's going to be time consuming and isn't guaranteed to be of much help, especially if the cards wind up being sold in multiple different countries.

Then again, this guy seems like a complete idiot so maybe he and his gang would be stupid

Re:

[Impy the Impiuos Imp]

All the better reason to queer the cards in the database. Let it filter back that he sold wrecked cards, and let the crime intermediaries handle the justice.

22 year-old?

[CrimsonAvenger]

Does his age actually matter?

It's not like he's a minor or anything. He's been a legal adult for years....

Re:

[Sumguy2436]

It's Europe. Some groups get treated as minors well into their late 20s around here.

Didn't think this one through

[onyxruby]

This mastermind demanded $100,000 worth of gift cards. Which are all unique and easily tracked through a database. These could readily be disabled or tracked back to their source. Did this guy ride the short bus to school?

Re:

[UnknowingFool]

Many internet scams redeem in gift cards as they can be quickly turned into cash by selling them through third party networks. If you watch any of the YouTube videos where people prank scammers, the scammers want gift cards most of the time. Now these cards being tracked and possibly not redeemable isn’t a concern for the scammers if they got their money from the third party.

Tech ban

[Ryanrule]

Ban him from the internet. He can go build a cabin in the woods and hunt rabbits.

Oh, England.

[RightSaidFred99]

England is one of those places you could mug and beat a 90 year old woman, go on a high speed chase through downtown London and hit a pedestrian, paralyzing him, crash your car into a storefront and your official punishment would be "Her Majesty's Displeasure and a stern, but not overly harsh, talking to."

Illiterate slashdot editor

[ChrisMaple]

This is extortion, not blackmail.