Checking passwords from the hacker base iCloud

Apple has been the victim of ransomware. This is a very strange story, which began as a farce, but now everything does not look so straightforward. The group of hackers, who calls herself Turkish Crime Family , initially announced the theft of 559 million iCloud and Apple ID accounts - and demanded that Apple pay $ 75,000 in Bitcoin or Ethereum, or $ 100,000 gift cards from iTunes. The deadline is April 7th. After that, the hackers allegedly begin to "kill the hostages," that is, reset accounts to factory settings.

At first it looked pretty funny. It seems that this is the first case of extortion from a computer company, when attackers regard the base with user passwords as a kind of “hostage”. They even posted a video with threats on YouTube, where some old women log in to the iCloud account.

On March 21, 2017, hackers contacted the Motherboard edition and showed correspondence with the Apple security department and gave access to the mail account from which the correspondence was conducted. The correspondence was conducted about 10 days ago. A security officer asked hackers for a sample of accounts to check. He also asked them to first remove the video from YouTube, so as not to bring the conflict to the public. And he warned that the company does not pay criminals for violating the law, and a copy of the correspondence with them will be sent to law enforcement agencies.
')
Apparently, after that, the hackers broke off communication with the security department and decided to make the case public. Probably, they contacted not only the Motherboard, but also other media. In fact, the Computerworld publication also spoke about the claims of the Turkish Crime Family, and in a conversation with them the hackers already spoke about 627 million iCloud accounts with passwords. Allegedly, a friendly hacker group fit into the business and provided its base. Accordingly, the redemption amount now increases from $ 75,000 to $ 150,000 in Bitcoin or Ethereum.

A spokesman for Apple then confirmed to the Motherboard that there was no question of any payment, and the list of email addresses with passwords was probably obtained from outside sources. There are many different password databases on the Internet. However, the number of passwords in the database is impressive. 627 million passwords are difficult to collect from third-party databases. In communication with Computerworld, “Turkish” extortionists said that more than 220 million passwords were verified and give access to iCloud without two-factor authentication. Hackers said they checked many passwords using automated scripts and a large number of proxies to avoid blocking Apple.

The story began quite funny, but the arrogance and perseverance of the extortionists is truly surprising. They behave so confidently, as if they really have such a base.

Further, “Turkish” hackers told Computerworld that they do this, among other things, to spread information about Karim Baratov, a Canadian citizen who faces a large prison term in the United States. The US authorities accuse him of penetrating Yahoo’s infrastructure and stealing a base with 500 million accounts ordered by two FSB officers (the fact of hacking really was, but Baratov’s involvement has yet to be proved in court).

At the same time, Apple has officially stated in the media that there was no hacking and it is not going to pay anything. If hackers have any passwords, they are obtained from compromised accounts from third-party sources.

On March 23, the group published a statement on Pastebin , in which it described the current situation and its intentions. The hackers said that no one talked about hacking, so Apple’s statement does not make sense. Hacking really was not, but it does not change anything in the claims of the Turkish Crime Family. They say that for five years they have been collecting Apple accounts from various databases. Now they supposedly have a base with 750 million accounts (the numbers are growing - approx. Ed.), Of which 250 million have already been checked for validity, and the scanning continues. The hackers say that they re-scan the database, where they changed the first letter of the passwords to the upper-case one, and significantly increased the validity of the passwords compared to the first scan.

In a statement, the Turkish Crime Family warned that from April 7, 2017, their scripts will begin to reset to the factory settings of 150 accounts per minute for each script. At the moment, the hacker server allows you to run 17 scripts, so every minute every server will be deleted 2,550 users. With 250 servers, this means 637,500 accounts per minute or 38,250,000 accounts per hour.

Hackers constantly mention older users. Probably, they hint that many Apple users will not be able to change passwords until April 7 and protect themselves from the actions of intruders.

In the meantime, journalists from ZDNet have received 54 accounts at their disposal, allegedly from the iCloud account database - and all of them turned out to be valid . Journalists were able to contact the owners of 10 of 54 accounts. They confirmed the correct passwords and changed them. All of them are residents of the UK. All of them also said that they have never changed the iCloud password since the account was opened. Many people used the same password in different services, although three said that they had a unique password on iCloud (probably they are lying - editor's note).

Of course, this says little. Maybe hackers have nothing more than the 54 passwords. In addition, these were quite old icloud .com accounts, as well as very ancient @ me.com and mac .com.

In any case, Apple has several options for how to protect its users from a massive reset of accounts to factory settings.