Kerem has been charged with the crime of data breach and blackmailing and has been sentenced 2 years of jail imprisonment, and 300 hours of community service (unpaid). Two years back, in March 2017, Kerem e-mailed Apple company’s safety unit, declaring to have hacked more than 300 Million iCloud accounts of Apple users. To strengthen his claim, Kerem showed him hacking two iCloud accounts in a video that he uploaded on Youtube. The hacker blackmailed to trade the iCloud accounts’ data, drop his data on the internet and restore the iCloud accounts if he was denied by Apple to give his iTunes bonus voucher-request. Kerem also agreed to accept cryptocurrency as a payoff, saying he would accept a return of $75,000, but later raised it to $1,00,000. 2 weeks after the threat was sent, Kerem was caught in his house in north London, by the London police.
The attack is called Credential Stuffing-
Apple examined his allegations but was unable to obtain any solid proof that the users’ iCloud accounts were hacked. “The hacker collected passwords and e-mail addresses from different aids, that were exposed recently on charges of the data breach,” says UK’s National Crime Agency in its inquiry. It further says that the hacker sought his chance, checking whether the user had similar iCloud accounts and passwords. The attack is known as ‘Credential Stuffing,’ which allows the process to complete faster.
While the investigation was in process, Kerem told the investigators, “You have fame and everyone starts to respect you, once you have power on the internet.” Along with the 300 hours of unpaid community service, Kerem has also received an electronic curfew of 6 months. “Kerem thought that he could avoid prosecution when he hacked 2 iCloud accounts and blackmailed Apple, an MNC giant,” says Anna Smith, senior investigative officer, NCA.