The Turkish Crime Family, which is actually a London-based hacker group, posted images and a link on its Twitter page to a Bitcoin wallet showing a transfer of $480,000 worth of the electronic currency, just before the deadline on April 7.
That post came shortly after a tweet from the group indicating its negotiator had reached a final agreement with Apple.
“Hello everybody, look what we have here https://blockchain.info/tx-index/239423668 …,” the tweet said.
The link takes followers to a page on the site Blockchain, which is a popular wallet for the untraceable electronic currency.
But the announcement was followed by tweets casting doubt on the successful ransom claim.
“Wow. You paid yourself to make it look like Apple did. Congrats.,” one Twitter critic wrote.
At least one electronic currency expert also said the claim appeared bogus because the Bitcoin transaction was an internal money deposit at a Korean exchange, according to an article in Computerworld.
“We have positively identified that the inputs and outputs of that transaction are controlled by a single Bitcoin exchange,” Jonathan Levin is quoted as saying. Levin's firm, Chainalysis, makes anti-money laundering software, the article said.
The hackers did not immediately respond to a message sent to its media email address, [email protected]
The extortion scheme began more than two weeks ago, when the group notified multiple media outlets that it had obtained user login credentials for hundreds of millions of iCloud, and Apple ID and email accounts.
They threatened to wipe iPhones, iPads, Macs and other devices belonging to the customers if Apple failed to pay a ransom demand, then believed to consist of $100,000 in iTunes gift cards or $75,000 in Bitcoin.
Negotiations continued until the deadline Friday, the hackers allege.
Members of the cybercriminal outfit provided several technology publications with sample batches of the stolen credentials – many of which were found to be real – and images of purported communications with Apple security employees.
“(We) would like you to know that we do not reward cyber criminals for breaking the law,” read one email purportedly from a user with an @apple.com address.
But almost from the outset there were questions about whether the hackers really had as many user credentials as they claimed.
Apple, for its part, denied that any of its systems had been breached.
“There have not been any breaches in any of Apple's systems including iCloud and Apple ID,” the company said in a statement. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
Some observers have speculated that the data was stolen during previous known breaches, like a 2012 theft of user data from LinkedIn, and that the hackers have simply used the same credentials – when possible – to access Apple accounts of people who tend to use the same login information for multiple sites.
“We're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved,” Apple’s statement continued. “To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
Send tips and news to [email protected].