I fell victim to a sophisticated breach of my Apple ID that had a significant emotional and financial impact. As a tech entrepreneur, I understood the importance of multi-factor authentication and the warning signs of SIM swaps, and I had taken precautions. However, despite my vigilance, I became a target of an audacious attack one evening last year, proving that anyone can be vulnerable.
I have been using my Apple ID since its inception and have made substantial purchases of software, movies, TV shows, and hardware over the years. Suddenly, I received notifications of 15,000 login attempts. It was a relentless barrage. I repeatedly denied access, but it persisted.
Then, I received a call from someone claiming to be from Apple technical support. The caller had detailed information about my devices and their usage, including the locations of the login attempts. While many people would find this call credible, something didn’t feel right to me. When the caller said they would send me a code, I refused to give it to them.
Shortly after, I received codes on my phone from the same number Apple had used in the past to send verification codes. Concerned about the situation, I decided to contact Apple directly for clarification. However, the nightmare was just beginning. The attacker had already gained access to my account.
I explained the situation to the Apple representative, but their response shocked me. They essentially told me to accept my losses. As someone with technical knowledge, I understood that my Apple ID may have been permanently lost, but there were bigger issues at stake. I had nonfungible tokens (NFTs) and valuable art that I had held onto for years. I also had access to important corporate and brokerage accounts. Yet, the representative continued to dismiss my concerns and repeatedly told me to accept my loss.
As time was running out, I hurriedly moved my fiat currency to a secure location, but my crypto had already been transferred to a wallet beyond my control and liquidated. Shortly after, I received an anonymous call with a chilling message: “Check your Telegram.”
I received messages stating that my Apple ID and assets would be returned if I provided the phone numbers and email addresses of three other individuals. However, I refused to comply, informing the attacker that they had targeted the wrong person.
In an attempt to raise awareness about my situation, I started tweeting about it. This caused the hacker to panic and threaten to leak pictures of my four-month-old daughter. Fearing for her safety, I took down the tweet.
The messages continued, and eventually, I was told that I would regain access to my Apple ID if I refrained from posting online for 48 hours. However, three days later, the attacker changed their demands once again, demanding $50,000.
The attacker revealed to me that they typically targeted individuals involved in illicit affairs or possessing sensitive information to extort them. This revelation filled me with dread.
For the next three months, the attacker continued to extort and terrorize me, all while I had to hide the stress from my wife and daughter. To make matters worse, my Amex and Chase withdrawal limits were reduced, and my credit rating suffered.
Nevertheless, I persevered and engaged in conversations with the person who had stolen my identity, gathering substantial evidence against them.
Unbeknownst to me, law enforcement was already closing in on the attacker. They were already under investigation for a SIM swap scheme, and detectives soon realized that my case was just the tip of the iceberg. By tracing the stolen funds used on Cash App and Venmo, investigators were able to connect the dots and identify me as a victim. When an FBI agent contacted me, I provided a detailed description of the perpetrator, which was enough to obtain a warrant. They apprehended the individual, who was in possession of my Apple ID.
Further investigation revealed that there were approximately 20 other victims, predominantly women. The attacker had coerced many of them into engaging in explicit activities. The sentencing officer who contacted me expressed her shock at the severity of the crimes committed by the hacker, stating that she had never encountered someone so reprehensible.
I was the only victim who had the courage to speak out and provided a written statement to the court. The impact of my words was significant, leading the judge to double the hacker’s sentence to eight years without parole, despite their guilty plea and cooperation with law enforcement. A federal case is still pending, ensuring that the attacker will remain behind bars for a considerable period. It is a tragic waste of a life.
Based on my experience, I am determined to prevent this from happening to others. I am about to receive a refund from Apple for all the purchases I made over the past two decades as compensation. In light of this, I would like to offer some tips for other victims:
1. Maintain a strict timeline and take detailed notes of all interactions related to the incident.
2. Ensure that law enforcement officials you speak to also document the details of your conversation.
3. Write down the date, time, name, and contact information of any law enforcement officers you interact with.
4. Contact local police and provide them with a thorough account of what happened to you.
5. File a detailed report with the Internet Crime Complaint Center (IC3) to assist federal authorities in apprehending the criminals.
Having experienced the devastating consequences of having my digital life stolen in an instant, I firmly believe that decentralized identities, where personal data is fully encrypted and stored in secure wallets, are the only solution. These digital identities will form the foundation of Web3, allowing us to verify the identities of those we interact with. Our current communication infrastructure is woefully inadequate, and a true digital identity empowers individuals to take control of their own data and protect their financial information.
I hope that by sharing my story and offering these insights, I can prevent others from falling victim to similar attacks.