Breaking the silence on cyber crime

Hacker at computer
(Source: Stockfresh)

For it to succeed, phishing extortion needs ignorance and silence

Print

PrintPrint
Blogs

Read More:

2 September 2019 | 0

Most IT professionals, and indeed many beyond the profession, at this stage have received some kind of phishing email. For some, it might even have been as part of a training exercise to help them identify the phenomenon.

Most IT professionals would probably be fairly confident in their ability in not only identifying the kind of email that asks them to ‘verify’ a credit card account or ‘unlock’ their online bank account after a fraud attempt or some such nonsense, but also in not falling for whatever scam is behind it.

However, when phishing gets a bit more sophisticated and is directed in a more sinister way, it can become a little more complicated.

Phishers have discovered that in the wake of certain cyber attacks, such as that of the affairs web site Ashley Madison, people can be targeted for a vulnerability, just as any software system can. Furthermore, as knowledge of such attacks spreads through the media, even the taint of suspicion can be enough to motivate people to comply with demands.

First, we saw the extortion attempts that were based around accusations of watching pornography. People received emails looking for bitcoin payments or face the threat of exposure of their alleged porn watching habits to their hacked contact list.

Of course, the allegations were entirely spurious, but many people panicked and paid. But human nature being what it is, as these tactics began to produce less and less effect, they methods were kicked up a notch.

Now, emails scream that they have video evidence of the mark watching pornography, and worse, and these videos will be released to the contact list, not just the captured browser history. The criminals say they have been able to hack the in-built cameras in the devices being used to capture the alleged watcher indulging their online habits.

People, again, panicked. Not because they were actually doing any of this, but because the threat has now escalated for the potential damage such an accusation could do.

This situation was informed and bolstered by the fact that there are now well documented cases of people who have been compromised online and have acquiesced to coercion and demonstrated their submission by sending the extortionists a picture of themselves with a shoe on their head. Just look up the shoe on head meme to see many examples.

Still, even as these tactics began to produce less and less effect, the criminals stepped up things again.

All the while, there was another growing phenomenon — that of deep fakes. Initially taking a high level of computing power to execute, these applications allowed video to be manipulated to make it appear as if a person had appeared in a video, and probably spoken, that did not actually happen. A famous example used two-term president of the United States of America, Barrack Obama.  

The march of technology being what it is, the technique was refined, the overhead reduced, and finally open source versions began doing the rounds, and now anyone who can compile an app can grab the code, and begin producing their own deep fakes.

The established pattern also continued with the criminals. The escalation this time was not only that they had video, but now it is video of the mark allegedly watching child abuse material. Unless a fee is paid in bitcoin, the criminals will release videos of the target masturbating while watching child abuse material.

These emails come from hijacked email addresses and use links to compromised web sites that are unwittingly hosting faked videos and the impact can be quite devastating. Now, the threat of a taint of suspicion has escalated to a public accusation with what appears to be documentary evidence. It can be easily understood why people submit.

But of course, the proves does not end there. Extortion is never about just one payment, it is about ongoing extraction. So, once a victim pays up, they are marked as a target for further action and often they are bled quietly dry until desperation sets in and they either inform the authorities or compound their woes by turning to criminality to fund their extortion demands. This is often prompted by the extortionists themselves who recruit the victims as money mules or middle people in cyber crime.

The Gardaí here and Europol have had public awareness campaigns about both knowing and unwitting recruitment to such things, as students in particular, have been caught out and prosecuted when the knock eventually came to their door.

Pasted below is an example of this kind of extortion crime in which I was targeted.  This is the third in a series of escalating threats being made by a criminal, with template emails. Be warned, there is some unsavoury language used.

Now as someone who has been immersed in the messaging of information security for more than 20 years, I was able to confidently take this from my spam folder, where my email client had been able to rightly put it, but how many people might not have been as well informed?

The bitcoin wallet ID has been redacted, as has the address to which to was sent, but everything else is as is.

Incidentally, 0.64129871 BTC as of time of writing is €5,703.59!

The message here is to reveal these attacks and attempts at coercion. It is only in the darkness of ignorance and silence that these attacks can succeed.

It is only by making your users, in a professional and a private manner, aware that these attacks occur and how to deal with them, that you begin to protect your organisation and its people.

By sharing examples and instances, people can understand that they are not alone in being targeted, they are not without support and that they are not going to be publicly shamed.

Garda
Cyber Crime page

Europol cyber crime reporting

Specifics for this type of attempt.

Extortion email:

WAKE UP name@work.com!

Do you really think it was some kind of joke or that you can
ignore me?

I can see what you are doing, pedo.

Stop SHOPPING and fucking around, your time is almost over.

Yea, I know what you were doing on Saturday. I am observing
you.

Btw. nice car you have got there.. I wonder how it will look
with big ‘PEDOPHILE’ stickers..

Because you think you are smarter and can disregard me, I am
posting the 4 videos I recorded with you masturbating to kids right now. I will
upload the videos I acquired along with some of your details to the online
forum. I am sure they will love to see you in action, and you will soon
discover what we do with pedophiles like you.

If you do not fund this bitcoin address with 5.000 GBP by
next Friday, i will contact your relatives and everybody on your contact lists
and show them your pedophilia recordings.

The bitcoin price changed since I last contacted you, here
are the new transfer details:

=====================================

Send:

0.64129871 BTC

to this Bitcoin address:

33So6cHyT7PhX3RTpXkEy**************

=====================================

There are many places you can buy bitcoin like Bitstamp,
Coinbase, Kraken etc. Register, validate your account, buy 0.64129871 BTC and
send to my address – 33So6cHyT7PhX3RTpXkEy************** – copy it and paste.

5.000 GBP = 0.64129871 BTC.

If you want to save yourself – better act fast, because
right now you are FUCKED. We will not leave you alone, and there are many
people on the groups that will make your life feel really bad, you fucking
pedophile.

N1ghTm4r3

Email Ends

Read More:



Comments are closed.

Back to Top ↑