[clug] [LONG] Security: sham internet extortion threat doing the rounds

Ian Bardsley ifb777 at tpg.com.au
Sat Jul 28 05:51:00 UTC 2018 

On 28/07/18 15:37, steve jenkin via linux wrote:
> I took care to strip the HTML copy of the original message, and the list-serv strips attachments as well, to ensure no HTML ‘trackers’ in this email.
>
> There’s another round of internet scams going on.
> They are a sham, but may look real enough to anyone with a guilty conscience and poor tech skills.
>
> It’s a ‘sham’ not a bluff, they’ve not done anything to the purported ‘target’s system - only bought old email address / password pairs and then pretended to have compromised a system.
>
> The virus/RDP attack purportedly used in this scam should only affect Windows computers, which aren’t this group, but you’ll have friends and family who do run Winders and may fall for this.
>
> I’ve included full text so they can see & learn what a ‘sham’ looks like.
>
> cheers
> steve
>
> =================
>
> Before I relied on a Password Manager to create & remember long, random strings everywhere, I’d use some simple passwords on ‘disposable’ website logins. They were easily broken throwaways I could remember and never used where it mattered.
>
> I’d use words like ‘anything’ and ‘everything’ often with ’99’ added, and names with a number, eg ‘44’ added. [the XXXX is such a password]
>
> So one of those passwords  + this email address was in a password list stolen,
> and now we’re seeing petty crims attempting to monetise that information - via extortion, paying via bitcoin.
>
> Possibly part of a gang, but these guys are very low on the totem pole.
>
> All they’ve done is buy addresses & credentials, registered hotmail address(es) & sent barely ’tailored’ emails and created a bitcoin address.
> I've seen similar text before… Not even an original threat.
>
> If these guys haven’t figured out that when they attempt to convert bitcoin to cash, which might include purchasing goods, law enforcement is going to know who they are and where they live, they are mugs. If they use ‘mules’ to convert BTC into cash, that’s still problematic for them.
> If they were for real, each extortion attempt would include a different bitcoin address - a lot of work.
>
> Cashing in bitcoin is a bit like Schrodienger ’s Cat:
> 	you don’t know anything about the inside of the box until it seen by the outside world and then you know for sure.
>
> QED has a term for this:
> 	“Collapsing the wave function”.
>
> The language is bragging, a bit arrogant and overly techno-babble. It’s also probably "English as second language", good but not quite right.
> eg. the ending - "even before time finishes.” vs “even before time is up”
> or the start “come directly to the point”, vs colloquial “straight to the point"
>
> It’s also wholly generic:
> 	there’s nothing specific to me, bar my email-addrs and that old password.
>
> The threat is a sham (not a bluff) as well, in two ways:
>
> - I don’t have a web camera or microphone on my computer by design, for them to hack - and RDP/external access is off + firewall blocked.
> 	- the video content they profess to own cannot exist.
>
> - I looked at the raw MIME for the HTML part, and there is _no_ external linked content for a tracker. I’ve also have auto-loading external content off.
> 	- the ‘tracker’ is B/S. Which is wise, it’d be traceable if there.
> 		And more work to setup and even more work to hide well.
>
> There other problems with their claims:
>
> 	- I’ve never watched video porn. Also, anything good that’s pirated and offered ‘free’ is probably bait for an attack vector, even PDF’s.
> 	- don’t have Winders & RDP,
> 	- nor do ‘keyloggers’ provide access to ‘your screen’ (that’s RDP),
> 	  or are there ‘camera recordings’ automatically in Winders
> 		- they’d have to start the camera & turn-off the indicator, which is a thing.
> 			there are real attacks that do that. Platform specific, though.
> 	- “all my contracts from your facebook”
> 		- yeah, nah. I have a facebook account, with very few contacts - they’ve never looked at it.
> 		- that password is definitely not the XXXX one, so how have they purportedly accessed my facebook account?
> 	- they claim to still be inside my computer, [right at the end] because they’re checking “your web history”. Nah.
>
> They won’t provide “proof of life” without a threat of exposure ("send to 11 of your friends"):
>
> 	- shows they are not operating in good faith.
> 		If they were real, they’d provide proof, but double the price demanded if you checked.
> 		Anyone ‘real' knows that providing any sort of address could lead back to them, it’s kinda tricky to do this extortion over the Net.
>
> 	- if someone is stupid enough to pay them, why would they think the supposed videos would be ‘destroyed’?	
> 		- paying these guys would probably lead to more extortion attempts, even though it’s a sham.
> 		  Even though, for now, the attacks are bogus, paying the demand may lead to a _real_ attack.
>
> 		  If a person _did_ pay, they’ve given up two or three critical pieces of information:
>
> 			- they’re willing to pay and have the means, & are gullible, haven’t sought tech-help, & have something to be ‘leveraged’.
> 			- the email address is ‘live’ & being monitored
> 				[remember, is all a sham. they’ve done NO work, _yet_.
> 			- from the BTC payment, they might be able to extract an IP address. Or if the person replies to the email they’ve got a target addrs.
>
> I feel sorry for anybody that ever falls for a scam like this.
> If the extortionists are at all knowledgeable, they’ll either specifically target the payee and their PC, or sell the information on to those that will.
>
> The “Internet Changes Everything” - even crime & extortion.
> This is so much easier than selling the Harbour Bridge!
>
> ===================
>
> Begin forwarded message:
>
> From: Booker Rowe <mxbrusselmu at hotmail.com>
> Subject: Fwd: XXXXX - stevej098
> Date: 28 Jul 2018 at 04:50:08 AEST
> To: "stevej098 at gmail.com" <stevej098 at gmail.com>
>
> XXXXX is your secret password and I will directly come to the point. You do not know me but I know you and you must be thinking why you're getting this email, right?
>
> I installed malware on adult vids (adult porn) and you know what, you accessed same sex website to have pleasure (know what I mean?). And while you were busy enjoying those videos, your device started out working as a RDP (Remote Desktop Protocol) that has a keylogger which provided me with access to your screen as well as your camera recordings. After that, my software collected all of your contacts from your facebook, as well as e-mail.
>
> What did I do?
> It's simply your hard luck that I am aware of your misadventures. I then put in more time than I should have investigating into your life and created a two view sextape. First part displays the video you were viewing and 2nd half shows the capture from your cam (it is you doing naughty things). As a family man, I want to destroy about you and let you get on with your daily life. And I am about to offer you two options that may accomplish it. Those two alternatives are to either turn a deaf ear to this letter (not recommended), or pay me $7000.
>
> What can you do?
> Let’s investigate above two options in more detail. First Alternative is to disregard this e mail. Let's see what is going to happen if you choose this path. I will certainly send your videotape to all of your contacts including close relatives, coworkers, etc. It will not help you avoid the humiliation your family will must feel when friends discover your unpleasant video from me in their inbox. Wise option is to make the payment of $7000. We will name it my “confidentiality charges”. Now let me tell you what happens if you go with this option. Your secret Will remain your secret. I will erase the sextape. Once you you pay me my fees, You go on with your life and family as if nothing ever happened. You will make the payment through Bitcoin (if you don't know this just type "how to purchase bitcoins" in google search)
>
> Amount to be paid: $7000
> My BTC Address: 19FpG251GbMG1VQZezgpscTYG99rJtJ9CN
> (It is cASe SENSITIVE, copy and paste it)
>
> Note: You have one day to make the payment. (I've a special pixel in this e mail, and now I know that you have read this mail). You need not tell no person what you would use the bitcoin for or they possibly will not offer it to you. The method to get bitcoin may take a couple of days so do not procrastinate. If I don't receive the Bitcoins, I will send out your videotape to all of your contacts including close relatives, co-workers, etc. however, if I do get paid, I'll erase the video immediately. If you need evidence, reply with "yes!" and I definitely will send out your video to your 11 friends. It is a non-negotiable one time offer, thus do not waste my time & yours by replying to this e mail. You should be aware that my tracker will still be tracking what action you are taking when you're done reading this message. Let me assure you that If I see any wrong activity from your web history I am going to send out your video to your friends and family, coworkers even before !
>   time finishes.
>
> --
> Steve Jenkin, IT Systems and Design
> 0412 786 915 (+61 412 786 915)
> PO Box 38, Kippax ACT 2615, AUSTRALIA
>
> mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
>
>
Thanks for sharing this little gem of wisdom

Regards

Ian Bardsley

More information about the linux mailing list