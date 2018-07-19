Miami Cops Forced To Give $20,000 Back To... >>
by Mike Masnick

Thu, Jul 19th 2018 1:32pm


Filed Under:
blackmail, hacked passwords, shakedown



Hacked Passwords Being Used In Blackmail Attempt -- Expect More Of This

from the isn't-the-internet-greate dept

Last week I received the following email with my name and a very, very, very old password that I haven't used in probably at least a decade in the subject line (even though I'm not longer using it, I'm editing it out of this because... it's still weird):

I am aware, ********, is your pass word. You don't know me and you're probably wondering why you're getting this mail, right?

In fact, I actually installed a malware on the adult videos (adult porn) site and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated working as a RDP (Remote Desktop) having a key logger which provided me with access to your screen and cam. Immediately after that, my software collected all of your contacts from your Messenger, FB, and email.

What exactly did I do?

I created a double-screen video. First part displays the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You'll make the payment via Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address: [REDACTED] (It is cAsE sensitive, so copy and paste it)

Note:
You have one day to make the payment. (I've a specific pixel in this e mail, and right now I know that you have read through this email). If I don't receive the BitCoins, I will send your video recording to all of your contacts including members of your family, colleagues, and so forth. However, if I receive the payment, I will erase the video immidiately. If you really want evidence, reply with "Yes!" and I will send your video recording to your 9 friends. This is a non-negotiable offer, and thus do not waste my personal time and yours by responding to this message.

This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites), there are a whole bunch of other reasons why it was obvious that the email was fake and it would be literally impossible for the person to have whatever it was they claimed to have on me. I found it funny enough that I reached out to some other folks to see if this was getting around, and a few people told me they'd seen similar ones, noting that the final note about sending it to "9 friends" appeared to be an increase from the usual of "5" that they had seen before.

Indeed, Brian Krebs, who is always on top of these things, wrote a story about how a bunch of people got these emails last week. That one only asked for $1400, and also promised to send it to 5 friends. It has a few other slight differences to the one I received, but is pretty clearly sent by the same person/team of people with just a few modifications. Like the ones that Krebs reported on, mine appeared to come from an outlook.com email address. As Krebs notes, he expects that this particular scam is about to get a lot more popular, and will probably use a lot more recent set of passwords:

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

And, at the very least, this scam appears to be working. It's unclear just how many people are receiving these emails -- and how many people are pointed to the same Bitcoin wallet address to pay -- but the one that Krebs included in his post shows a single payment of approximately $2000. When I first got the email the Bitcoin wallet address in the email I received showed no transactions, but I just looked again and there are two transactions, both within a day of when I received the email (one for .23 Bitcoins or ~$1600 and another for 0.3 Bitcoins or ~$2,000).

Of course, this should be a warning for everyone on a variety of levels:

  1. Use a password manager already, and stop saying they're too difficult to use. They are not.
  2. Use 2 factor authentication wherever possible
  3. Cover your webcam with a sticker or tape or something when not in use
  4. Don't believe every stupid threat email you receive
  5. Don't randomly pay money to every stupid emailer who pretends to threaten you
Anyway, it will be worth watching how this particular scam evolves, but as Krebs notes, it's likely we'll be seeing it a lot more often as it seems to hit all the key points for a popular internet scam these days.

Reader Comments

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 1:39pm

    Our company's users rec'd 45 of these emails

    Every email was unique, using different phrasing. Also, each email our users rec'd had a different bitcoin address. I was impressed.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 19 Jul 2018 @ 1:55pm

    Site worth noting:

    https://haveibeenpwned.com/ is a site where you can enter your Email address and have it checked against a number of password leaks. More details (like the actual passwords) only after signing in, basically making sure that the Email address actually is yours. But more details are rarely necessary. If it turns up positives, it's a good idea changing the passwords on the affected sites if you didn't do so since the breach occured.

    I have no affiliation with that site, it did point out one of my accounts that warranted a password change, and I don't see that it should be able to do bad things (apart from address harvesting/verification) if you don't create an account. But if you think or know differently, correct me.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 2:13pm

    I keep trying to get my video out of these fuckers but they never send it :( I reckon i could monetize it as i have a nice c**k.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 3:24pm

    This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites)

    So you use "important" site passwords for adult video sites? Interesting...

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 19 Jul 2018 @ 3:44pm

      Re:

      You might, and I mean might might be a bit strong, be able to read, but your comprehension sucks. The email claimed to have gotten the password from an adult site. Mike says he used that password for unimportant sites. That means that Mike considers his porn sites to be unimportant, but even that is pure conjecture, and I think that he visited an adult site is unlikely, and it is even more unlikely that he supplied that site with a password, one that he used on other sites. Get real.

      Or, much more likely, the spammer got the password from some compromised site that Mike considered unimportant and stopped visiting long ago (or has a new password for), which was in fact not porn. Then the fraudster made a claim that it was taken from an adult site to put fear into the recipient. It does not appear that Mike has fear, which is also supportive of his not visiting adult sites.

      If I had gotten this email, I would just look up that password in my password manager (pwsafe is my choice and works for me in Windows, Linux, and Android and I also see they have IOS versions) and then go to that site and change the password. They would have no video of me, as the tape over my webcam is fairly permanent and that webcam is rarely used. Any video they have would be of the back of the tape, and it would be clear to me that they had not even reviewed what they were threatening me with.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2018 @ 5:51am

      Re:

      I think the real surprise is if Mike used his real email address at a porn site.

      Real people register smurf email accounts that they only ever log into to check for those activation emails to activate accounts on pornography sites.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 19 Jul 2018 @ 3:27pm

    I got almost the exact same email, but mine wanted $1900 and threatened to send the video to 11 friends. That would be a nice trick considering I've never had a camera connected to my computer. :)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Jul 2018 @ 5:27pm

      Re:

      My version: I got almost the exact same email, but mine wanted $1900 and threatened to send the video to 11 friends. That would be a nice trick considering I've never had 11 friends. :(

      reply to this | link to this | view in chronology ]

    • identicon
      Michael, 20 Jul 2018 @ 5:26am

      Re:

      They threatened to sent it to 9 of my friends. Since I don't have 9 friends, I was skeptical, but I figured if they sent it to 9 people, at least one of them would become my friend because I am pretty awesome on camera.

      reply to this | link to this | view in chronology ]

  • identicon
    Mark, 19 Jul 2018 @ 4:07pm

    Oh, you poor, lowly 99%ers... getting your cheap ass extortion threats via... egad... email.

    I guess I'm a 1%er... I get my extortion letters (lovingly printed on pulped trees and sealed in a stamped 1st class envelope) hand delivered to my door by a Uniformed Government Courier. Two letters in the last few weeks.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 4:08pm

    Mike, looks like blue boy found you!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 4:21pm

    I'm a little sad they didn't try to be more specific. I'm really curious what scammers think Mike would be into.

    I'd assume Victorian era role play.

    reply to this | link to this | view in chronology ]

    • identicon
      Christenson, 19 Jul 2018 @ 6:20pm

      Re:

      If Victorian, I’d guess steampunk, lol, with the scandal being him only partially in role!

      reply to this | link to this | view in chronology ]

    • identicon
      Michael, 20 Jul 2018 @ 5:29am

      Re:

      We all know if you had a split screen of Mike and his browser, it would just be him with about 900 tabs open for tech and political news.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 20 Jul 2018 @ 7:34am

        Re: Re:

        According to some people here Mike would be fapping to hundreds of tabs about Google.

        Also, if I produced any disturbing image in your head, you are welcome.

        *shoes self out*

        reply to this | link to this | view in chronology ]

      • icon
        Mike Masnick (profile), 20 Jul 2018 @ 10:36am

        Re: Re:

        We all know if you had a split screen of Mike and his browser, it would just be him with about 900 tabs open for tech and political news.

        While potentially a sad statement on my life... this is incredibly accurate.

        reply to this | link to this | view in chronology ]

  • identicon
    blackturtle.us, 19 Jul 2018 @ 7:15pm

    Clearly not a threat to take seriously...

    I received two of these threats. The wording was about 95% the same as the example in the article. Two days earlier I received a warning from a website where I have an account that their accounts database had been compromised. The details pertaining to a porn site and webcam didn't match any activity I had been involved with and so the threat was obviously bogus. There were other indicators that it was a generic threat, but I'm sure someone somewhere is going to pay up!

    reply to this | link to this | view in chronology ]

  • icon
    techflaws (profile), 19 Jul 2018 @ 9:33pm

    "(I've a specific pixel in this e mail, and right now I know that you have read through this email)"

    No, you don't cause my email client doesn't load anything from the Internet unless I tell it to. Also, f*ck you ;)

    reply to this | link to this | view in chronology ]

  • identicon
    oliver, 19 Jul 2018 @ 11:27pm

    ha ha ha ha ha

    ha ha ha ha ha what a pathetic bunch of loosers!
    I will double-secret-dog-dare them to send this supposed "video" to all of my friends!!!

    That should shut them up quite quickly.

    what a bunch of looses!

    reply to this | link to this | view in chronology ]

  • identicon
    Eddie G, 20 Jul 2018 @ 2:03am

    .

    This is hilarious!...I'm married and don't even VISIT porn sites!....LoL! not to mention I am an I.T. Support Tech...and I PHYSICALLY remove / disable the web-cam from my laptops when I buy them!...So I would actually respond to this email? With the words:

    "Do Your Worst"!....and wait to see what happens!...LoL! There's nothing like being "in the know" and watching these maggots flail about with their idle threats!. Anyone who doesn't cover their web-cam in this day & age?...is just ASKING for trouble. Its no wonder laptop makers are now including ways to "shutter" your webcam. but don't stop there, either cover your microphones too, or else NEVER speak a password aloud! If they can activate your web-cam, who's to say they can't activate your speakers as well? LoL!

    Listen people its not hard, when you buy ANY device whether its a laptop or a desktop or a smartphone? the FIRST thing you should do is protect yourself by any means necessary. Install a firewall / malware / antivirus and be sure to RUN IT,...CONSTANTLY! Even if it might take up some time when you run it? the alternative is to login and find out your bank account has been emptied because someone was able to glean information from your machine. I for one? run Linux on my laptops and have more safeguards in place than an average PC user, so I'm not truly worried, not to mention I don't save passwords in ANY text document but have them stored in the ONE place that can NEVER be hacked! MY HEAD! When you throw in RKhunter, chRootkit, ClamAV, ufw, and the "ultimate" SELinux? (along with the fact that I'm running Kali Linux which is a hacker's "toolkit" of programs!) I don't fear this kind of thing. I guess these people are just desperate?...and hoping to find some elderly person who's easily frightened?

    reply to this | link to this | view in chronology ]

    • identicon
      David, 20 Jul 2018 @ 5:20am

      Re: .

      This is hilarious!...I'm married and don't even VISIT porn sites!

      Talk about a non sequitur... sounds like "I'm married and don't even OWN cookbooks".

      .LoL! not to mention I am an I.T. Support Tech...and I PHYSICALLY remove / disable the web-cam from my laptops when I buy them!...So I would actually respond to this email? With the words:

      You lose. As an I.T. Support Tech you should know that answering to such mails will, if at all, serve only to verify that your address is reachable and responsive for purposes of spamming and scamming.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2018 @ 3:40am

    I read a different article about this and they said that $25K USD had been sent to the bitcoin address.

    Good work if you can get it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2018 @ 7:02am

      Re:

      Someone commented, elsewhere, that the scammers may have primed their bitcoin accounts to look like others had already paid. So it is not necessarily the case that they have gained anything even if there have been payments.

      reply to this | link to this | view in chronology ]

  • icon
    tdlawyer (profile), 20 Jul 2018 @ 4:28am

    Same Scam from "Black Mirror"

    Season 3, episode 3 contains essentially this exact scam, plus a bunch of other dystopian tech stuff (of course).

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 20 Jul 2018 @ 7:29am

    I'd go further with those.


    6- Don't open e-mail attachments unless you are positively sure the person actually sent you.
    7- Use adblockers and, if possible, script blockers since some malware has been served via advertisement networks.
    8- Avoid unknown websites if possible, avoid the ones that are not the usual .com (or the country variant with the country initials), .org, .net. Avoid new ones like .xxx like the plague.

    There must be more points but those came to mind right now.

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 20 Jul 2018 @ 10:04am

    Another tip

    I use a laptop as my main computer and it's plugged into an external monitor while at home.
    The lid is either completely closed or cracked slightly open so I can press the power key- in other words, angled down. So if a hacker did manage to turn on my laptop's camera, they'd get a nice video of my floor... and maybe my feet as I walk by.

    reply to this | link to this | view in chronology ]


