Got a ransom note from a bitcoiner?

[Musicat]

Anyone get a ransom note from someone, asking for bitcoin? I just got one from a mailer at outlook.com, claiming that if I don’t pay up, he will send a video to all the names in my contact list, showing all the porn I have been watching, and showing my face from my computer’s cam.

Since my computer doesn’t have a cam, at least part of this is fake. And if he sends out that video, I hope he sends me a copy so I can see what I have been supposedly watching.

He does supply one piece of info that would be hard to find out or guess. That makes me a bit unnerved. However this fucker ain’t gettin’ no bitcoin from me.

Anyone else deal with this?

[beowulff]

Yeah, I’ve been getting these emails for a week or so.
Since they are clearly a scam, I’m ignoring them.
ETA: they have an old password of mine that must have been compromised years ago.

[Musicat]

beowulff:

ETA: they have an old password of mine that must have been compromised years ago.

But the fact that they have any password, even an old one, suggests that some of their claims might be true, like installing a password logger on a porn site.

Since I don’t use the same name or same password for most sites, knowing one isn’t going to get this dude very far, but…

[beowulff]

Musicat:

But the fact that they have any password, even an old one, suggests that some of their claims might be true, like installing a password logger on a porn site.

Since I don’t use the same name or same password for most sites, knowing one isn’t going to get this dude very far, but…

Do you actually have an account on a Porn site?
If so, that might be cause for concern.
But, really, the whole email sounds like a scam to me, and the fact that I have received it several times already from different email addresses and with different bitcoin addresses just screams “Scam!”

[Quartz]

Musicat:

He does supply one piece of info that would be hard to find out or guess.

This is an old password, right? It comes from a hacked site and you changed that password, didn’t you?

[TruCelt]

Send copies here:

FBI cybercrime tipline

[Skywatcher]

Seems to be common enough; the IT people at the Department of Commerce (whose umbrella I’m under) sent a warning to all employees under their umbrella this morning. The email references this article: https://www.mirror.co.uk/tech/phishing-scam-knon-sextortion-using-12928730.

[Musicat]

Here’s an excerpt from the email.

I setup a malware on the 18+ streaming (adult porn) website and do you know what, you visited this site to experience fun (you know what I mean). When you were viewing video clips, your browser initiated operating as a Remote Desktop that has a key logger which gave me accessibility to your display as well as cam. after that, my software program collected every one of your contacts from your Messenger, social networks, and e-mail . Next I made a video. First part displays the video you were watching (you have a fine taste haha . . .), and 2nd part displays the view of your webcam, & it is you.

The only porn sites I have visited do not use this name or this password, although in 25 years of Internet use, who knows what was used and what sites were hacked.

Does any of his text make sense as a possible operation, like “Browser initiated operating as a Remote Desktop that has a key logger…”? Or is that simply scare ware?

A Malware scan of two of my computers shows nothing amiss.

First googing turned up nothing, but further googling shows this as a likely culprit.

[Skywatcher]

Skywatcher:

The email references this article: https://www.mirror.co.uk/tech/phishing-scam-knon-sextortion-using-12928730.

Weird, somehow a letter got dropped out of that link. Here’s the correct one: https://www.mirror.co.uk/tech/phishing-scam-known-sextortion-using-12928730.

[Musicat]

I would laff it off except for the password data. Here’s how that might have happened, from the same site I referred to previously:

ALSO, it seems to be tracking that the passwords that are being cited in the extortion email are from the LinkedIN password dump in 2016. It may in fact be a melange of dumps but it seems since these are being targeted at corporate email accounts it makes sense that the adversary is using this dump cleverly.

I dropped LinkedIn about >5 years ago, but it’s possible that password was used on it. I dropped it not for security reasons, but because it was a great timewaster. Unfortunately, I don’t have a record of my login and password from the old LinkedIn account, but this one is a possibility.

[kenobi_65]

I got pretty much the same email that you did, Musicat, earlier this week. It contained a reference to a password I’d used several years ago, as well.

[RealityChuck]

Someone at work got one the other day. Here’s the text.

some phisher:

I’m going to cut to the chase. I am aware XXXXXXX is your pass word. Most importantly, I’m aware about your secret and I’ve evidence of this. You don’t know me and no one paid me to investigate you.

It’s just your misfortune that I came across your bad deeds. In fact, I actually installed a malware on the adult videos (sexually graphic) and you visited this website to have fun (you know what I mean). When you were busy watching video clips, your internet browser started operating as a Rdp (Remote control desktop) having a keylogger which gave me access to your screen and also web camera. Just after that, my software obtained your complete contacts from messenger, facebook, as well as e-mail.

Next, I put in much more hours than I should’ve looking into your life and created a double display video. 1st part shows the recording you had been watching and second part displays the capture from your cam (its you doing nasty things).

Honestly, I want to forget about you and allow you to move on with your daily life. And I am about to present you two options that can achieve that. Those two choices are to either ignore this letter, or perhaps pay me $2900. Let us investigate these 2 options in more details.

Option One is to ignore this email. Let me tell you what is going to happen if you choose this option. I will send out your video to your entire contacts including members of your family, co-workers, and so on. It doesn’t help you avoid the humiliation you and your family will ought to face when friends uncover your dirty details from me.

Option 2 is to make the payment of $2900. We will name this my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll delete the recording immediately. You move on with your lifetime like nothing like this ever occurred.

Now you may be thinking, “I will go to the cops”. Without a doubt, I’ve taken steps in order that this e-mail can’t be traced returning to me and it will not stop the evidence from destroying your health. I am not looking to break your bank. I just want to be paid for efforts and time I put in investigating you. Let’s assume you decide to make this all disappear and pay me the confidentiality fee. You will make the payment through Bitcoin (if you don’t know how, search “how to buy bitcoins” in google search)

Required Amount: $2900
Receiving Bitcoin Address: <redacted>
(It is case sensitive, so copy and paste it carefully)

Tell nobody what you will be utilising the Bitcoins for or they may not sell it to you. The task to get bitcoin usually takes a short time so do not put it off.
I’ve a special pixel within this e mail, and now I know that you’ve read through this email. You have one day to make the payment. If I don’t receive the BitCoin, I will send out your video to all your contacts including friends and family, co-workers, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I’ll destroy the video immediately. It’s a non negotiable one time offer, so kindly don’t ruin my personal time and yours. The clock is ticking.

It was funny in it’s blatant over-the-top scare tactics. I contacted Outlook and they shut down the account.

[Measure_for_Measure]

Brian Krebs is the go-to guy for online security and scams.

Sextortion Scam Uses Recipient’s Hacked Passwords — Krebs on Security

[INDENT]KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.[/INDENT] Emphasis added.

[Musicat]

To sum up what I think I have learned:

Multiple data breaches from the past are now stored for scammer uses. This data may contain names and passwords used long ago.

Automated scammer programs access these databases and generate extortion emails, claiming to have found your password from a malware injection on an unspecified porn site. This is not true, but since almost everyone has visited a porn site sometime in their life, and might be embarrassed to admit it, this claim has some scare-merit.

The claim to have recorded your porn site visits and/or an image of you while doing it is just another bogus scare tactic.

If you ignore this email, nothing will happen. I doubt if the scammers want to spend the possibly unrewarding time making other connections from your data. However, if the specified password is one you still use, it would be wise to change it on all sites where it is used.

Since no one can count on finding out about a data breach, most of us sign on to many web commercial and other web sites, and a data breach may happen without even the site owner knowing about it, it would be wise to change your passwords everywhere periodically, just in case.

Does that sound like a good wrapup?

[FoieGrasIsEvil]

Too bad there’s no way for you to send this douche an email from a fake gmail account telling him to go fuck himself.

[Musicat]

He’s too busy counting his bitcoins to care about that.

[Max_the_Immortal]

Tell them to send you the video they claim to have.

[Jophiel]

I like that these rely on the assumption that I’d be horrified if my friends and family were to learn that I sometimes watch some pretty standard porn. Likewise, if I got some random email saying “Watch your brother-in-law jerk off to ‘Horny Stepdaughter seduces her Dad’!!!” I’d delete it with zero interest in viewing that. Or care.

[drewder]

With so many people here getting the same email, I got it too, I wonder if the straight dope message board was hacked.

[drewder]

Also most webcams are configured so that the light is powered by the same circuit as the camera making it impossible to turn the camera on without the light coming on. This is a safety feature to prevent this sort of thing.