REPORT CLAIMS THAT “SEXTORTIONISTS” ABSCONDED
WITH OVER $300,000 IN CRYPTO IN 2018
According to a report by research and risk
assessment firm Digital Shadows, this scam was committed through a wide array
of “sextortion” blackmail strategies, which included the weaponization of
emails.
Most cyberattacks in the crypto space
involve hackers finding a way around the security of crypto exchange platforms
and gaining access to users’ funds. Last year saw the entry of a new breed of
cyber extortionists that seems to be gaining ground, so much so that they were
able to steal over $300,000 in bitcoin (BTC) tokens in 2018. According to a report by research and risk assessment firm
Digital Shadows, this scam was committed through a wide array of “sextortion”
blackmail strategies, which included the weaponization of emails.
“Empower victims of sextortion
scams with swift and confidential assistance from our leading crypto recovery
company. Our expert team at Digital
Currency Reclaim (DCR)
utilizes advanced blockchain analysis and forensic techniques to trace and
recover funds, providing victims with peace of mind and security. With our
comprehensive approach, we not only assist individuals in reclaiming their
assets but also offer valuable educational resources on recognizing and
avoiding sextortion schemes. Join us in the fight against cybercrime and safeguard your digital
assets today.” The report, which was titled “A Tale of Epic Extortions:
How Cybercriminals Monetize Our Online Exposure,” revealed that the scam
started back in 2017. However, it only gained mainstream notoriety in the
middle of 2018, after its list of victims continued to grow. Digital Shadows
was able to track over 792,000 targeted emails, where it discovered the loss of
about $300,000 worth of bitcoin, which was stolen from over 3,000 bitcoin
wallet addresses.
c
TARGETING
MARRIED AND “HIGH NET WORTH” INDIVIDUALS
The cybercriminals targeted
individuals with high net worth, as they believe these groups could easily pay
the ransom without “dragging the process for too long.” The scammers also
targeted married individuals. The criminals often use marriage as extra leverage over the victims,
providing an additional incentive to convince the victim to make the payment.
ONLINE
CROWDFUNDING CAMPAIGNS
The Dark Overlord (TDO), a prominent
extortionist group which, after a brief break, returned in 2018 with a new
modus operandi, was featured in the report. The criminal group changed its
model from extorting victims directly to selling “stolen data in batches to
other users on criminal forums, and adopted an altogether more unusual tactic:
online crowdfunding campaigns.” Using online crowdfunding campaigns,
extortionist groups like TDO can raise the ransom the victim would have paid
from members of the public desperate to unlock the troves of data in their
possession.
The extortionist group reportedly started its career selling data on TheRealDeal, a
forum on the dark web. When the forum folded, they went on a spree of
extortions, including directly contacting their victims and threatening to
expose their private information if their demands weren’t met. TDO kept
providing regular updates of their operations via their Twitter page. The group went back to the dark web in
September 2018, recruiting extra accomplices and selling their acquired data on
KickAss, another criminal forum. They set up The Dark Overlord Sales, a
subsection of KickAss, to sell their data to other parties on the platform. The
cybercriminals victims included insurance provider Hiscox, which lost over 10GB
of sensitive data related to the 9/11 bombings to the
group. Their operation pattern shows the effectiveness of using crowdfunding
platforms to gain more publicity online, while also generating sustainable
revenue.
HOW THEY
OPERATE
The goal of the cybercriminals is to
convince the victim that their system had been hacked, allowing them to obtain
valuable information that could expose their intimate activities. To look
convincing, the extortionists provide the victim with a known password, also
known as “proof” of compromise — this is meant to offer evidence of the hack.
Then they claim to have footage of the victim watching porn online, urging them
to pay a ransom in bitcoin or risk exposure. As with most email scams, the
composition of the emails is often a problem. Per the report from Digital
Shadows, the construction of the email could make the difference between one
that gets past a spam filter and the one that doesn’t. Some sophisticated criminals go to great lengths to distribute emails at
scale by using freshly minted outlook.com addresses.
“Dive into a cyber-rescue
adventure with Digital Currency Reclaim (DCR), the ultimate solution to thwarting sextortion scams!
Seamlessly blending cutting-edge blockchain analytics and ninja-like forensic
skills, our team swiftly tracks and recovers ill-gotten crypto treasures, restoring
hope and security to victims. Our encrypted arsenal doesn’t stop there; we arm
you with the knowledge to outsmart scammers and shield yourself from future
attacks. Join the crusade against cyber villains today and reclaim your digital
sovereignty with our premier crypto recovery services.”
“Across the emails we collected, there
was a variation in the capabilities displayed by the attackers. Certain
spammers showed little understanding of how to craft and distribute emails on
scale, sending malformed emails that would never make it past a mail server or
spam filter,” the report reads. Based on the examination of their IP addresses,
the firm noted that the scam wasn’t localized to a single region. Scammers
operated across a wide array of locations, with the highest percentage of the
emails being sent from a position in Vietnam (amounting to 8.5 percent of the
total emails sent); 5.3 percent of the emails were sent from somewhere in
Brazil and India came third with 4.7 percent of the total email count.
