Sex­tor­tion Scam Uses Hacked Pass­words

Indonesia Expat - - CONTENTS - BY KEN­NETH YE­UNG Ken­neth Ye­ung is a Jakarta- based ed­i­tor

In re­cent weeks, a few of my friends have re­ceived emails threat­en­ing to pub­li­cise im­ages of them en­joy­ing on­line pornog­ra­phy un­less they pay hun­dreds of dol­lars to a hacker. It’s a scam of course, but at first glance it might seem gen­uine be­cause the “hacker” does in­deed have one of your pass­words. I haven't re­ceived one of these sex­tor­tion emails. Why not? It’s not be­cause my on­line view­ing habits are scrupu­lously clean. And it’s not be­cause my lap­top’s we­b­cam is cov­ered by a piece of black tape. It’s be­cause I don’t use LinkedIn – the pop­u­lar net­work­ing site for pro­fes­sion­als, re­cruiters, snoop­ers do­ing due dili­gence re­ports and mar­ket­ing pests. Back in 2012, LinkedIn was hacked be­cause of what some tech ex­perts claimed was poor se­cu­rity. About 117 mil­lion email and pass­word com­bi­na­tions were stolen. In 2016, LinkedIn ac­knowl­edged the ex­tent of the data breach and ad­vised its users: “We rec­om­mend that you reg­u­larly change your LinkedIn pass­word and if you use the same or sim­i­lar pass­words on other on­line ser­vices, we rec­om­mend you set new pass­words on those ac­counts as well.” The stolen pass­words and user­names were sold on the dark web to hack­ers and scam­mers, who then iden­ti­fied peo­ple who used the same pass­word for their email or other ac­counts. This year, scam­mers started send­ing out the sex­tor­tion emails, com­plete with poor gram­mar and spell­ing, as well as some words that look like they came from Google Trans­late – such as ‘pi­quant’. Here’s one ver­sion of the emails: “I'm a hacker who cracked your email and de­vice a few months ago. You en­tered a pass­word on one of the sites you vis­ited, and I in­ter­cepted it. This is your pass­word from on mo­ment of hack: xxxxxxxx

Of course you can will change it, or al­ready changed it.

But it doesn't mat­ter, my mal­ware up­dated it ev­ery time. Do not try to con­tact me or find me, it is im­pos­si­ble, since I sent you an email from your ac­count. Through your email, I uploaded ma­li­cious code to your Op­er­a­tion Sys­tem. I saved all of your con­tacts with friends, col­leagues, rel­a­tives and a com­plete his­tory of vis­its to the In­ter­net re­sources.

Also I in­stalled a Tro­jan on your de­vice and long tome spy­ing for you. You are not my only vic­tim, I usu­ally lock com­put­ers and ask for a ran­som. But I was struck by the sites of in­ti­mate con­tent that you of­ten visit.

I am in shock of your fan­tasies! I've never seen any­thing like this! So, when you had fun on pi­quant sites (you know what I mean!) I made screen­shot with us­ing my pro­gram from your cam­era of yours de­vice. Af­ter that, I com­bined them to the con­tent of the cur­rently viewed site. There will be laugh­ter when I send these pho­tos to your con­tacts!

BUT I’m sure you don’t want it.

There­fore, I ex­pect pay­ment from you for my si­lence. I think $897 is an ac­cept­able price for it! Pay with Bit­coin. My BTC wal­let: 1YnYAx­prVrTo1WzPPzMo86ste5Ssp4xsy If you do not know how to do this - en­ter into Google "how to trans­fer money to a bit­coin wal­let". It is not dif­fi­cult.

Af­ter re­ceiv­ing the spec­i­fied amount, all your data will be im­me­di­ately de­stroyed au­to­mat­i­cally. My virus will also re­move it­self from your op­er­at­ing sys­tem. My Tro­jan have auto alert, af­ter this email is read, I will be know it!

I give you 2 days (48 hours) to make a pay­ment. If this does not hap­pen - all your con­tacts will get crazy shots from your dark se­cret life! And so that you do not ob­struct, your de­vice will be blocked (also af­ter 48 hours)

Do not be silly! Po­lice or friends won't help you for sure….

p.s. I can give you ad­vice for the fu­ture. Do not en­ter your pass­words on un­safe sites.

I hope for your pru­dence. Farewell. If you re­ceive one of these emails, don’t stress and don’t re­spond. If the sender re­ally had cap­tured you view­ing porn, they would have at­tached at least one im­age as proof. Should you feel like do­ing some sleuthing, you can check the unique in­ter­net pro­to­col (IP) num­ber of the sender and lo­cate the source of the email. If us­ing Out­look as your email app, open the email, click on File and choose Prop­er­ties. At the bot­tom of a di­a­log box will be ‘In­ter­net head­ers’ con­tain­ing the IP num­ber. Copy and paste it into an IP lo­ca­tion fin­der site. In the case of the ‘pi­quant’ sex­tor­tion email, it was com­ing from Pek­ing Univer­sity in China. Don’t ex­pect a re­ply if you re­port the mat­ter to the univer­sity. If you en­joy view­ing adult en­ter­tain­ment sites, con­sider cov­er­ing your we­b­cam, just in case a hacker re­ally is record­ing you via a re­mote-ac­cess tro­jan. Even Face­book founder Mark Zucker­berg puts a lit­tle piece of tape over his lap­top’s we­b­cam.


In­done­sia has been do­ing its best to pro­tect the na­tion from on­line erot­ica since late 2008, when an anti-pornog­ra­phy law was passed. The gov­ern­ment in Au­gust 2018 stepped up its cam­paign by order­ing the coun­try’s in­ter­net ser­vice providers to pre­vent ac­cess to porn by hav­ing Google locked to a Safe Search fil­ter. This frus­trated some peo­ple, but sim­ple work­arounds were quickly found and shared. Google is not the only search engine on the planet. Its main ri­val, Bing, does not have its Safe Search fil­ter locked in In­done­sia and even goes as far as sug­gest­ing child pornog­ra­phy tags via its Im­age search re­sults. The Min­istry of Com­mu­ni­ca­tion and In­for­ma­tion Tech­nol­ogy, which is at the fore­front of the war on porn, in late Oc­to­ber an­nounced that in the four years from Septem­ber 2014 to Septem­ber 2018, it had blocked 912,659 “neg­a­tive” sites, in­clud­ing 854,876 porn sites, 51,496 gam­bling sites, 4,941 fraud sites, 676 sites with in­tel­lec­tual prop­erty rights vi­o­la­tions, and 453 ter­ror­ism sites. Part of the block­ing is done via a “crawl­ing sys­tem” that was launched in Jan­uary and cost the min­istry about Rp200 bil­lion (US$14 mil­lion). While “block­ing” might sound im­pres­sive, peo­ple who are de­ter­mined to see par­tic­u­lar con­tent will al­ways find a way to ac­cess it. Re­strict­ing ac­cess to porn sites won’t stop peo­ple from be­com­ing vic­tims of sex­tor­tion. There have been cases in In­done­sia where male scam­mers se­duced girls and women on­line and con­vinced them to share nude pho­tos or videos of them­selves. The men then threat­ened to re­lease the in­crim­i­nat­ing files un­less the vic­tim paid them. In some cases, the ex­tor­tion­ists de­manded in­ti­mate Skype ses­sions and even met with vic­tims and de­manded sex. Even if you en­gage in con­sen­sual shar­ing of your own pho­tos and videos in In­done­sia, you could still be at risk of fac­ing crim­i­nal charges – un­der the Elec­tronic In­for­ma­tion and Trans­ac­tions Law – es­pe­cially if you have pow­er­ful po­lit­i­cal or busi­ness ri­vals keen to bring you down.

Newspapers in English

Newspapers from Indonesia

© PressReader. All rights reserved.