Search This Blog

Showing posts with label Sextortion. Show all posts

Interpol Arrests 12 Suspects for Running Sextortion Racket


A joint operation to crack down sex racket

Interpol announced the arrest of 12 individuals under suspicion of core members of transnational sextortion ring. 

The arrests happened in July and August because of a joint investigation done by Interpol's cybercrime division and police in Singapore and Hongkong. 

Under the Banner #YouMayBeNext, supported by 75 INTERPOL member countries and 21 private and public entities, the campaign focuses specifically on sextortion, Distributed Denial of Service (DDoS), and ransomware attacks. 

In an example of the challenges these cyber attacks represent, international police operations supported by INTERPOL has found and tracked down transnational sextortion ring that was able to extract around USD 47,000 from targets. 

As of now, the investigation has tracked 34 back to the syndicate. 

What is sextortion?

Sextortion is considered a criminal act and is a form of sexual exploitation that includes harrassing an individual, either via threat or manipulation, into making sexually explicit content and sending it over the internet. 

The suspects reached out to potential victims through online dating and sex platforms, then lure them into downloading a malicious mobile app and trick them into "naked chats." 

The suspects used this app to hack victim's phone contact lists, then threaten victims by blackmailing to leak their nude videos to their relatives and friends. 

The victims of the sextortion racket are mostly from Hongkong and Singapore. 

Raymond Lam Cheuk Ho, Acting Head of the Hong Kong Police’s Cyber Security and Technology Crime Bureau said:

"We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which – along with the joint efforts by our counterparts – allowed us to identify and locate individuals linked to the criminal syndicate.”

INTERPOL's warning 

Besides this, Interpol has warned about a surge in sextortion incident in the recent years, the rise has been aggravated due to the Covid-19 pandemic. 

It mentions the risks of the sextortion, just a click away on a malicious link or an intimate video/picture to someone can expose users to sextortion threats. 

Last year, the FBI Internet Crime Complaint Center (IC3) alarmed about a sudden rise in sextortion complaints since the start of 2021. As per the experts, the attack has caused   financial losses of more than $8 Million until July 2021. 

The FBI got more than 16,000 sextortion complaints until July 2021, most of the victims fall between the age of 20 and 39. 

How to be safe from sextortion?

Security affairs reports the following measures to stay safe from sextortion threats: 

  • NEVER send compromising images of yourself to anyone, no matter who they are or who they say they are.
  • Do not open attachments from people you do not know. Links can secretly hack your electronic devices using malware to gain access to your private data, photos, and contacts, or control your web camera and microphone without your knowledge.
  • Turn off your electronic devices and web cameras when not in use.


Surge in Sextortion Attacks Cost Targeted Users $8 This Year

 

The FBI IC3 (Internet Crime Complaint Center) raised an alert about a great surge in sextortion complaints since January 2021, which has led to a total financial loss of around $8 Million till July. FBI got over 16000 complaints of sextortion until July, most of them coming from the age group of 20-39. "Victims over 60 years comprised the third largest reporting age group, while victims under the age of 20 reported the fewest number of complaints," says FBI. Sextortion happens when potential victims are blackmailed by criminals in person or through dating sites, emails, and online chats that may expose sensitive or private photos/videos if the victims fail to pay the ransom. 

Started with an email scam, the Sextortion incident came to light in July 2018, when criminals started mailing victims threatening that they had proof of them surfing adult sites (which include victim passwords exposed through data leaks) to get credibility. Email sextortion campaign scammers also distributed various malware strains that range from ransomware to data-stealing trojans. As per the majority of the victims, the initial contact with the criminal is mutual as it is made via dating apps and websites. After the interaction, the criminal then requests the target to connect on some other platform for conversation. 

According to the FBI, "the fraudster instigates the exchange of sexually explicit material and then encourages the victim to participate via video chat or send their own explicit photos. Immediately after the victim complies, the fraudster blackmails the victim and demands money to prevent the release of the photos or videos on social media." The victims have it even worse, as the criminal may also get access to the target's social media account or contact no. They threaten the victims to leak sensitive images which the criminals possess and show them to the victim's friends and family. 

If any user ends up as a victim in such situations, they are advised to immediately stop all contact with the criminal, they should immediately report the incident to authorities and register a complaint at FBI IC3 as soon as the sextortion incident happens. To be safe from such incidents FBI suggests: 

•NEVER send compromising images of yourself to anyone, no matter who they areâ or who they say they are. 

•Do not open attachments from people you do not know. Links can secretly hack your electronic devices using malware to gain access to your private data, photos, and contacts, or control your web camera and microphone without your knowledge. 

•Turn off your electronic devices and web cameras when not in use.

Cyber Extortionist Pretends To Be From US Police; Demands $2000 in Bitcoin To Delete Evidence!







A cyber extortionist acts to be a US State Police detective and promises to delete child porn evidence for $2,000 in Bitcoins including a phone number which could be used to contact the scammer.

“Sextortion” emails have become quite common where the sender cites that the recipient’s computer has been hacked with the recording of them while on the adult sites.

On the other hand extortionists pretend to be hitmen and asking for money to call off the hit, bomb threats and tarnishing website’s reputation.


The aforementioned extortionist accuses the victim of child pornography and that the evidence could be deleted if they pay the sender $2,000 in Bitcoins.

Florida, Minnesota, Georgia, Tennessee, California and New York are a few of the states where the victims mentioned that the mails they got were from.

Per sources, the email sent by the extortionists pretending to be from the Tennessee State Police included the following phrases:
·       “Do not ignore the important warning”
·       “I work in the Bureau of Criminal Investigation, detective branch Crime Prevention with child abuse.”
·       “You uploaded video child-porno to websites”
·       “not possible to prove you didnt this”
·       “I retire in next month and want to earns some money for self”
·       “Pay me to Bitcoin wallet”
·       “This is anonymous money I want 2000$”
·       “Send transfer to my wallet”
·       “My temporary phone to contact”
·       “After receiving payments, I delete All materials”
·       “If you don’t pay me, I sending materials to The Tennessee Crime Laboratory.”

All the emails happen to be the same, the same Bitcoin address 17isAHrP2cZSY8vpJrTs8g4MHc1FDXvAMu


 but just the state’s name different.

The attacker(s) is/are using a data breach dump which contains both email and home address so that the state in the email could be matched up with the target’s state of residence.

Extortion scams don’t usually contain the scammers contact number and matching the state of residence with that in the email is surely a nice touch there.

But whenever an email turns up where the sender asks for money it’s obviously to be aborted.