Top News
Jussie Smollett directed brothers to pour gas on him and yell slurs, prosecutor says  ||   Duke star Zion Williamson considered 'day-to-day' with a knee sprain  ||   She may be Florida's first lawyer living with autism  ||   Pew survey: Teens say depression is greater problem than bullying, drugs or drinking  ||   President Trump still at odds with former US military, intel officials over Syria  ||   'It's snowing in Hollywood!' Snowflakes seen in and around Los Angeles  ||   Hail storm hit Los Angeles amid cold blast  ||   Jussie Smollett's alleged plan to manufacture outrage diminishes impact of real hate crime  ||   Oakland teachers strike to improve pay  ||   With his dad on the bag, Jordan Spieth wishes he could have played better in Mexico  ||   Kendrick Lamar isn't performing his 'Black Panther' anthem at the Oscars; here's why  ||   What exactly is a food processor, anyway, and how do you use it?  ||   Devils, Senators not dressing key players, sign of trades  ||   Karl Lagerfeld draws self portrait of his first day at Fendi  ||   5th-seeded Sousa out of Rio Open, Cuevas advances  ||   Jussie Smollett directed brothers to pour gas on him and yell slurs, prosecutor says  ||   NBA officially proposes lowering draft age from 19 to 18  ||   Tiger Tracker: Follow Tiger Woods' Thursday round at the WGC-Mexico Championship  ||   Kendrick Lamar isn't performing his 'Black Panther' anthem at the Oscars; here's why  ||   Duke's Zion Williamson day to day with mild knee sprain  ||            

Hoax bomb threat cyber extortion emails similar to sex video threats  2 Months ago

Source:   USA Today  

SAN FRANCISCO — A wave of hoax bomb threats that swept the United States on Thursday were a variant on a relatively new cyber extortion scheme — one that previously threatened it had compromising personal videos of a sexual nature. 

Who was behind the campaign isn't known, as it is difficult to trace the origin of such emails. The motivation is also unclear. It could have been money or it could have been something more nefarious such as causing mass disruption, say experts.

Thursday's hoax bomb threat emails hit universities, businesses, schools and news outlets across the country, sending police departments scrambling.

The emails were all variants on a theme that the sender had hired a "recruited mercenary" to place an explosive device in the targeted building that would be detonated unless $20,000 in difficult-to-trace cybercurrency was paid.

There were no reports that any actual explosive devices were discovered, but the threats alone cost thousands of dollars as buildings emptied and police officers monitored and investigated.

The emails that appeared Thursday were similar to extortion campaigns sent to people in Europe that have threatened bombs or the release of compromising sex videos.

In May, over 400 schools in the United Kingdom received bomb threat emails, none of which were deemed credible by local authorities, though not until they had disrupted the schools.  

The emails sent Thursday were in some cases close variations on those sextortion emails, said David Pickett, a cybersecurity analyst for Florida-based AppRiver, a computer security firm. Some of them were also sent from the same computer servers as Thursday's bomb hoax emails.

"I would give it a 99 percent chance that it's the same group," Pickett said. 

The sextortion emails threatened that the perpetrator had installed a program on the user's computer which allowed the criminals to tap into the machine's camera.

The scammers claimed the program captured "videotape with you self-abusing," as well as the snippet of pornography they were watching. It threatened to send the video to all their contacts if they didn't pay the equivalent of about $850 to a Bitcoin address. 

It was all a hoax and no program, or video, actually existed, said Pickett. 

The senders' program was sophisticated enough to randomly swap other words into the message, such as "masturbation" and "wanking" to make it harder to target against, he said. It was written in special characters that Outlook and other email programs automatically translated into normal letters, allowing it to fool spam filters set to capture such emails.

Attempts to use the internet to extort money from people are decades old. Over the past several years ransomware, which installs malware that locks up the user's computer files until they pay a ransom, has been popular with cybercriminals.

The hoax cyber extortion emails are a relatively new variant. "This group's been active for about the last six months," Pickett said.

It could be that more will come because cybercriminals are lazy and copycat attacks pop up very quickly, said Atiq Raza, CEO of Virsec, a computer security firm based in San Jose, California.

"I expect this to pick up over the next year. Once people figure out that this is a way to extort money, they will use it," he said.

Attacks such as this are no-brainers for cybercriminals because they are so cheap. Sending the same email to tens of thousands of people costs almost nothing "and if just one pays, it's been worth it," Raza said. 

These hoax bomb extortion emails, while fake, are extremely disruptive because authorities have to take them seriously for safety's sake.  

In that way, they are different from ransomware and sextortion attempts which tend not to be reported to police or reported in the news. That's because those receiving them generally want to keep the matter quiet — either to protect their business' reputation or their own.

Some believe the likelihood of anyone actually getting money out of this attack is low and that there are other reasons it was launched.

"This isn’t about extortion, it is about causing disruption. It worked," said Colin Bastable, CEO of security awareness training company Lucy Security.

He believes it was a trial run to see how America responds in such cases. Because the answer was with an abundance of caution on the part of law enforcement, he worries it will encourage more such campaigns.

One positive is that the very public nature of the attack should help innoculate the public, as these schemes rely on the victim believing that the attacker is capable of carrying out the threat.

"The widespread nature of this email campaign makes it much less likely that the victims will believe the attacker is serious," said Tim Erlin, vice president of strategy at Tripwire, a Portland, Oregon-based cybersecurity firm. "I would expect email extortion to continue, but not at this scale."

If however, the motive is to create mass disruption, it could mean bigger worries, said Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks. 

The threat could be "to stress law enforcement resources while possibly perpetrating a secondary more potent attack," he said.


More News
About Us Terms & Conditions Disclaimer
Advertise Contact
register and win

NRIS.COM is one of the premier NRI website that provides a range of resourceful services to Indian expats residing in the USA. Visiting the site you will find comprehensive information related to restaurants, casinos, pubs, temples, carpool, movies, education, real estate, and forums. The simple and easy to navigate format allows NRIs to gain information within a fraction of a second. Moreover, advertising through its column of Indian free classifieds in USA allow businesses to improve visibility of their brand.

MI NRI's Chat (0 Users Online)