Hacked Passwords Being Used In Blackmail Attempt -- Expect More Of This

from the isn't-the-internet-greate dept

Last week I received the following email with my name and a very, very, very old password that I haven't used in probably at least a decade in the subject line (even though I'm not longer using it, I'm editing it out of this because... it's still weird):

I am aware, ********, is your pass word. You don't know me and you're probably wondering why you're getting this mail, right?

In fact, I actually installed a malware on the adult videos (adult porn) site and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated working as a RDP (Remote Desktop) having a key logger which provided me with access to your screen and cam. Immediately after that, my software collected all of your contacts from your Messenger, FB, and email.

What exactly did I do?

I created a double-screen video. First part displays the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You'll make the payment via Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address: [REDACTED] (It is cAsE sensitive, so copy and paste it)

Note:
You have one day to make the payment. (I've a specific pixel in this e mail, and right now I know that you have read through this email). If I don't receive the BitCoins, I will send your video recording to all of your contacts including members of your family, colleagues, and so forth. However, if I receive the payment, I will erase the video immidiately. If you really want evidence, reply with "Yes!" and I will send your video recording to your 9 friends. This is a non-negotiable offer, and thus do not waste my personal time and yours by responding to this message.

This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites), there are a whole bunch of other reasons why it was obvious that the email was fake and it would be literally impossible for the person to have whatever it was they claimed to have on me. I found it funny enough that I reached out to some other folks to see if this was getting around, and a few people told me they'd seen similar ones, noting that the final note about sending it to "9 friends" appeared to be an increase from the usual of "5" that they had seen before.

Indeed, Brian Krebs, who is always on top of these things, wrote a story about how a bunch of people got these emails last week. That one only asked for $1400, and also promised to send it to 5 friends. It has a few other slight differences to the one I received, but is pretty clearly sent by the same person/team of people with just a few modifications. Like the ones that Krebs reported on, mine appeared to come from an outlook.com email address. As Krebs notes, he expects that this particular scam is about to get a lot more popular, and will probably use a lot more recent set of passwords:

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

And, at the very least, this scam appears to be working. It's unclear just how many people are receiving these emails -- and how many people are pointed to the same Bitcoin wallet address to pay -- but the one that Krebs included in his post shows a single payment of approximately $2000. When I first got the email the Bitcoin wallet address in the email I received showed no transactions, but I just looked again and there are two transactions, both within a day of when I received the email (one for .23 Bitcoins or ~$1600 and another for 0.3 Bitcoins or ~$2,000).

Of course, this should be a warning for everyone on a variety of levels:

  1. Use a password manager already, and stop saying they're too difficult to use. They are not.
  2. Use 2 factor authentication wherever possible
  3. Cover your webcam with a sticker or tape or something when not in use
  4. Don't believe every stupid threat email you receive
  5. Don't randomly pay money to every stupid emailer who pretends to threaten you
Anyway, it will be worth watching how this particular scam evolves, but as Krebs notes, it's likely we'll be seeing it a lot more often as it seems to hit all the key points for a popular internet scam these days.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blackmail, hacked passwords, shakedown


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 19 Jul 2018 @ 1:39pm

    Our company's users rec'd 45 of these emails

    Every email was unique, using different phrasing. Also, each email our users rec'd had a different bitcoin address. I was impressed.

    link to this | view in thread ]

  2. identicon
    David, 19 Jul 2018 @ 1:55pm

    Site worth noting:

    https://haveibeenpwned.com/ is a site where you can enter your Email address and have it checked against a number of password leaks. More details (like the actual passwords) only after signing in, basically making sure that the Email address actually is yours. But more details are rarely necessary. If it turns up positives, it's a good idea changing the passwords on the affected sites if you didn't do so since the breach occured.

    I have no affiliation with that site, it did point out one of my accounts that warranted a password change, and I don't see that it should be able to do bad things (apart from address harvesting/verification) if you don't create an account. But if you think or know differently, correct me.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 19 Jul 2018 @ 2:13pm

    I keep trying to get my video out of these fuckers but they never send it :( I reckon i could monetize it as i have a nice c**k.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 19 Jul 2018 @ 3:24pm

    This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites)

    So you use "important" site passwords for adult video sites? Interesting...

    link to this | view in thread ]

  5. identicon
    Rekrul, 19 Jul 2018 @ 3:27pm

    I got almost the exact same email, but mine wanted $1900 and threatened to send the video to 11 friends. That would be a nice trick considering I've never had a camera connected to my computer. :)

    link to this | view in thread ]

  6. icon
    Anonymous Anonymous Coward (profile), 19 Jul 2018 @ 3:44pm

    Re:

    You might, and I mean might might be a bit strong, be able to read, but your comprehension sucks. The email claimed to have gotten the password from an adult site. Mike says he used that password for unimportant sites. That means that Mike considers his porn sites to be unimportant, but even that is pure conjecture, and I think that he visited an adult site is unlikely, and it is even more unlikely that he supplied that site with a password, one that he used on other sites. Get real.

    Or, much more likely, the spammer got the password from some compromised site that Mike considered unimportant and stopped visiting long ago (or has a new password for), which was in fact not porn. Then the fraudster made a claim that it was taken from an adult site to put fear into the recipient. It does not appear that Mike has fear, which is also supportive of his not visiting adult sites.

    If I had gotten this email, I would just look up that password in my password manager (pwsafe is my choice and works for me in Windows, Linux, and Android and I also see they have IOS versions) and then go to that site and change the password. They would have no video of me, as the tape over my webcam is fairly permanent and that webcam is rarely used. Any video they have would be of the back of the tape, and it would be clear to me that they had not even reviewed what they were threatening me with.

    link to this | view in thread ]

  7. identicon
    Mark, 19 Jul 2018 @ 4:07pm

    Oh, you poor, lowly 99%ers... getting your cheap ass extortion threats via... egad... email.

    I guess I'm a 1%er... I get my extortion letters (lovingly printed on pulped trees and sealed in a stamped 1st class envelope) hand delivered to my door by a Uniformed Government Courier. Two letters in the last few weeks.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 19 Jul 2018 @ 4:08pm

    Mike, looks like blue boy found you!

    link to this | view in thread ]

  9. icon
    Anonymous Anonymous Coward (profile), 19 Jul 2018 @ 4:10pm

    Re:

    Hmm. Love notes from the IRS...eh?

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 19 Jul 2018 @ 4:21pm

    I'm a little sad they didn't try to be more specific. I'm really curious what scammers think Mike would be into.

    I'd assume Victorian era role play.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 19 Jul 2018 @ 5:27pm

    Re:

    My version: I got almost the exact same email, but mine wanted $1900 and threatened to send the video to 11 friends. That would be a nice trick considering I've never had 11 friends. :(

    link to this | view in thread ]

  12. identicon
    Christenson, 19 Jul 2018 @ 6:20pm

    Re:

    If Victorian, I’d guess steampunk, lol, with the scandal being him only partially in role!

    link to this | view in thread ]

  13. identicon
    blackturtle.us, 19 Jul 2018 @ 7:15pm

    Clearly not a threat to take seriously...

    I received two of these threats. The wording was about 95% the same as the example in the article. Two days earlier I received a warning from a website where I have an account that their accounts database had been compromised. The details pertaining to a porn site and webcam didn't match any activity I had been involved with and so the threat was obviously bogus. There were other indicators that it was a generic threat, but I'm sure someone somewhere is going to pay up!

    link to this | view in thread ]

  14. icon
    techflaws (profile), 19 Jul 2018 @ 9:33pm

    "(I've a specific pixel in this e mail, and right now I know that you have read through this email)"

    No, you don't cause my email client doesn't load anything from the Internet unless I tell it to. Also, f*ck you ;)

    link to this | view in thread ]

  15. icon
    oliver (profile), 19 Jul 2018 @ 11:27pm

    ha ha ha ha ha

    ha ha ha ha ha what a pathetic bunch of loosers!
    I will double-secret-dog-dare them to send this supposed "video" to all of my friends!!!

    That should shut them up quite quickly.

    what a bunch of looses!

    link to this | view in thread ]

  16. icon
    That Anonymous Coward (profile), 20 Jul 2018 @ 1:42am

    Re:

    *ears perk up*
    Oh??? Let me be the judge of that, I'm a professional.

    link to this | view in thread ]

  17. identicon
    Eddie G, 20 Jul 2018 @ 2:03am

    .

    This is hilarious!...I'm married and don't even VISIT porn sites!....LoL! not to mention I am an I.T. Support Tech...and I PHYSICALLY remove / disable the web-cam from my laptops when I buy them!...So I would actually respond to this email? With the words:

    "Do Your Worst"!....and wait to see what happens!...LoL! There's nothing like being "in the know" and watching these maggots flail about with their idle threats!. Anyone who doesn't cover their web-cam in this day & age?...is just ASKING for trouble. Its no wonder laptop makers are now including ways to "shutter" your webcam. but don't stop there, either cover your microphones too, or else NEVER speak a password aloud! If they can activate your web-cam, who's to say they can't activate your speakers as well? LoL!

    Listen people its not hard, when you buy ANY device whether its a laptop or a desktop or a smartphone? the FIRST thing you should do is protect yourself by any means necessary. Install a firewall / malware / antivirus and be sure to RUN IT,...CONSTANTLY! Even if it might take up some time when you run it? the alternative is to login and find out your bank account has been emptied because someone was able to glean information from your machine. I for one? run Linux on my laptops and have more safeguards in place than an average PC user, so I'm not truly worried, not to mention I don't save passwords in ANY text document but have them stored in the ONE place that can NEVER be hacked! MY HEAD! When you throw in RKhunter, chRootkit, ClamAV, ufw, and the "ultimate" SELinux? (along with the fact that I'm running Kali Linux which is a hacker's "toolkit" of programs!) I don't fear this kind of thing. I guess these people are just desperate?...and hoping to find some elderly person who's easily frightened?

    link to this | view in thread ]

  18. identicon
    David, 20 Jul 2018 @ 3:26am

    Re: Re:

    Is that a dent in your armor or are you just happy to see me?

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 20 Jul 2018 @ 3:40am

    I read a different article about this and they said that $25K USD had been sent to the bitcoin address.

    Good work if you can get it.

    link to this | view in thread ]

  20. icon
    tdlawyer (profile), 20 Jul 2018 @ 4:28am

    Same Scam from "Black Mirror"

    Season 3, episode 3 contains essentially this exact scam, plus a bunch of other dystopian tech stuff (of course).

    link to this | view in thread ]

  21. identicon
    David, 20 Jul 2018 @ 5:20am

    Re: .

    This is hilarious!...I'm married and don't even VISIT porn sites!

    Talk about a non sequitur... sounds like "I'm married and don't even OWN cookbooks".

    .LoL! not to mention I am an I.T. Support Tech...and I PHYSICALLY remove / disable the web-cam from my laptops when I buy them!...So I would actually respond to this email? With the words:

    You lose. As an I.T. Support Tech you should know that answering to such mails will, if at all, serve only to verify that your address is reachable and responsive for purposes of spamming and scamming.

    link to this | view in thread ]

  22. identicon
    Michael, 20 Jul 2018 @ 5:26am

    Re:

    They threatened to sent it to 9 of my friends. Since I don't have 9 friends, I was skeptical, but I figured if they sent it to 9 people, at least one of them would become my friend because I am pretty awesome on camera.

    link to this | view in thread ]

  23. identicon
    Michael, 20 Jul 2018 @ 5:29am

    Re:

    We all know if you had a split screen of Mike and his browser, it would just be him with about 900 tabs open for tech and political news.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 20 Jul 2018 @ 5:51am

    Re:

    I think the real surprise is if Mike used his real email address at a porn site.

    Real people register smurf email accounts that they only ever log into to check for those activation emails to activate accounts on pornography sites.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 20 Jul 2018 @ 7:02am

    Re:

    Someone commented, elsewhere, that the scammers may have primed their bitcoin accounts to look like others had already paid. So it is not necessarily the case that they have gained anything even if there have been payments.

    link to this | view in thread ]

  26. icon
    Ninja (profile), 20 Jul 2018 @ 7:29am

    I'd go further with those.


    6- Don't open e-mail attachments unless you are positively sure the person actually sent you.
    7- Use adblockers and, if possible, script blockers since some malware has been served via advertisement networks.
    8- Avoid unknown websites if possible, avoid the ones that are not the usual .com (or the country variant with the country initials), .org, .net. Avoid new ones like .xxx like the plague.

    There must be more points but those came to mind right now.

    link to this | view in thread ]

  27. icon
    Ninja (profile), 20 Jul 2018 @ 7:30am

    Re: Re:

    I think he needed to add a /joke mark or something, at least this is how I read ;)

    link to this | view in thread ]

  28. icon
    Ninja (profile), 20 Jul 2018 @ 7:34am

    Re: Re:

    According to some people here Mike would be fapping to hundreds of tabs about Google.

    Also, if I produced any disturbing image in your head, you are welcome.

    *shoes self out*

    link to this | view in thread ]

  29. icon
    John85851 (profile), 20 Jul 2018 @ 10:04am

    Another tip

    I use a laptop as my main computer and it's plugged into an external monitor while at home.
    The lid is either completely closed or cracked slightly open so I can press the power key- in other words, angled down. So if a hacker did manage to turn on my laptop's camera, they'd get a nice video of my floor... and maybe my feet as I walk by.

    link to this | view in thread ]

  30. icon
    Mike Masnick (profile), 20 Jul 2018 @ 10:36am

    Re: Re:

    We all know if you had a split screen of Mike and his browser, it would just be him with about 900 tabs open for tech and political news.

    While potentially a sad statement on my life... this is incredibly accurate.

    link to this | view in thread ]

  31. identicon
    David, 20 Jul 2018 @ 12:47pm

    Re: Another tip

    The lid is either completely closed or cracked slightly open so I can press the power key- in other words, angled down.

    Angled down is fine.

    link to this | view in thread ]

  32. identicon
    haha hehe hoho, 20 Jul 2018 @ 2:37pm

    haha

    so a game i played 6 years ago and stopped 6 years ago online got hacked and my email while it sin the dbase still has a completely wrong password ot any used.....

    and i dont use a webcam , and as a actual hacker i got all my pron the good ol way via playboys website directly LOLOLOL...

    ALLLL OF IT....

    oh and this fucker is in the usa and california....not saying anymore....

    oh and who am i ? i'm the guy in that online game that beat the 2012 strategy game champion from new zealand MUAHHA

    link to this | view in thread ]

  33. identicon
    pcdec, 20 Jul 2018 @ 5:44pm

    Re: Re:

    Is this reddit now? Lol

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 20 Jul 2018 @ 7:55pm

    admittedly i just think i would start laughing if i received that kind of email... my reason being is my webcam is only ever pointed at the wall (using it in lieu of a desk mic).

    link to this | view in thread ]

  35. identicon
    tonylurker, 24 Jul 2018 @ 5:48am

    Hah! I got this email and didn't even realize that the string of characters in the subject was a password. I dug through my trash and noticed that it's not one I ever used and looks like the type of default password generated for an initial account setup. I wonder what site they got it from.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 30 Jul 2018 @ 9:57pm

    Just got this exact mail today, also for a password that's been defunct for longer than I really remember. They've upped the ante to 13 friends, though. Obviously fake - I don't even have 13 friends!

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 6 Jan 2019 @ 8:25am

    This was really helpful and many thanks for posting it

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 11 Jan 2019 @ 5:04pm

    This was really helpful and many thanks for posting it

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.