Wednesday, July 25, 2018

Thugs on Computers--Cyber Sextortion

                                                                                                                                                                                                                                               FBI Video
Incidents of "cyber sextortion" are increasingly common with likely thousands of victims across the county. Sexual extortion, or "sextortion" is a cybercrime in which a criminal typically poses as an attractive man or woman and contacts the potential victim via social media, dating websites, or text messages. The online relationship quickly builds and eventually the victim and their online “friend” exchange explicit images and/or videos. An accomplice then contacts the victim and claims they have been interacting with an underage teen and that they now possess child pornographic material.

The sextortionist threatens public exposure and police notification if the victim does not send a specified sum of money via Western Union or similar companies. The amount extorted typically ranges from $50 to $1,000+ often with follow-on demands for additional payments. The victim may also receive a demand appearing to come from a police agency stating that an investigation will be launched unless the victim pays.

Sophisticated organized criminal networks often operate these online blackmail schemes with many operating out of business-like locations similar to call centers. These criminals often target hundreds of individuals around the world simultaneously in an attempt to increase their chances of finding a victim. 

Luis Mijangos
However, the sextortionst may be a lone individual as well. In 2011, the Federal Government prosecuted Luis Mijangos, a 32-year-old paraplegic hacker who had sent trojan emails and instant messages (“IMs”) embedded with malicious software and infected the computers of hundreds of victims. The malicious software gave him complete access to and control over the victims’ computers.

Investigators discovered that Mijangos had tricked scores of women and teenage girls into downloading malware onto their computers. The malicious software he employed provided access to all files, photos, and videos on the infected computers and allowed him to see everything they typed on their keyboards. The malicious software also allowed him to turn on any web camera and microphone attached to the computer whenever he wished. This capability allowed him to watch, listen, and record his victims without their knowledge. Mijangos kept detailed files on many of his victims and obtained information he would later use to threaten his victims.

Investigators found that Mijangos often sent malicious software disguised as popular songs or videos to his victims' computers who then unwittingly sent the malicious software to their friends and family. He read their emails, watched them through webcams without their knowledge and at times discovered nude photos they had taken of themselves on their computers. He also posed as some of the victims' boyfriends to convince them to send him nude pictures. Mijangos then threatened to post the images online unless his victims were willing to provide more racy photos or videos to him or if they went to police.

Mijangos’s threats were not idle. In at least one case, he posted nude photos of a victim on the Myspace account of a victim’s friend which Mijangos had also hacked, after she refused to comply with his demands. The 35-year-old woman spoke at Mijangos’ sentencing, describing the torment Mijangos inflicted upon her. The victim said Mijangos threatened to release more photos to her employer and that each time she signed onto her computer at work, he would harass and threaten her. "He haunts me every time I use the computer," she said. "You don't have to be in jail to feel trapped."

In all, federal investigators found more than 15,000 webcam-video captures, 900 audio recordings, and 13,000 screen captures on Mijangos’ computers. He possessed files associated with 129 computers and roughly 230 people. Of those, investigators determined that 44 of his victims were minors. The videos he surreptitiously recorded showed victims in various states of undress, getting out of the shower, and having sex with partners. In addition to the intimate material he seized from victims’ computers, federal authorities also found credit card and other online account information consistent with identity theft. Mijangos sometimes passed this information along to co-conspirators around the world.

How can you prevent being targeted?

Do not open attachments from people you do not know.

Turn off your electronic devices and web cameras when you are not using them.

Keep your anti-virus software and operating system up to date.

What to do if you believe you are being targeted?

Immediately cease all contact with the individual. Ask yourself, “Am I willing to do this forever?” The answer should be no. Additional contact just serves to keep you in the manipulative grasp of your abuser.

Report the matter to your local police or call your local FBI office or the FBI toll-free at 1-800-CALL-FBI

Do not pay the money which is being demanded.

Don’t delete anything: Evidence is absolutely necessary to measure the scope, length, and timeline of the exploitation. You may feel the urge to rid your computer of any memory of the situation out of embarrassment, but don’t. Keep it all. It’s no longer your shame to bear—it’s now your ammo to go after the creep.

Sextortionists often lurk on social media and look to target young victims. Warn your children to never send compromising images of themselves to anyone, no matter who they are—or who they say they are. Assure them that it is OK to talk to you about it if they received this type of contact.

Irony: Just as I was finishing this article, a senior government official with whom I work (in my day job) received a sextortion e-mail demanding a payment of several thousand dollars. It is likely that this e-mail was simultaneously sent to hundreds or thousands of people in the hope that someone would respond. However, in this case he sent the extortion demand to a federal government e-mail account and the amount he is demanding makes it a felony.  Not too smart.

If you enjoy reading these please subscribe. The link is on the upper right side of the page. All that will happen is that you will receive an e-mail when I post an article. Your information will never be distributed.

1 comment:

  1. I am continuously surprised by the number of co-workers that I encountered in my 42-years working within the technology industry; a majority only used the free virus protection products.

    I have settled on Bitdefender Total Security for that past 5 years, and today they announced the 2019 lineup, with a price of $40.00 for one year that covers 5 devices.

    Other offerings such as Avira and Kaspersky are also top contenders.

    Bitdefender allows settings to disallow access to the camera and LED "Camera On" visual annunciator.