The Blog of Zakspade
|July 2019 Archive||Contact me|
|Archives December 2017 October 2017 August 2017June 2017 January 2017 November 2016 September 2016July 2016May 2016March 2016|
Monday 1 July, 2019
I accessed an old email address this morning. It has received a series of emails. All quote a password to an account and the threat to 'expose' me.
Said exposure was to let the world know that I look at and search for porn. Not only that but they had gained control of my computer and had used my webcam to film me during an indecent act.
At first I was puzzled. Yes, the password looked familiar, but I couldn't place it. Them after spending a bit of time searching, I found it.
Up until 2010 I worked for a large corporation in Internet security. My job was to identify Internet activity of employees that was in direct contravention of company policies. To that end I accessed many shady sites from behind a very serious firewalled proxy server. I also generated a multitude of accounts to allow me to log into various 'dubious' websites in my chasing down of the activities of those I had identified.
Said password is for one of those accounts!
So I had a dig around. There was no webcam on the PC I used at work, and I never used the account outside that office, so the claim that video footage (of any sort) had been collected from my PC was complete tosh!
As that password was only ever used for that old account to access a particular website – and has not been used since 2010 – it is clearly a scammer using data purchased from a data breach.
So, a basic data breach and a scammer issuing threats and attempting blackmail on the back of it. I suppose they are banking on the fact that if they issue a whole wedge of such emails with real passwords, someone will have engaged in one/some/all of the activities they claim. Then they will have found a victim who will be eager to pay them in Bitcoins as they demand.
I’m quite well organised with things of an IT-related nature and I am easily able to pin down exact dates (and even times) of password usage, or accounts generation/termination, and so it is easy for me to identify the scammer for what they are.
Unfortunately, while I am able to track back to when said password was last used, it is most certainly not the norm for most Internet/computer users. The extortion emails all carried the same threat/offer: Pay me in Bitcoins (with details of how to do it) or I go public with the info I gathered – a mixture of some very specific details married to vague allusions – the sort of thing a fortune-teller at a fair might come out with.
Most worryingly – for the unwary – they were well written, in good English, and with a highly cogent plausibility about them. However, the power of knowing everything they claimed was bunkum was so nice!