Sextortion Scam Uses Hacked Passwords

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Indonesia continues to block pornographic websites, but people living here continue to view them, putting themselves at risk of a sextortion scam.

In recent weeks, a few of my friends have received emails threatening to publicize images of them enjoying online pornography unless they pay hundreds of dollars to a hacker. It’s a scam of course, but at first glance it might seem genuine because the “hacker” does indeed have one of your passwords.

I haven’t received one of these sextortion emails. Why not? It’s not because my online viewing habits are scrupulously clean. And it’s not because my laptop’s webcam is covered by a piece of black tape. It’s because I don’t use LinkedIn – the popular networking site for professionals, recruiters, snoopers doing due diligence reports and marketing pests.

Back in 2012, LinkedIn was hacked because of what some tech experts claimed was poor security. About 117 million email and password combinations were stolen. In 2016, LinkedIn acknowledged the extent of the data breach and advised its users: “We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.”

The stolen passwords and usernames were sold on the dark web to hackers and scammers, who then identified people who used the same password for their email or other accounts.

This year, scammers started sending out the sextortion emails, complete with poor grammar and spelling, as well as some words that look like they came from Google Translate – such as ‘piquant’. Here’s one version of the emails:

 

“I’m a hacker who cracked your email and device a few months ago.

You entered a password on one of the sites you visited, and I intercepted it.

This is your password from on moment of hack: xxxxxxxx

Of course you can will change it, or already changed it.

But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.

I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.

Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.

But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I’ve never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!)

I made screenshot with using my program from your camera of yours device.

After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!

BUT I’m sure you don’t want it.

Therefore, I expect payment from you for my silence.

I think $897 is an acceptable price for it! Pay with Bitcoin.

My BTC wallet: 1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy

If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.

After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.

If this does not happen – all your contacts will get crazy shots from your dark secret life!

And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!

Police or friends won’t help you for sure …

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.

Farewell.

 

If you receive one of these emails, don’t stress and don’t respond. If the sender really had captured you viewing porn, they would have attached at least one image as proof.

Should you feel like doing some sleuthing, you can check the unique internet protocol (IP) number of the sender and locate the source of the email. If using Outlook as your email app, open the email, click on File and choose Properties. At the bottom of a dialog box will be ‘Internet headers’ containing the IP number. Copy and paste it into an IP location finder site. In the case of the ‘piquant’ sextortion email, it was coming from Peking University in China. Don’t expect a reply if you report the matter to the university.

If you enjoy viewing adult entertainment sites, consider covering your webcam, just in case a hacker really is recording you via a remote-access trojan. Even Facebook founder Mark Zuckerberg puts a little piece of tape over his laptop’s webcam.

 

Safe Search

Indonesia has been doing its best to protect the nation from online erotica since late 2008, when an anti-pornography law was passed. The government in August 2018 stepped up its campaign by ordering the country’s internet service providers to prevent access to porn by having Google locked to a Safe Search filter. This frustrated some people, but simple workarounds were quickly found and shared. Google is not the only search engine on the planet. Its main rival, Bing, does not have its Safe Search filter locked in Indonesia and even goes as far as suggesting child pornography tags via its Image search results.

The Ministry of Communication and Information Technology, which is at the forefront of the war on porn, in late October announced that in the four years from September 2014 to September 2018, it had blocked 912,659 “negative” sites, including  854,876 porn sites,

51,496 gambling sites, 4,941 fraud sites, 676 sites with intellectual property rights violations, and 453 terrorism sites.

Part of the blocking is done via a “crawling system” that was launched in January and cost the ministry about Rp200 billion (US$14 million). While “blocking” might sound impressive, people who are determined to see particular content will always find a way to access it.

Restricting access to porn sites won’t stop people from becoming victims of sextortion. There have been cases in Indonesia where male scammers seduced girls and women online and convinced them to share nude photos or videos of themselves. The men then threatened to release the incriminating files unless the victim paid them. In some cases, the extortionists demanded intimate Skype sessions and even met with victims and demanded sex.

Even if you engage in consensual sharing of your own photos and videos in Indonesia, you could still be at risk of facing criminal charges – under the Electronic Information and Transactions Law – especially if you have powerful political or business rivals keen to bring you down.

Facebook Comments

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  


Indonesia Expat is Indonesia's largest expatriate readership (formerly known as Jakarta Expat and Bali Expat)