Mariano Gaik Aldrovandi
04/25/2020 - 13:12
- Clarín.com
- Police
It is armed to cause impact at first glance. In the subject they put the recipient's name and a password that probably only he knew. But it appears there, revealed in the inbox. This is how the Sextorsion mail scam that thousands of users are receiving during the mandatory quarantine of the coronavirus starts.
Immediately, the first threat comes: "I need your full attention for the next 24 hours, or I'll make sure you live embarrassed for the rest of your life," says the message, which usually arrives in English, Italian, or poorly translated Spanish. .
The extortionists then claim to have hacked the computer of the person who received the message.
"You don't know me. However, I know almost everything about you. Your current fb contact list, smartphone contacts, as well as all the virtual activity on your computer from the past 143 days. ”
And they make the victim believe that through malware (a malicious program) they managed to control the camera of their computer or cell phone and recorded it while masturbating while visiting pornographic pages.
One of the extortion emails that arrive with the threat of spreading an alleged intimate material.
In exchange for not broadcasting the alleged video, the extortionists ask the receiver for a deposit of $ 2,000 in bitcoins and provide the link to an account of that virtual currency. "If you don't know how to do it, find out how to buy bitcoins. Don't waste my valuable time ” , they intimate. After three days, the criminals send a second email, with more threats. And one more.
In times of mandatory quarantine worldwide for the coronavirus, the arrival of this email skyrocketed. In Argentina, all records mark an increase in complaints.
Only the Specialized Cybercrime Tax Unit (Ufeci) registered 300 reports for this scam attempt last week. "It's been a long time since we've seen a wave like this," Ufeci head Horacio Azzolin told Clarín . "The first was in 2018. Now we registered one two weeks ago and a very large one the following Wednesday," the prosecutor explained.
Of the hundreds of thousands of people who receive this email, most dismiss it without reporting. And most of those who denounce do not pay. “They know that they did not enter adult sites and that it is a hoax. But they are concerned to see that a password was leaked from their social networks, ”said the cybercrime prosecutor.
As this newspaper has pointed out, criminals use a database of leaked passwords in large hacks to email servers and social networks. In most cases, users were warned of the incident and forced to change the password. For this reason, the combinations that arrive in the subject of emails are usually old, they assure in the Argentine Association of Fight Against Cybercrime (AALCC).
Within the group of people who make the complaint, the percentage of those who paid the extortion is negligible. About those where the crime was consummated, is where investigators can work.
Initially, tracking the movements of criminals is a very complex task, since they usually operate abroad and use programs that change their IP address and locate them, within minutes, in different parts of the planet. They are everywhere but nowhere.
The bitcoin accounts that scammers use are anonymous and very difficult to trace.
“With the data of the bitcoin wallet you have an address. And if you have the knowledge, you can search the information of that wallet. There will appear money transactions that respond to the people who received the email, "said Azzolin. The problem is knowing who owns that bitcoin, since the accounts are anonymous.
And to mislead investigators, scammers use a modality similar to money laundering. "Liquify the silver," said the prosecutor. The dynamics is to distribute all those bitcoins in multiple anonymous accounts , as in ransomware , a form of "data hijacking" of a person for which a ransom is requested. The research methodology is the same and has the same problem: getting to a point and not being able to advance any further.
For this reason, the authorities work in international cooperation networks such as Interpol, CiberRed, IberRed or the 24/7 Network of the Budapest Cybercrime Convention.
“We trace the origin of the email and the address. If that same email is reported in another country that has already advanced in the investigation, we pass the data to that country. If the bitcoin wallet appears in a country that we were able to check that it advanced on that band, we give them the information we collect, "said Azzolin.
In many cases, thanks to the cooperation of different countries, the investigations end with detainees, as was the case of a gang that was dedicated to the Sextorsion - in this real case, through images that they took while having a sexual video chat. The band had a seat in Ivory Coast and was disrupted.
The bad news is that these kinds of messages will keep coming. “You can't stop them from sending us this type of email. What you need to know is that it is garbage, " said Azzolín. In this specific modality of attempted extortion, the scam artists are known to lie. They do not have any material to defame the victim.
"We are happy to know that most people are educated and dismiss those messages," said Azzolín. This is the equivalent of the guys on the street with the trick of the ball and glasses. They are going to offer you to play, but you have to keep walking, ”added the prosecutor.
This week, the lab of Sophos, a UK cyber security company, released an investigation showing how victims' money ends up in cybercriminal networks.
The study analyzed the massive spam sent between last September and February, with which the scammers raised about $ 500,000, equivalent to 50.9 bitcoins. That money was used, according to the investigation, to make transactions on the deep web, buy stolen credit card data and, as Azzolín indicated, liquefy it and then convert it into cash.
According to the Sophos report, scammers used botnet-controlled and infected computers - a network of virtual robots - to send emails. Argentina is among the ten countries where the messages came from, along with Vietnam, Brazil, Korea, India, Italy, Mexico, Poland, Colombia and Peru.
Where to report
-Specialized Cybercrime Tax Unit (UFECI). Telephone: (+54 11) 5071-0040. Email: denunciasufeci@mpf.gov.ar
-Public Public Ministry of the City. Telephone: 0800-33-FISCAL (347225) On line: www.mpfciudad.gob.ar App: DenunciasMPF.
-Cybersecurity Center of the City of Buenos Aires. Telephone: +54 (011) 4323-9362. Email: cybersecurity@ba-csirt.gob.ar
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/GLQIPWOC3VBT3BKZRNAZOQJEQU.jpg)
