CSP-CERT® Article:
Sextortion Scam

by Heremias Esquibal, CSP CERT® Research Science and PNP Anti-Cyber Crime Group (ACG)
posted September 2018

CSP CERT Cybersecurity Awareness

When we hear about sextortion we think it’s about having the victim manipulated by the criminal to fulfil what they want, like doing things against one’s will, giving them ransom money or fulfil their sexual desire in exchange of deleting private files that contains personal sexual materials and or stolen passwords (e.g. Social media, Bank Acc., Email). Here is a sample which we received from reported incidents:

I am aware < victim with details found from compromised databases > one of your passwords. You may not know me and you're most likely wondering why you are getting this mail? There is no one who has paid me to investigate about you.

Let me tell you, I actually placed a software on the 18+ videos (porn) site and do you know what, you visited this site to have fun (you know what I mean). When you were viewing video clips, your web browser started functioning as a Remote control Desktop with a keylogger which gave me accessibility to your screen and webcam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, and e-mail And then I made a video. 1st part displays the video you were viewing (you've got a fine taste rofl), and next part displays the recording of your webcam, & its you.

You do have two alternatives. We will take a look at each one of these choices in aspects:

First alternative is to ignore this e mail. As a consequence, I will send out your very own recorded material to all of your contacts and then think about the shame you feel. In addition if you happen to be in an important relationship, how it would affect?

Latter alternative should be to give me $1000. We are going to describe it as a donation. As a result, I most certainly will instantly erase your video footage. You will go on daily life like this never happened and you are never going to hear back again from me.

You will make the payment through Bitcoin (if you don't know this, search "how to buy bitcoin" in Google search engine).

BTC Address to send to: 15fz5i8eugbYLAcjANiNXhgRDdUtMd64Hw

If you may be wondering about going to the cop, very well, this e-mail can not be traced back to me. You now have one day in order to make the payment. I have a special pixel in this mail, and now I know that you have read this message. If I do not get the BitCoins, I definitely will send your video recording to all of your contacts including relatives, colleagues, and so forth. However, if I receive the payment, I'll erase the video immediately. If you really want proof, then I will certainly send your video to your 8 contacts. It is a nonnegotiable offer, so do not waste mine time and yours by responding to this email message to the cops.

Based on our collaboration with constituents who received the same email above, it seems that the attacker could be working off of an old compromised information of user names and passwords to make the email more believable. This seem to be a global operation as our Research Science group also saw some victims using the same medium overseas via the article on KrebsonSecurity.

If there’s a high percent that the situation is very much the same as what is discussed on this article, please check your personal or work email in this link: https://haveibeenpwned.com. If your email says it was pawned make the necessary changes to your password and make it as strong as possible.

There are countless cases involving sextortion, one of the modus operandi like in this article is to make the victim pay through crypto currency (e.g. BitCoin, Etherium etc.) and if the victim didn’t pay them they will sell the private files online. Our team checked the bitcoin wallet and it doesn't have anything on it yet. No transactions and 0 balance as seen on this link:

https://www.blockchain.com/btc/address/15fz5i8eugbYLAcjANiNXhgRDdUtMd64Hw

Compromised personal computers, laptops, smart phones, and storage devices are some of the sources these attackers leverage, you will see commands from newly created batch files and/or power shells in your computer or laptop searching your files and folders. Another avenue you need to be careful is having your gadgets fixed with untrusted shops and repair stations so please be careful and safe guard your gadgets.

Philippines on Sextortion cases

Our country is also experiencing this kind of blackmailing some were reported some were not, maybe it is because they are ashamed about what happened to them or there’s the fear of life threatening on what will the criminal can do if they report it to the authority.

The graph below from Philippine National Police – Anti Cybercrime Group (PNP-ACG) is their statics of reported cases involving sextortion:

Sextortion Stats from PNP

Even if the figure doesn’t include the number of un-reported cases it is still very alarming to see that it is getting higher per year and these cases involves technology as the medium of the crime.

Prevention and how to treat a person who became a victim

There’s a simple way or drill that you could do to prevent this type of blackmailing:

  • Keep your private files offline and on safe storage and keep it carefully (if you have one).
  • Secure your online account credentials.
  • Don’t fall on phishing mail and malicious link that could compromised your machine/device.
  • Don’t go on malicious sites that may contain malicious clickbait links.

If a person you know have been victimized by this kind of modus:

  • Encourage them to report it to the proper authority.
  • Talk to them frequently to let them know they have people at their back to support them out.
  • Make them feel comfortable and think positively in times like this.

The situation may cause anxiety and depression to the victim and may affect their daily routine in life.

Reference: (Credits to the owner of the articles)

Philippine National Police – Anti Cybercrime Group Yearly Accomplishment Report
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/