From ancient kings who sucked the riches of their neighboring lands in exchange for non-violence to the mafia of the 1920’s who promised “protection” in exchange for weekly payments, the crime of extortion has been a favorite of criminals since the beginning of civilization. The Internet has elevated the effort to whole new levels.
The extortionist of old could have never grasped the concepts of Ransomware or a Dedicate Denial of Service where the victim must pay-up to make it stop.
Neither could they have comprehended a teen-boy sending hundreds or thousands of dollars away through gift cards to avoid his friends and family receiving a social media video of him masturbating.
“Sextortion” is the new thing. Well, it’s not really that new, but the current batch of extortionists are going at it with a full court press. Unrivaled vigor some say. Its purveyors trick young people into sending nude images or videos of themselves performing sex acts that were recorded while on video chat with someone they believed was a viable (real) sexual partner.
It’s heartbreaking to see these young people so intimately victimized as they shamefully admit to parents and loved ones their mistake and acknowledge the loss of hundreds of dollars sent away in a desperate effort to make it stop.
It’s equally as frustrating, infuriating, and demoralizing, to see technology, social media, and financial companies, continuously put the bad guys above the law.
We prioritize the privacy and security of our users they claim. Bullshit, the users you ARE protecting are horrible criminals! And at some point you stop being a service provider and start being a criminal accomplice.
Shut-em down
Mother and daughter co-workers have been indicted for stealing 1.2 MILLION dollars from the credit union where they worked. And it appears the single branch NU Community Credit Union is out-of-business. Google list the business as closed and the website forwards to a hunting and fishing supply store. MALICIOUS INSIDERS - if a business has one employee they have an insider threat concern. https://www.pennlive.com/news/2022/06/mom-daughter-charged-with-stealing-up-to-12m-from-pa-credit-union.html
The extortionists get extorted
Whether paid through tuition or school taxes - education is expensive and some consider the costs criminal. Maybe that’s why ransomware actors have focused on education institutions - they have the money to pay and are willing because shutting down schools creates a lot of hard feelings. A study by Comparitech found in 2021, ransomware attacks affected 954 schools and colleges, potentially impacting 950,129 students. The study estimates the attacks cost education institutions $3.56 billion in just downtime, not to mention the ransoms paid. https://www.comparitech.com/blog/information-security/school-ransomware-attacks/
Stealing worthlessness
Someone, or group of someones, stole “100 million” USD worth of cryptocurrency from the Harmony exchange. Harmony, based in California, said the heist compromised its Horizon "bridge" which is a tool for transferring crypto between different blockchains. Blockchain bridges are notoriously insecure as this incident follows a series of other attacks on other bridges. The Ronin Network, which supports crypto game Axie Infinity, lost more than $600 million in a security breach that took place in March. The crypto service Wormhole lost $320 million in a separate hack a month earlier. https://www.reuters.com/technology/us-crypto-firm-harmony-hit-by-100-million-heist-2022-06-24/
Criminals are social too
Intel471 released the first post in a two-part series examining the social behaviors of financially-motivated cybercriminals. It’s fascinated that the same things that make you successful in the legitimate business world - trust, reputation, leadership ability, and the ability to adapt to change - is the same thing that will make you successful in the underground world of Internet facilitated crime. Legitimacy is a fine line. https://intel471.com/blog/cybercriminals-common-traits-part-1
The Rest…
The US Department of Justice has dismantled the infrastructure of what it described as a “Russian botnet consisting of millions of hacked Internet of Things (IoT) devices”. https://www.zdnet.com/article/us-disrupts-russian-botnet-that-hacked-millions-of-devices/
Proofpoint released their 2022 Social Engineering Report. https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-hijack-attention-2022-social-engineering-report
Colorado man created 25 “sham” trusts in an effort to hide is money. Gets a federal conviction for defrauding the U.S. government instead. https://www.justice.gov/usao-sd/pr/colorado-man-found-guilty-conspiracy-defraud-united-states-and-attempts-interfere
Cool Job
Fraud Manager - Mythical Games https://legacy.mythicalgames.com/careers/job/5173405003
Cool Tool
Make a custom interactive map - https://www.zeemaps.com/
Irrelevant
Darius Foroux claims he knows the purpose of life.
https://dariusforoux.com/happiness-usefulness/
Thank you for opening the email and reading this weeks issue of Threats Without Borders. The Substack smartphone application provides a convenient way to find and read newsletters. Check it out.
“YOU HAVE ZERO CONTROL OVER OTHER PEOPLE. YOU HAVE ABSOLUTE CONTROL OVER YOURSELF.” - someone with better self-control than me.