January 11, 2018

KrebsOnSecurity heard from a reader whose friend recently received a remarkably customized extortion letter via snail mail that threatened to tell the recipient’s wife about his supposed extramarital affairs unless he paid $3,600 in bitcoin. The friend said he had nothing to hide and suspects this is part of a random but well-crafted campaign to prey on men who may have a guilty conscience.

The letter addressed the recipient by his first name and hometown throughout, and claimed to have evidence of the supposed dalliances.

“You don’t know me personally and nobody hired me to look into you,” the letter begins. “Nor did I go out looking to burn you. It is just your bad luck that I stumbled across your misadventures while working on a job around Bellevue.”

The missive continues:

“I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. These two options are to either ignore this letter, or simply pay me $3,600. Let’s examine those two options in more detail.”

The letter goes on to say that option 1 (ignoring the threat) means the author will send copies of his alleged evidence to the man’s wife and to her friends and family if he does not receive payment within 12 days of the letter’s post marked date.

“So [name omitted], even if you decide to come clean with your wife, it won’t protect her from the humiliation she will feel when her friends and family find out your sordid details from me,” the extortionist wrote.

Option 2, of course, involves sending $3,600 in Bitcoin to an address specified in the letter. That bitcoin address does not appear to have received any payments. Attached to the two-sided extortion note is a primer on different ways to quickly and easily obtain bitcoin.

“If I don’t receive the bitcoin by that date, I will go ahead and release the evidence to everyone,” the letter concludes. “If you go that route, then the least you could do is tell your wife so she can come up with an excuse to prepare her friends and family before they find out. The clock is ticking, [name omitted].”

Of course, sending extortion letters via postal mail is mail fraud, a crime which carries severe penalties (fines of up to $1 million and up to 30 years in jail). However, as the extortionist rightly notes in his letter, the likelihood that authorities would ever be able to catch him is probably low.

The last time I heard of or saw this type of targeted extortion by mail was in the wake of the 2015 breach at online cheating site AshleyMadison.com. But those attempts made more sense to me since obviously many AshleyMadison users quite clearly did have an affair to hide.

In any case, I’d wager that this scheme — assuming that the extortionist is lying and has indeed sent these letters to targets without actual knowledge of extramarital affairs on the part of the recipients — has a decent chance of being received by someone who really does have a current or former fling that he is hiding from his spouse. Whether that person follows through and pays the extortion, though, is another matter.

I searched online for snippets of text from the extortion letter and found just one other mention of what appears to be the same letter: It was targeting people in Wellesley, Mass, according to a local news report from December 2017.

According to that report, the local police had a couple of residents drop off letters or call to report receiving them, “but to our knowledge no residents have fallen prey to the scam. The envelopes have no return address and are postmarked out of state, but from different states. The people who have notified us suspected it was a scam and just wanted to let us know.”

In the Massachusetts incidents, the extortionist was asking for $8,500 in bitcoin. Assuming it is the same person responsible for sending this letter, perhaps the extortionist wasn’t getting many people to bite and thus lowered his “fee.”

I opted not to publish a scan of the letter here because it was double-sided and redacting names, etc. gets dicey thanks to photo and image manipulation tools. Here’s a transcription of it instead (PDF).

98 thoughts on “Bitcoin Blackmail by Snail Mail Preys on Those with Guilty Conscience

  1. PattiM

    I got one for you (there have been troubling calculations out there which conflated energy and power – the following is correct WRT units)
    bitcoin hashrate = 15,000,000 THsh/sec
    = 3,750,000 Antminer S7’s (most of what’s out there)
    = 3,750,000 * [S7’s annual energy] (NOT Watts!!)
    = ~1.7E17 Joules/year
    Humans produce ~8.6E19 Joules/year of electricity (Wikipedia)

    Thus, bitcoin mining uses between 0.2% and 1% of human electricity (depending on actual average miner’s efficiency – data not readily available).

  2. Andy

    This bears some resemblance to the death spammer emails, a typical one of which would read (from my own collection, April 2017):

    > Subject: Someone paid me to kill you..get spared
    > […]
    > i have being paid $3,000.00 in advance to terminate you with
    > some reasons listed to me by my employer,its one i believe you
    > call a friend,i have followed you closely for one week and three
    > days now and have seen that you are innocent of the accusation,
    > […]
    > Now listen,i will arrange for us to see face to face but before that
    > how much can you afford because i have been paid $3000 to
    > kill you and i have seen that you are innocent .below you will
    > find information of someone which i have kidnapped so if you
    > think you want to report the account that’s person is as innocent
    > as you are .you are to send the money and get back to me.

    IIRC, this particular borderline-literate spam traced back to Vietnam, and wanted on-line deposits (not Bitcoin) to a Florida bank account, but it’s another example of spam threatening the recipient, as opposed to advertising to him or trying to pry money out of him via positive methods (e.g. miracle health cure, discount products, etc.).

    Where I think it falls down is the sheer implausibility of the spammer’s story. (I had some fun with him, first getting him to agree to a $50 deposit rather than $3000, then pretending that I’d deposited it, and expressing surprise that he couldn’t see it; he evidently did have access to the referenced bank account.)

    I think your average spam recipient knows that none of his daily acquaintances are planning to kill him… but I would unscientifically bet that a much larger percentage out there have some sort of hanky-panky in their past that they’re hoping is gone and forgotten. This Bitcoin version seems to have improved its premise and modernized its payment method, but otherwise it sounds like the same old rubbish.

  3. DJ

    I received a very similar PDF blackmail letter via email. It included a copy of all conversation between us from their fake profile on Ashley Madison and that continued via email.
    They were very good. They knew where I worked, knew my wife’s email and threatened to send the info to both.
    Also, a sealed physical copy of the threat was left in the parking lot where I work with my name on it.

    With some digging, I may have figured out who they are.
    One is Chinese, lives in the Austin Texas area.
    Another is a network security researcher in Maryland and is part of a hacker group.

    They use protonmail.com to keep their email from being tracked. (protonmail.com provides encrypted secure anonymous email.)
    And they access the internet anonymous using a TOR.
    (TOR software accesses the internet using 1000’s of relays and bridges to keep all activity anonymous.)

    I know the date they created the PDF, what PDF software they used, and approximately when they installed it.

    The real question is…. what next ? This is extortion. I have emails and physical evidence they left at my workplace.

  4. NotMeNever

    Or these:

    Camera ready,Notification: 30-01-2018 05:45:49
    Status: Waiting for Reply 95xuKaCy1A6f77wYnRmBkA0MrR1Fy74Eu4_Priority: Normal

    What’s up,

    If you were more watchful while caress yourself, I wouldn’t worry you. I don’t think that playing with yourself is extremely awful, but when all colleagues, relatives and friends get video record of it- it is obviously for you.

    I adjusted malisious soft on a porn web-site which was visited by you. When the object press on a play button, device begins recording the screen and all cameras on ur device begins working.

    Moreover, my program makes a remote desktop supplied with key logger function from ur device , so I was able to collect all contacts from ya e-mail, messengers and other social networks. I’m writing on this e-mail because It’s your corporate address, so you will check it.

    In my opinion 360 usd is pretty enough for this little misstep. I made a split screen video(records from screen (interesting category ) and camera ooooooh… its funny AF)

    So its your choice, if u want me to destroy ur disgrace use my bitcoin wаllеt аddrеss: 1LcYtPRXznubPJbyKk7kBXtujPUtirC6nv
    You have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will see.If ya want me to show u the proofs, reply on this message and I will send my creation to five contacts that I’ve got from ur device.

    P.S.. You can try to complain to police, but I don’t think that they can solve ur problem, the inquisition will last for one year- I’m from Belarus – so I dgf lmao

  5. Jonathan Rice Ph.d



    Subject: Kaspersky Labs

    Are you aware that Kaspersky Labs antivirus/anti-malware home base is in Moscow. NBC recently aired a special examining it and how Kaspersky labs may have been implicated in the 2016 computer attacks. The evidence is strong enough that the Pentagon has removed it from all of their machines and Congress has a bill pending that would make it a crime to install their software on any U.S. government computer.

    “Russian cyber company faces new scrutiny”
    Richard Engel talks with Eugene Kaspersky, whose Kaspersky Lab anti-virus software is widely used around the world, including the United States, and who has come under increasing scrutiny and suspicion for his ties to Russian intelligence.

    I hope you will stop recommending Kaspersky labs software until such time as they are cleared of any connection to Russian Intelligence.
    Failing my recommended action please post a notice in a conspicuous place adjacent to their software so your readers can make an informed choice.

    Thank your for your attention to this matter.

    Jonathan Rice PhD (Clinical Psychology)

  6. dj


    In addition to redacting the name & address, if images of the envelope are published, block out the digits and any barcode, whether it be black, orange, 1d, 2d, etc., on the front and back of the envelope. This data helps to pinpoint the addressee. At worst, it will identify the recipient’s address, at worst, it will show the neighbourhood. It is possible to get the exact name & address sometimes. Don’t make it easier for the bad guys.

Comments are closed.