Posts Tagged: ashley madison extortion


24
Aug 15

AshleyMadison: $500K Bounty for Hackers

AshleyMadison.com, an online cheating service whose motto is “Life is Short, Have an Affair,” is offering a $500,000 reward for information leading to the arrest and prosecution of the individual or group of people responsible for leaking highly personal information on the company’s more than 30 million users.

A snippet of the message left behind by the Impact Team.

A snippet of the message left behind by the Impact Team.

The bounty offer came at a press conference today by the police in Toronto — where AshleyMadison is based. At the televised and Webcast news conference, Toronto Police Staff Superintendant Bryce Evans recounted the key events in “Project Unicorn,” the code name law enforcement officials have assigned to the investigation into the attack. In relaying news of the reward offer, Evans appealed to the public and “white hat” hackers for help in bringing the attackers to justice.

“The ripple effect of the impact team’s actions has and will continue to have a long term social and economic impacts, and they have already sparked spin-offs of crimes and further victimization,” Evans said. “As of this morning, we have two unconfirmed reports of suicides that are associated [with] the leak of AshleyMadison customer profiles.”

Evans did not elaborate on the suicides, saying only that his office is investigating those reports. The San Antonio Express-News reported Friday that a city worker whose information was found in the leaked AshleyMadison database took his life last Thursday, although the publication acknowledges that it’s unclear whether the worker’s death had anything to do with the leak.

Evans warned the public and concerned AshleyMadison users to be on guard against a raft of extortion scams that are already popping up and targeting the site’s customers. On Friday, KrebsOnSecurity featured an exclusive story about one such extortion scheme that threatened to alert the victim’s spouse unless the recipient paid the attacker a Bitcoin (worth slightly more than USD $250). The Toronto Police posted this image of a similar extortion attempt that they have seen making the rounds.

“Criminals have already engaged in online scams by claiming to provide access to the leaked web site,” he said. “The public needs to be aware that by clicking on these links, you are exposing your computer to adware and spyware and viruses. Also there are those offering to erase customer profiles from the list. Nobody is going to be able to erase that information.” Continue reading →


21
Aug 15

Extortionists Target Ashley Madison Users

People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.

An extortion email sent to an AshleyMadison user.

An extortion email sent to an AshleyMadison user.

According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.

Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):

Hello,

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..

The individual who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.

“If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said Mac. “I just not going to respond.” Continue reading →