Threatening to 'take a picture of you looking at pornography' and cyber attacks demanding ransom to the hostage are increasing rapidly

by Charles Deluvio

After July 2018, the number of users who received intimidation email saying "I hacked your PC and stealed the situation when watching pornography with a web camera" has increased rapidly. Security researchers say that the amount of damage caused by this fraud exceeds $ 500,000 (about 55 million yen).

Sextortion Scam Uses Recipient's Hacked Passwords - Krebs on Security
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn - Motherboard
https://motherboard.vice.com/en_us/article/xwk3wq/hackers-sextortion-half-million-blackmail-caught-watching-porn

Security researcher Brian Krebs named this hacking attack "Sextortion". A victim of Sextortion seems to receive an e-mail containing "a password used for his own mail" as proof that the PC was hacked, and at the same time, intimidated "You recorded the appearance of watching porn" If it is not wanted to publish movies, it seems to be required to pay ransom of about 1400 dollars (about 150,000 yen) with bit coins.

Krebs wrote in a letter of e-mail that "I have malware on the pornographic site so I know you are enjoying visiting pornographic sites.While you are enjoying pornography, Your web browser will act as a remote desktop and keylogger, and will provide access to the display and webcam, "explains briefly the steps that hacked the user's PC.

Furthermore, "I made a split movie, one side recorded the porn you were watching while the other recorded voyeur photos of you with a web camera, you did something annoying Well, what should you do? I think it's fair to pay $ 1,400 (about 150,000 yen) to hide this little secret. Payment via bit coin As I took pictures of watching pornography, it says to pay money unless it wants to be rosy on the Internet.

In this mail, the bit coin address of the transfer destination is carefully recorded. When cyber security company Banbreach monitored about 770 bit coin addresses used in Sextortion, there were no illegal transactions in about 540 pieces, but in the remaining 230 pieces more than 1000 transactions were confirmed It is clear that about 70.8 BTC (about 50 million yen) in total was being paid. Banbreach's Suman Kar CEO said that "Most of these transactions are ransom charges that Sextortion victims wrote to hackers," Hackers gained over $ 500,000 in profit from a dump of old passwords, with little effort "I say. In addition, at the time of article creation, hackers are doing Sextortion targeting Indian users.

by Charles Deluvio

The victim of Sextortion is not actually hacked webcams, but because I present my own password I misunderstand that my PC was hacked. We have not gotten accurate information on where this hacker got this password, but Banbreach speculates that LinkedIn's information leaks and anti-public combo lists are sources of information.