Digital Sextortion

                                           Digital Sextortion

By Albert B. Kelly

We daily hear some horror story in the news about an individual or company that gets hacked or compromised in some way and is asked to pay a ransom to either regain access to their information or to keep some type of damaging or scandalous thing from being made public. These scams come in many forms.

One of the latest scams involves a message supposedly from some hacker who claims to have gotten into your computer and hijacked your webcam to make a video of you watching porn. The hacker also claims to know the porn sites you visited (via malware) along with having all your email contacts as well. They threaten to release the video of you watching porn to all your contacts, along with the site you supposedly visited unless you pay a ransom to them in Bitcoin. The other important thing they have is a seemingly legitimate password and/or phone number connected to your email address.

You generally don’t give these scams much thought until it happens to you. Recently, I received just such an email threat. In this instance, the “sextortionist”, going by the name of Devin Mavrinac, wanted me to pay $6,000 in Bitcoin as he claimed to have a video of me viewing porn from an infected website and he planned to release the video of me unless I ponied up the money. 

Needless to say, my alleged porn-viewing came as quite the surprise to me since I’ve never visited a porn site in my life. Beyond wondering whether I was also alleged to have had a good time in my alleged digital travels, the more troubling thing was the fact that the individual had a variation of a password from long ago and while it was not correct, it was close enough to get my attention.

I say this without judgement; but given the fact that porn sites attract more visitors each month than Amazon, Netflix, and Twitter combined, I can only imagine the fear and panic for any number of individuals who have visited these sites and then receive a threat similar to the one I received.

In considering the whole episode, after contacting police and the County Prosecutor’s Office, I gave considerable thought to security and what steps people might take to protect themselves in the digital world. According to an article by security expert Brian Krebs (Krebs on Security), of the victims he has heard from, it seems that the passwords involved were nearly a decade old and had previously been used on an account tied to the victim’s email address.

He speculated that scammers may have gotten usernames and passwords from any one of several data breaches at popular websites over the years and the ones now receiving these email threats are the same people who’ve had their information compromised via a breach. He goes on to say that he believes that the scam will get more refined using more current and relevant information to make the threat seem all the more legitimate.

So what can we do to protect ourselves in the face of such threats? According to the FBI, one basic rule is not to open attachments or click on links from people you do not know. They go on to say that even with people you do know, you should be circumspect as things can get hijacked.

Another step you can take to protect yourself according to the FBI is to turn off your webcam and cover it with something when it is not in use. And while we’re on the topic of security, don’t create a password that’s easy to connect back to you such as a birth date, street name, business name, family names, hobbies, favorite teams, or other things easily knowable about you. Though we’re concerned with remembering our passwords, we have to be creative. How many use the word “password” as their password?

Finally, never send compromising pictures or videos of yourself to anyone no matter who they are. We know how that can end. If you should receive such a threat, beyond filing a police report, the FBI has a toll-free number at 1-800-CALL-FBI to report the incident.

I recall when desktop computers and the internet were relatively new and there was much optimistic talk about the possibilities. They never told us about the darker side of the technology, but this is some of what that darker side looks like, so please be careful.