A Chilling Case of Sex-tortion – A web of victims
The hacker knew every move the unsuspecting victim made. He controlled her computer webcam and microphone. He could see her in her bedroom, hear her conversations, knew every keystroke she made online. And he threatened to expose her secrets unless she bowed to his demands.
It may sound like the plot for a scary teen movie, but it actually happened, and there wasn’t just one victim—there were more than 200, and dozens of them were adolescent girls.
Don’t Let It Happen to You. Here are a few precautions that can keep you from being victimized by a social engineering attack:
- Don’t take for granted that your computer’s anti-virus software is a guarantee against intrusions.
- Turn off your computer when you aren’t using it. (The majority of computers involved in the sextortion case were laptops; many of the victims chatted on social networks so much that they never turned off their machines.)
- Cover your webcam when not in use.
- Don’t open attachments without independently verifying that they were sent from someone you know.
- It’s okay to be suspicious. If you receive a message with an attachment from your mother at 3 a.m, maybe the message is not really from your mother. “Most people are too trusting when it comes to their computers,” Agent Kirkpatrick said.
- If your computer has been compromised and you are receiving extortion threats, don’t be afraid to talk to your parents or to call law enforcement.
Unlike many computer intrusions, where a hacker uses malicious software to steal identities or financial information, this case was primarily about spying and extortion—or as our Los Angeles cyber squad more aptly termed it, “sextortion.”
The hacker, a 31-year-old California man who was arrested in June after a two-year investigation, used malicious code to infect and control the computers of his victims. Then he searched for explicit pictures from their computers, downloaded them, and used the images in an attempt to extort more pictures and videos from them.
“What’s so frightening about this case was how easily the victims’ computers were compromised,” said Special Agent Jeff Kirkpatrick, one of our Los Angeles cyber investigators who worked the case.
After the hacker infected one computer, he used a popular social networking site—and a technique called “spear phishing”—to spread the virus. “It was a social engineering attack,” said Special Agent Tanith Rogers, co-investigator on the case. “The victims were tricked. They had no idea what had happened until it was too late.”
Victims—particularly teenage girls—were understandably devastated when they learned their privacy had been so completely violated. Many were afraid to tell their parents about the situation.
“He was smart,” Agent Rogers said of the hacker. “He used their fear to try to control them.”For example, the hacker attached a pornographic picture of one victim in an e-mail and demanded sexually explicit video of her in return for not telling her parents about the pictures he had downloaded from her computer.
“If he hadn’t attempted to contact the victims,” Agent Rogers said, “he could have done this forever and gone undetected—the victims would never have known he was listening and watching. That,” she added, “is one of the most disturbing things about this case.”
In several instances, the hacker posed online as a young woman’s friend or sister and sent messages with attachments asking if the victim wanted to see a scary video. Because the messages appeared to be from a trusted source, the victims usually didn’t think twice about opening the attachment. When they did, the virus secretly installed itself, and the hacker had total control over their computers—including all files and folders, webcams, and microphones.
Using similar spear phishing methods—posing as a friend or a trusted source, the hacker spread the virus through the social network like wildfire. In all, there were 230 victims and more than 100 computers impacted.
“And this guy was no computer genius,” Agent Kirkpatrick said. “Anybody could do what he did just by watching an online video and following the directions.”
It doesn’t only happen in America, it happens in every country!
The Online Threat Continues to
It’s a recipe for trouble: naive teenagers, predatory adults, and a medium—the Internet—that easily connects them.
Download (50 MB) |
When a young person visits an online forum for a popular teen singer or actor, Wing said, “Parents can be reasonably certain that online predators will be there.” It is believed that more than half a million pedophiles are online every day.
Agents assigned to our Innocent Images National Initiative are working hard to catch these child predators and to alert teens and parents about the dark side of the Internet—particularly when it comes to social networking sites and, increasingly, online gaming forums.
Pedophiles go where children are. Before the Internet, that meant places such as amusement parks and zoos. Today, the virtual world makes it alarmingly simple for pedophiles—often pretending to be teens themselves—to make contact with young people.
Advice for Parents
“The younger generation wants to express themselves, and they don’t realize how vulnerable it makes them,” Wing said.
For a pedophile, that personal information is like gold and can be used to establish a connection and gain a child’s trust.
There are basically two types of pedophiles on the Internet—those who seek face-to-face meetings with children and those who are content to anonymously collect and trade child pornography images.
Those seeking face-to-face meetings create bogus identities online, sometimes posing as teenagers. Then they troll the Internet for easy victims—youngsters with low self-esteem, problems with their parents, or a shortage of money. The pedophile might find a 14-year-old girl, for example, who has posted seemingly harmless information on her space for anyone to see. The pedophile sends a message saying he goes to high school in a nearby town and likes the same music or TV shows she likes.
Then the pedophile cultivates a friendly online relationship that investigators call “grooming.” It could continue for days or weeks before the pedophile begins bringing up sexual topics, asking for explicit pictures or for a personal meeting. By that time an emotional connection has been made—and pedophiles can be master manipulators. Even if an actual meeting never takes place, it is important to note that youngsters can be victimized by such sexually explicit online contact.
Innocent Images Investigators
Special Agent Wesley Tagtmeyer, a veteran cyber investigator in our Chicago office who works undercover during online investigations, said that in his experience, about 70 percent of youngsters will accept “friend” requests regardless of whether they know the requester.
Tagtmeyer and other cyber investigators say a relatively new trend among pedophiles is to begin grooming youngsters through online gaming forums, some of which allow two-way voice and video communication. Parents who might be vigilant about monitoring their children’s Internet activity often have no idea that online video gaming platforms can pose a threat.
“Parents need to talk to their children about these issues,” he said. “It’s no longer enough to keep computers in an open area of the house so they can be monitored. The same thing needs to be done with online gaming platforms.”
More information can be found HERE