Age-old crimes take on a new twist in the cyber-world of today. Not least of these is “sextortion,” where in a recent high-profile case, the FBI uncovered 200 victims in just one incident, many of whom were young or even underage.
As a term, sextortion has been around longer than most of us probably realize and way before the Web was around. An early use of the term was in a headline of a 1950 article, but no one can be in any doubt that sexual extortion itself has even older origins.
In the cyber-world of today, however, sextortion appears to have reached a whole new level. It is perpetrated through a form of social engineering, wherein enough information can be gathered about an individual to hold that victim to ransom.
Social networking makes compromising situations easily available to those searching. In the FBI case, the hacker used spear phishing techniques, an email spoofing fraud that targets a specific person, seeking unauthorized access to confidential data. This kind of spoof is accomplished by the hacker posing as a trusted source of the intended victim, such as a FaceBook Friend.
Once tricked into opening an attachment from the “trusted source,” a virus in the FBI case compromised the recipient’s computer, including its Webcam, microphone, and every keystroke. In examples of sextortion, the hacker, successfully reaching his target, is then able to spy on his victim through his or her own Webcam. In the case under discussion, the hacker was only discovered when he contacted one victim in an attempt to obtain an explicit video in exchange for not telling her parents. Luckily, the intended victim told her parents, who contacted their local FBI.
There are numerous viruses around that can take over Webcams. It is not new technology at all. Probably the best known virus of all is W32/R-bot-GR, which has hundreds of variants. Viruses such as this can actually turn on the Webcam remotely and the victim doesn’t even know she is being watched. Over the last 10 years cases have regularly popped up.
Perhaps one of the most worrying related cases was earlier this year in the Robbins v. Lower Merion School District case known as "WebcamGate." This is where spyware was installed on laptops issued by the school in what was a misguided attempt to oversee Web activities by students. Of course, this spyware could have been used by a hacker as well. Lower Merion District was accused of installing spyware on laptops used by its students, and recently settled with the school district by agreeing to pay $610,000 in compensation.
Around the same time was the case of a Wisconsin 12th grader sentenced to 15 years in prison after a high school sextortion scandal. The boy pretended to be a girl on FaceBook and used naked pictures fellow students sent him to blackmail the boys into having sex with him.
More recently, a mixture of sextortion and cyber-bullying led to tragic consequences. When a young student found that his roommate had allegedly plastered a live streamed video of him in a sexual encounter, he posted a message on Facebook and then deliberately plunged to his death off the George Washington Bridge.
So can we escape the clutches of the seemingly ever-present video recording of our every movement, be it Webcams, CCTV, or even that seemingly innocent little add-on gadget that may be the choice of someone close to you for Christmas this year? There are several of them around, they can easily move in any direction, come complete with a WiFi-enabled robotic Webcam, speaker, and microphone. They enable you -- or perhaps that friendly hacker and sextortionist just down the road -- to access your home from anywhere in the world.
Not wishing to put the damper on anyone who may have already picked this out for this Christmas, but perhaps a little additional PC security may be a good idea, to prevent the spear phishing in the first place. However, the obvious comes to mind in most of these cases: Do you know who your children are conversing with online? And, even more importantly, can they approach you if there is a problem?
SOURCE — Jart Armin, Editor of RBNexploit.com, a watch blog on the infamous RBN (Russian Business Network), and HostExploit.com
---Do you want to share you views?? Just leave a comment here. you can also drop an email on firstname.lastname@example.org