Cybersecurity

Extortion begins for Ashley Madison hack victims

by Cory Bennett

Security companies are already started to see digital extortionists try to take advantage of people exposed by the recent Ashley Madison leak.

{mosads}Email provider VF IT Services showed security journalist Brian Krebs an email the company said it had blocked. The firm has been working on a spam filter to stop nefarious users of its email service from sending out extortion attempts in the wake of the data dump of over 30 million people’s profiles from the affair-oriented dating site.

Here’s part of the email:

Hello,

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..

Krebs tracked down the individual who received the email.

“If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said the man, who went by Mac. “I just not going to respond.”

Like many users of the site, Mac tried to take steps to preserve his anonymity. He used a prepaid card to pay for his membership to the site. The card’s billing address is linked to his house.

Others tried to use dummy email accounts to further distance themselves. But Internet connection details logged when making payments have linked users to particular computer networks.

For instance, hundreds of government workers maintained subscriptions to the site through various emails but were all tracked down because they made payments using federal Internet connections.

Security experts had predicted these type of extortion attempts would follow the Ashley Madison data leak.

“You probably have thousands of men who are establishing webmoney and bitcoin accounts to prepare themselves to pay off the ransom,” Tom Kellermann, chief cybersecurity officer at security firm Trend Micro, told The Hill.

Some are concerned about the effect the extortion could have on government officials. Foreign adversaries are likely “digging through” the Ashley Madison data to see how they can leverage it, Kellermann said.

“This is going to have a very long tail,” he said.