An unknown person or group that apparently collects Bitcoin is exploiting consumers’ longstanding concerns about the outside monitoring of users’ internet activity.
In what security researcher Brian Krebs is describing as a “sextortion” scam, consumers have reported receiving emails claiming that malware was secretly installed on pornography sites they visited.
That malware allowed a hacker to secretly record both the online content they viewed as well as the visitor in a so-called “double-video,” the emails claim.
The emails demand a ransom that must be paid in Bitcoin -- otherwise, the scammers claim that every person on the victims’ contact list will be sent the video. Krebs says that this is an old scam and assures consumers that hackers do not really have the recordings that they claim to possess.
The amounts that the scammers demand vary from victim to victim. Blogger Julie Neidlinger posted a screenshot of one such email she received from an account named “Octavius Guss” demanding $2900 in Bitcoin.
“If I don’t get the Bitcoins, I will definitely send out your video to all of your contacts including relatives, coworkers, etc.,” the email says.
This particular scam has a new twist that’s not just the Bitcoin payment. “The email now references a real password previously tied to the recipient’s email address,” Krebs writes.
In her case, Neidlinger responded that the old password that the hacker uncovered is over a decade old and adds that “you’re some little two-bit momma’s boy in a basement who stumbled into Hacking for Dummies on Reddit.” She also contacted the FBI.
Gas station thieves elude police
For over an hour and a half, a line of ten vehicles pulled up to one gas pump in Detroit. One after another, the drivers loaded up without paying.
Gas station clerk Aziz Awadh noticed something was awry, but when he went to his own computer screen, he found that his remote access to the pumps had been hijacked. "I tried to stop it here from the screen, but the screen isn't working,” he told a local news station.
Police now believe that hackers broke into the gas station pumps and stole about $1,800 worth of gas. Police say it’s unclear if all 10 vehicles were involved in the hack. Perhaps people stumbled upon the security breach by chance and just couldn’t resist the opportunity to load up on free gas.
Military, airplane and medical secrets
The security firm Recorded Future published a report on Tuesday claiming it uncovered evidence that hackers are trying to sell “highly sensitive” documents belonging to the U.S. Air Force.
“Specifically, an English-speaking hacker claimed to have access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle,” the firm says.
The hacker’s asking price? A grand total of $200. The firm describes such a hack as incredibly unusual as well as a “disturbing preview” of better-orchestrated hacks that could occur in the future.
As it turns out, that future may not be so far off. In a separate report published yesterday by a different group, the firm McAffee describes its own discovery that hackers are selling information about airports and trying to sell it on the Dark Web. In that case, cyber criminals were caught selling passwords to access the online security systems of airports for only $10.
Not to be outdone, another group of hackers is apparently selling dead people’s medical histories on the Dark Web. That report comes courtesy of the security firm Cynerio, which says it has seen a rapid number of patient medical records breached online.
But this particular breach has an “interesting new wrinkle,” Cynerio writes. “Our research team found a post from a vendor on the dark web offering the medical records of the deceased."
Despite the concern, medical offices increasingly rely on electronic patient records. In fact, the government of Australia is encouraging its entire population to put their health records online. While doctors say this measure could give consumers more information about their health histories, online researchers worry that careless doctors or receptionists will leave patients vulnerable to both cyber criminals or insurance companies.
Australia, by the way, also requires all real estate transactions to be done through an online portal, which recently led one woman to lose $250,000 she earned on a house due to a cyber theft, she told local newspapers.
Timehop
The app that encourages you to share your “memories” of past social media posts you authored and pictures you took has temporarily deauthorized the accounts of all 21 million of its users to temporarily fix an apparent hack.
Still, Timehop claims no sensitive information or even social media posts were actually hacked and says that it is simply handling the situation proactively.
Macy’s
Another popular retailer, another hack. Macy’s is warning customers that anyone who shopped online via Macys.com or Bloomingdales.com may have had their passwords and credit card information stolen by hackers.
The retailer told Bloomberg it has taken new steps to prevent such hacks in the future, though it did not specify what those steps would be.
An unknown person or group that apparently collects Bitcoin is exploiting consumers’ longstanding concerns about the outside monitoring of users’ internet...