The Weekly Hack: Hackers claiming to have secret recordings scam half a million in ‘sextortion’ scheme

Photo (c) nicescene - Getty Images

The attackers don’t actually have the video that they claim to, but the message isn’t getting across to everyone

While you were watching adult videos on the internet, a hacker who collects Bitcoin was secretly recording a double-screened video, and he’s now preparing to send it to your family and coworkers.

No, not really. But hackers are using stolen passwords to convince strangers online that that’s the case. In emails to unsuspecting victims, the hackers claim that they placed malware on pornography sites to make secret recordings of both the visitor and the site.

The hackers begin the emails by referencing a password linked to one of the recipients’ other accounts in order to convince their victims that they have more information than they really do.

The emails come with a demand for several thousand dollars in Bitcoin, instructions of how to pay, and a threat that the video will be sent to all of the victims’ contacts if they do not pay by a given deadline.

Security researcher Brian Krebs assured consumers several weeks ago that the hackers did not actually capture the video that they claimed to, and that the stolen passwords they had obtained came from one of the numerous data breaches that have become a regular occurrence in the modern world. Don’t pay up, he said, and contact the FBI instead.

Apparently, not enough people got the message. A security firm recently told the site Motherboard that consumers have paid nearly $500,000 worth in Bitcoin to the sextortion scammers.

“What is worrying is that scammers were able to siphon off [$500,000], from old passwords dumps, with very little effort,” Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard.

Analyzing Bitcoin transactions, the researchers determined that victims all over the world were targeted and were persuaded into paying at least $1,000. The researchers added that many of the stolen passwords appear to come from either LinkedIn accounts or Anti-Public Combo, a cache of stolen data from numerous sources.

World’s economy loses $1 million every minute to hackers

You probably didn’t need confirmation that nearly everyone and everything is vulnerable to getting hacked, but here it is anyway. A new report conducted by a San Francisco cyber security firm found that cyber criminals steal a little over $1 million every minute from the world’s economy.  

“As the internet and its community continue to grow at a rapid pace, the threat landscape targeting it grows at scale as well,”  Elias Manouso, the chief executive of RiskIQ, said in a statement.

A total of 1,861 people have their data stolen every minute, costing the global economy $600 billion just last year.

Medical records leaked

Data breaches in the healthcare industry are becoming increasingly common and worrisome.

In one particularly sloppy breach, the medical records of nearly 300 high school students in Australia were published online late Monday and remained there until Tuesday. The records revealed students’ medical histories and the medication they took, among other sensitive information.

"It's distressing for students and their parents because it may result in embarrassment, in bullying," a school administrator told the Guardian newspaper. "These things should not happen."

Administrators are framing the leak as an accident caused by “human error.” Security researchers have already warned that healthcare workers are not adequately trained in data security.

Babysitting

Who’s watching your kids? If it’s a person you found on an app, there may be multiple people watching them, or at least their data. The CEO of the babysitting app Sitter announced that the personal data of 93,000 account holders was exposed, but only “temporarily.”

Sitter’s CEO Bob Diachenko said that the breach exposed phone numbers, addresses, partial credit card information, and account passwords. He advises users to change their passwords.

Cheddar-sitting

Anyone who ate a hearty meal at Cheddar’s Scratch Kitchen between November 2017 and January 2018 may have paid with more than just a rapid spike in sodium intake. Diners who ate in that timeframe should check their credit card statements.

The casual dining chain announced today that at least 567,000 customer credit card numbers were exposed by an unknown hacking group. That number may be higher, as Cheddar’s parent company is continuing “to assess the scope of the incident.” The company says that it contacted the FBI.