Extortion by E-Mail: A Sordid Tale

One anonymous CSO's account of the dark side of security that goes beyond hackers and thieves.

. What's this?

By

February 01, 2003CSO — I have a paranoid security team. Which is good.

I also have paranoid users who don't trust security people. Which is not so good.

I discovered this when a coworker came into my office, red in the face, eyes puffy and obviously greatly upset.

"What on earth is the problem?" I asked in my best official-yet-caring management voice.

Between sobs, she explained that, a week earlier, she had gotten an e-mail about the upcoming Summer Olympics in Greece. Since her nephew was hoping to be on the U.S. track team, my coworker was hoping to learn something that might help him. It took a while for a webpage to open up, but when it did, she read all about Greece and the Olympics.

Two days later, she got an e-mail from an unknown address asking for $50 or they would tell her management that she had been surfing pornography sites. They even said they could prove she had downloaded child pornography!

"They even told me which directory it was in on my computer," she cried. "And sure enough, when I looked there, I found the most disgusting pictures."

This was one of the most conservative people I know, and of course she would never do such a thing. She had even asked me once if it was OK to write a personal letter on her desktop and print it off on one of our laser printers.

The Olympic site was immediately suspect to her because it had taken so long to load the pages. "My computer is never that slow," she said.

"Did you pay them?" I asked.

"No," she said. "But they sent another e-mail this morning reminding me I had only two days left to pay them. So I figured I'd better talk to you about it."

Unfortunately security sometimes involves dealing with scumbags who prey on others. I knew immediately that this was an extortion attempt and calmed her fears. And, as I said, we have a pretty good security crew. Wonderfully paranoid. So I set them on a path to track down the offending organization and get to the bottom of what was going on.

First reports came rolling in almost instantly. My coworker had kept all her e-mails from the extortionist and had not turned off her system since the files were transferred to it, so the IS people had a pretty good look at logs and files to find out what they could reconstruct and get some ideas. They could see that she had, indeed, gotten the e-mail and then clicked on the URL, just as she said. Logs on her system showed an FTP file transfer from an IP address in Bulgaria. In all, there were three files that were named the same as the three we found on her system. They also found some text and GIF files about Greece. The system keeps 20 days' worth of file caches on what users have viewed on the Web, and if you know where to go on the system, you can see all of it.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER