If it’s worth doing, it’s worth doing on the Internet. And it’s not just Silicon Valley startups that feel this way – cybercriminals do, too. In fact, most types of cons and crimes have migrated to the Internet. Nigerian prince scams remain alive and well, finding more willing victims. Robbing banks is now done with a mouse. And in 2012, we saw that kidnapping (called “ransomware,” and in this case holding your computer hostage) finally became viable on the Internet.
At this point, which crimes haven’t gone digital? Well, fortunately technology barriers still remain when it comes to crimes of violence (though some might argue that a DDoS attack comes close), but you might be surprised to learn that blackmail is gaining traction on the Internet.
In February, the Singapore Police sent out a notification warning of a rather tawdry blackmail scam. In essence, female scam artists secretly recorded online sessions with male victims in which they talked the victims into doing something normally done quite privately. In essence, victims were recorded in a compromising position. The recordings were then used to blackmail the victims into paying hush money to keep the videos private. There is probably no point in warning members of the male sex to stop being so stupid, but the Singapore Police did its best and advised the public on preventative measures.
However, most of us are not going to fall for this type of blackmail scam. But this does not mean we are without risk. Given human nature and the fact that we keep so much of our personal lives on our electronic devices, there is more at risk today then you may think. We reported in the 2013 Internet Security Threat Report on the increase in targeted attacks – they’re up 42 percent – and that these attacks are being directed at just about everyone. In these instances, once an attacker has penetrated your computer, the next step is to vacuum up every piece of data they can find. Not just files and passwords, but mailboxes and pictures, too.
These attackers are looking for intellectual property, but given the way our work and personal lives are all mixed together these days, it’s inevitable that information about our personal lives will get exfiltrated by attackers targeting businesses. Even personal information “in the cloud” becomes accessible if login and password information to such accounts is stolen or phished.
We can argue that the attackers are not after us, personally – their goal is to steal our intellectual property. That’s true for the most part, but crimes of opportunity may present themselves to an attacker. And why resist at all? If you’re already a cybercriminal, why not snag that piece of personal information gleaned while searching for intellectual property and blackmail the owner?
It happened to William Gerrity. In February, he bravely came forward to talk about hackers who tried to blackmail him. His blackmailers had no compromising photos or sexual liaisons to use for blackmail. Instead, they tried to use private communications as blackmail material. Finding confidential memos and personal emails, an attacker looking for business information took a shot at personal blackmail. In the end, Gerrity decided not to pay. While he’d prefer that the personal information they captured not become public, having it public was preferable to being blackmailed. Unable to extort his victim, the attacker never released the material, instead going back to his day job of stealing intellectual property.
Gerrity’s story had a happy ending, but what if the attackers had found truly compromising material? Human nature being what it is, many people likely do have compromising material on their computers. In fact, over the past year, several public figures have resigned their positions after just such material was found. In these cases, the pictures or emails indicating infidelity were made public. What if they hadn’t been? The materials would still exist. What if, instead of being made public, these pictures or emails were found by an attacker? Blackmail material indeed.
There is a lesson for all of us here. We must think carefully about what we put on our computers and phones because there are people in this world who will try to get their hands on it. Without good computer security, we cannot keep our personal information safe, no matter how carefully we place it online. So, we must protect our personal information. Keeping our privacy is dependent on good security.