Beware: a new scam using key elements of phishing and shame hacking

Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above.

For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.

This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.

Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here

“Shame Hacking” Liberal Groups — Is It Really Russian Hackers Doing It?

But it’s the Russians!

The ubiquitous Russians are at it again, or, so we are being told. You know, the Russian hackers who are everywhere, doing everything nefarious in the world, and victimizing poor little helpless “us” here in the United States . . .

BREAKING!

 Wikileaks: CIA ‘Stole’ Russian Malware, Uses It to ‘Misdirect Attribution’ of Cyber Attacks

‘Vault 7’: CIA Catalogues Hack Techniques Used by Other States

Hey, if it makes you feel better, sure, blame it all on the Russians … but are we talking about Russian immigrants, Russian citizens, Russian descendants, or Russian government operatives? Those pesky details always seem to take the fun out of things. But here is something that is not up for debate: shame hacking is on the rise!

YAHOO DATA BREACH – SOME FACTS & QUESTIONS (I.E., WAS IT REALLY THE RUSSIANS?)

What is Shame Hacking?

Shame hacking is the use of hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways.

Shame Hacking the Progressives.

According to the recent Bloomberg article, Russian Hackers Said to Seek Hush Money From Liberal Groups, “Russian hackers are targeting U.S. progressive groups in a new wave of attacks, scouring the organizations’ emails for embarrassing details and attempting to extract hush money.” For example, “[i]n one case, a non-profit group and a prominent liberal donor discussed how to use grant money to cover some costs for anti-Trump protesters.” The hackers learned of this information and then threatened to expose this activity if the groups did not pay anywhere from $30,000 to $150,000 in Bitcoin.

Other Cases of Shame Hacking.

Shame hacking is nothing new and first became prominent when the North Koreans hacked Sony and revealed the Sony executives’ embarrassing emails. Over time, this trend has gained more popularity as yet another way for hackers to monetize the fruits of their ill-gotten gains, such as in the following cases:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

David Beckham’s Exposed Emails Exemplify Shame Hacking Threat

Hackers have obtained David Beckham’s embarrassing emails from his advisors in an extortion plot in which the advisors were told “pay up or we’ll release emails,” according to a recent news report. When the advisors refused to pay the £1million demand, the hackers released the emails.

This is yet another example of what I call shame hacking, a topic that I have explained in several other posts and news appearances. Shame hacking is the use of hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways.

This is just the beginning folks, hang on for the ride!

Here are the prior posts that I mentioned earlier:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Porn, Politics & Cybersecurity: Are We Seeing Shame Hacking with Texas Elector?

Is the Texas elector who refuses to vote for Trump the first example of shame hacking in politics?

In previous posts, I have written about shame hacking which is the use of hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with whatever demands were made of them. I explained this on the CW 33 Eye Opener Morning Show while discussing the recent Adult Friend Finder data breach.

One of the ways I envisioned shame hacking taking place in an earlier post was for someone to use membership information revealed from the Ashley Madison hack in the context of politics:

The hack of Brazzers porn site is similar to the Ashley Madison hack in that the real opportunity for monetization lies not in the intrinsic value of the data itself, but in the opportunity to use the data to embarrass and extort others into paying money to keep it secret.

The data dump from the hackers includes email addresses, user names and passwords spelled out in plain text, which can certainly lead to embarrassment for those who would not want their spouses, significant others, co-workers, employers, employees, parents, children, pastors, congregation, or constituents to know they are members of such a site. (Brazzers Porn Hack: More than Just Account Holders Exposed)

With the public announcement by the Texas elector that he will not vote for Donald Trump, quite a kerfuffle has ensued. In the wake of this, one website is accusing the elector of having been a member of the Ashley Madison dating website and looks to information purportedly obtained through the Ashley Madison data breach to support its allegations.

Regardless of whether the allegations are true or false or the information purportedly obtained from the Ashley Madison data breach is real or not (and, I do not know either), this illustrates the point that information obtained from data breaches such as Ashley Madison, Brazzers, or Adult Friend Finder — or allegations of the existence of such information even if false — can and will be used for many ways, including in politics.

This is just the beginning folks, hang on for the ride!

Here are the prior posts that I mentioned earlier:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.