Ransom-Mail: All Your E-Mails Are Belong to Us
Internet security company Websense has an interesting writeup about a unique form of cyber extortion that we can probably expect to see more of in the future, wherein attackers hold their victims' Web mail messages and contact lists for ransom.
Unlike previous extortion scams that scramble victims' data files and require payment for a key to unscramble them, this scheme involves the compromise of free Web-based e-mail accounts, Websense found.
"When end-users logged into their ... accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back."
According to Websense, the threatening message left in the user's inbox reads (roughly translated from Spanish): "If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"
This is not a terribly difficult attack to execute. If you are a bad guy in control of a network of hacked Windows machines infected with keystroke logging software that rips out user names and passwords stored in Internet Explorer, it would be trivial to conduct this attack on a large scale. Also, if you've ever seen one of these text files that store keylogger data from thousands of victims (I have seen several) you will quickly notice that far too many victims use the same password at multiple sites, meaning that even if the crooks don't already have a victim's Web mail login, there is a good chance they can guess it from the victim's other passwords.
The main problem I see with this attack is that it is far riskier than most cyber crimes, as the bad guys have to arrange to receive the money at some point. The crooks best positioned to execute this kind of fraud are likely to make more money selling bank account information or paying someone else to siphon funds using that stolen information.
Posted by: Qian Wang | December 14, 2006 10:24 PM | Report abuse
Posted by: Jon | December 16, 2006 12:50 PM | Report abuse
Posted by: Bk | December 16, 2006 7:04 PM | Report abuse
Posted by: John | December 19, 2006 11:25 AM | Report abuse
Posted by: antibozo | December 19, 2006 12:02 PM | Report abuse
Posted by: M Henri Day | December 19, 2006 2:26 PM | Report abuse
Posted by: BaPu | December 19, 2006 9:05 PM | Report abuse
Posted by: antibozo | December 20, 2006 12:02 AM | Report abuse
Posted by: DOUGman | December 20, 2006 10:12 PM | Report abuse
Posted by: cc | December 21, 2006 3:37 PM | Report abuse
Posted by: Paul Misner | December 27, 2006 5:12 PM | Report abuse
The comments to this entry are closed.