This weekend I received the usual batch of spam and scams. One caught my eye though. Either the Trump administration have stripped the CIA of funds so severly that they are now entering the blackmail market or the scammers have finally come up with something new for me to see.
Here is the email I received:
Distribution and storage of pornographic electronic materials involving underage children.
My name is Natividad Wester and I am a technical collection officer working for Central Intelligence Agency.
It has come to my attention that your personal details including your email address (firstname.lastname@example.org) are listed in case #14753689.
The following details are listed in the document's attachment:
Your personal details,
List of relatives and their contact information.
Case #14753689 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.
The data which could be used to acquire your personal information:
Your ISP web browsing history,
DNS queries history and connection logs,
Deep web .onion browsing and/or connection sharing,
Online chat-room logs,
Social media activity log.
The first arrests are scheduled for April 8, 2019.
Why am I contacting you ?
I read the documentation and I know you are a wealthy person who may be concerned about reputation.
I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition.
Transfer exactly $10,000 USD (ten thousand dollars - about 2.5 BTC) through Bitcoin network to this special bitcoin address:
You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files).
Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you.
Please do not contact me. I will contact you and confirm only when I see the valid transfer.
Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency
Wow, the CIA are warning me that I will be arrested on April 8th unless I pay their fee of $10,000USD? Seems a little odd somewhat. OK, so this is a blatant blackmail email, but would anyone actually fall for it? Lets check that wallet for a moment.
The wallet seems to be idle and there are certainly no funds in it. It looks like no-one, thankfully, has fallen for this yet.
Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.
Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims. GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.
In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.
WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.
The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.
With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets
In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.
A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.
On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.
A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.