"Honor Hacker" blackmail for 793$ in Bitcoin [SOLVED]

For discussions about security.
Message
Author
musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

"Honor Hacker" blackmail for 793$ in Bitcoin [SOLVED]

#1 Post by musher0 »

Hi guys.

Underneath is the e-mail that I received, verbatim.

I should mention that none of my computers have built-in cameras.
Tough luck for seeing me getting debauched on camera! (If I ever did!)

For the rest of what this guy is saying, I think it can apply, to a point, to
WhineDose-based machines, but not on PuppyLinux. I got the feeling that
the guy was fishing for money and that he thinks I'm a doormat.

If the guy is reading this, good luck getting that money: I'm a retiree
living on Canadian Old Age Pension, I live from month to month on what
the gov't sends me.

Has anyone else been the victim of this type of scam?

I'll be sending a copy to my ISP and to "blablab.com", but beyond that
and the usual precautions, any technical advice?

Anyway, here goes, verbatim, as I said. Any comment welcome.
TIA.
------------------------------------------------------------------------
Subject: Security Alert. xyzxyzzy@blablab.com was compromised. Password
must be changed.
Date: Saturday, 01 December 2018 09:03
From: xyzxyzzy@blablab.com
To: xyzxyzzy@blablab.com

------------------------------------------------------------------------
Hello!

I have very bad news for you.
09/08/2018 - on this day I hacked your OS and got full access to your
account xyzxyzzy@blablab.com

So, you can change the password, yes... But my malware intercepts it
every time.

How I made it:
In the software of the router, through which you went online, was a
vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address
book, history of viewing sites, all files, phone numbers and addresses
of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount
of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by
what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away
from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you
understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your
device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your
friends, relatives or colleagues.
I think $793 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 182PJESsEWbuJ8PEgfM58p64jbok3i1gNU

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be
self-destruct automatically.
If I do not receive from you the specified amount, then your device will
be locked, and all your contacts will receive a screenshots with your
"enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and
screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email
from your account)
- Various security services will not help you; formatting a disk or
destroying a device will not help, since your data is already on a
remote server.

P.S. You are not my single victim. so, I guarantee you that I will not
disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This
way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck.
Last edited by musher0 on Mon 03 Dec 2018, 23:12, edited 1 time in total.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Keef
Posts: 987
Joined: Thu 20 Dec 2007, 22:12
Location: Staffordshire

#2 Post by Keef »

I've had several of these going to my work email address. Some do show an old password, which must be a few years old and no longer in use. The passwords come from some compromised site and have been sold all over the place. The text of these is very similar and have the same theme as yours. I just block the sender and delete. Bound to get another one before long though.The last one wanted a $1000, so I must have been up to a bit more debauchery than you :wink:

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#3 Post by musher0 »

Thanks, Keef.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

ITSMERSH

#4 Post by ITSMERSH »

After that, I made a full dump of your disk (I have all your address
book, history of viewing sites, all files, phone numbers and addresses
of all your contacts).
How big is your disk?

I heavily doubt such thing is possible!

If anyone would try to dump my disk, there would be an automated end after 5.5 GB of data transferred. And there would be nothing personal inside. :lol:

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#5 Post by rufwoof »

Pure fishing scam. I'd guess out of continental Africa by the wording. Ignore it.

Now if they attached a image or evidence that would be a concern.

Same sort of thing as how my elderly mother gets regular phone calls advising that her internet service is about to be cut off ... she can't even use a mobile phone and has no computer/internet.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#6 Post by musher0 »

Thanks guys.

Just found this:
IT Professional | August 22, 2018 |
reply
I received something similar to this. It tried to claim legitimacy by showing
a one of my passwords (supposedly gathered by a keystroke logger and a
hijacked webcam). I did some research and found that the password was
an old LinkedIn password of mine from 4+ years ago, probably acquired
through a LinkedIn data breach and sold to the extorter.

I ignored the threat email, since there was no way its claims were true. It
was purely an attempt to scare me into complying with its demands.

Lesson: Change your passwords regularly, especially after reported data
breaches. Also, keep your device's protection software current. Do not
immediately click on links or attachments in emails you receive. Take time
to inspect them for authenticity. Do not panic if you receive an extortion
email. Alert the appropriate authorities.
Source
BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#7 Post by musher0 »

ITSMERSH wrote:
After that, I made a full dump of your disk (I have all your address
book, history of viewing sites, all files, phone numbers and addresses
of all your contacts).
How big is your disk?

I heavily doubt such thing is possible!

If anyone would try to dump my disk, there would be an automated end after 5.5 GB of data transferred. And there would be nothing personal inside. :lol:
About 1/3 of a Terabyte over 10 partitions!
Good point, RSH.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

foxpup
Posts: 1132
Joined: Fri 29 Jul 2016, 21:08

#8 Post by foxpup »

So sad you will not be on the forum for some time in a few days :cry:

It would be funny if your machine had no hdd. (A lot of Puppies run on such machines.)

793$ is a strange amount. It must be an accountant.

I don't think it is a real threat, just a scam.
And I think you are right about being on Puppy. It is easy enough to remove an infection if there is one.

It made me think though.
How do you restore router's software?
How can he send an email from your account?
Could this bitcoin wallet number help to nail this guy?

User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#9 Post by Burn_IT »

Have you actually worked out how long it would take to dump a disk over the internet??
And why on earth did you mention Windows???

What he DID mention and you SHOULD think about, is that he hacked your router (whether he actually did or not).
You should change the password on that ASAP.
"Just think of it as leaving early to avoid the rush" - T Pratchett

User avatar
Keef
Posts: 987
Joined: Thu 20 Dec 2007, 22:12
Location: Staffordshire

#10 Post by Keef »

The first one I received appeared to be from myself, but this is not hard to do apparently. Others had yahoo addresses I think, in eastern Europe. The last one originated in Germany when I looked at the headers.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#11 Post by musher0 »

Burn_IT wrote:Have you actually worked out how long it would take to dump a disk over the internet??
And why on earth did you mention Windows???

What he DID mention and you SHOULD think about, is that he hacked your router (whether he actually did or not).
You should change the password on that ASAP.
Hi Burn_IT.

In reverse order --

I have no router. The modem is a cable modem provided by my ISP, so
I have no control over it. I notified them, BTW.

Why shouldn't I have mentioned WhineDose?

I have no idea how long dumping approx. 333Gb would take at the
relatively slow upload speed my ISP allows me. If you have a math
formula to suggest, I'll try to figure it out.

Also, that "dump" would have had to show on my monthly ISP bill.
It didn't.


BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
6502coder
Posts: 677
Joined: Mon 23 Mar 2009, 18:07
Location: Western United States

#12 Post by 6502coder »

This seems similar (or even the same):
https://www.infopackets.com/news/10437/ ... tcoin-scam
The hackers say I have been visiting websites of people in the buff. They are demanding I pay them bitcoin (worth $831) to keep this quiet, otherwise they will send images from the purported site I've visited and also a picture of me on my webcam.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#13 Post by musher0 »

Thanks, 6502coder.

Yep, that's pretty much a carbon copy.

~~~~~~~~~~
On the subject of reinforcing your passwords, here's an interesting article:
Ten ways to generate a random password from the command line

This one works nicely for short passwords:

Code: Select all

< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8
I'd add a punctuation mark somewhere to spice it up.

~~~~~~~~~~
Thanks all. I'll mark this thread as solved, but you can of course continue
posting in it if you find other good advice and detection tricks.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#14 Post by musher0 »

Hello again all.

Out of curiosity, to answer Burn_IT's question, I went to this download time
calculator site:
http://www.meridianoutpost.com/resource ... d-time.php
and entered my data.

It would take 794 h 55 m 18 s to upload 333Gb at 1024bps. In other words,
my line would have been busy non-stop for 33 days, give or take.

Highly unlikely! I would have noticed! :lol:

BFN
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#15 Post by mikeb »

Just to had had this scam for a while too.
His quoted password is always wrong and I am curious at his demands for such precise amounts...I would go for a straight 1000.

Plus yes...no webcam etc etc

And yes easy to make an email look like it was sent though your server.

mike

User avatar
rockedge
Posts: 1864
Joined: Wed 11 Apr 2012, 13:32
Location: Connecticut, United States
Contact:

#16 Post by rockedge »

no worries ...totally fake and is fishing....one of my honey traps received like 30 of these all showing either the same email sent as received or a series of gmail addresses. the password shown on all of them is the same and was a user name and never used as a password.

all my cameras are placed in a forest and not a single machine has a built in camera.

And notice the wording.......what router --- what server was modified and what does the email address shown in the email have do do with my router? My email provider and server is someplace in Googleland.

if one knows how all this works you can see what is written is difficult at best to achieve

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#17 Post by musher0 »

Thanks, rockedge.

@all:
Yesterday evening I received another e-mail from myself, that I didn't
write. Couldn't have, the charset is ibm852!!! Of course I didn't
understand a word.

I opened it and looked at the message source. Tried traceroute on the
origin: apparently I was in Eastern Europe when I wrote to myself! So I
was here and perhaps in Bratislava at the same time. This is beginning to
be funny!

Anyway, installed Lynis (https://cisofy.com/downloads/lynis)
and chkrootkit (http://www.chkrootkit.org), and ran them.
They are not anti-virus tools in the traditional sense, but using them can
be quite reassuring.

Also followed the instructions from this ubuntu thread:
https://askubuntu.com/questions/587872/ ... klm-trojan

Everything looks ok on this xenialPup-706.

I hope the above info can be helpful to someone.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#18 Post by greengeek »

ITSMERSH wrote:How big is your disk?
i think this is a bit rude to ask another man. Just leave it to the imagination. Don't be a pervert
:twisted:

User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#19 Post by Burn_IT »

And has it really been bitten several million times??
"Just think of it as leaving early to avoid the rush" - T Pratchett

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#20 Post by Flash »

I use pass phrases. They're easier to remember, or at least type without making a mistake, and nearly as hard to guess as a collection of randomly generated characters. The only problem is, some websites won't accept spaces as characters.

Post Reply