SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
26 Oct 2015

DDoS scammers collect $20,000 with Ashley Madison extortion

Since September, Salted Hash has followed the extortion attempts from a group of scammers overseas who are targeting the leaked Ashley Madison email list.

Most of the emails threaten exposure, but others threatened DDoS as well as offered help collecting government aid. Following the money, the group has earned more than $20,000 off the scam, and their emails are still going out. Here's a brief overview of the scams, and the other technical data for anyone wishing to research further.

On September 22, the first email from the group hit a catch-all address used by Salted Hash. However, it was one of the addresses used by this blog in 2014 to investigate extortion claims against Ashley Madison. The message, quoted below with no edits, was quick and to the point: "Unfortunately your data was leaked in the recent hacking of Ashley Madison and I know have your information. I have also used your user profile to find your Facebook page, using this I can now message all of your friends and family members."

"If you would like to prevent me from sharing this dirt info with all of your friends and family members (and perhaps even your employers too?) then you need to send 1 bitcoin to the following BTC address... You may be wondering why should you and what will prevent other people from doing the same, in short you now know to change your privacy settings in Facebook so no one can view your friends/family list. So go ahead and update that now (I have a copy if you dont pay) to stop any future emails like this." In July hackers infiltrated Ashley Madison’s website and downloaded private information.

The message warned that the payment was to be made within three days; else the discovered information would be shared with friends or family. The address (wallet) where payment was to be sent collected 37 BTC before it was emptied, which is just over $10,000 USD. One week later (October 4), the group sent a similar message, but altered the wording from a basic matter-of-fact tone, to one that threatened the recipient with life ruin. This message also included instructions on how to purchase Bitcoin (using LocalBitcoins.com), and increased the ransom form 1 BTC to 2 BTC.

"If you need to contact us feel free but you do not have to you only need to pay and we will disappear. But if you ignore us, and don't pay within the time frames specified we will make good on are word. If you think about reporting us to authorities, feel free to try. But it will not help. We are not amateurs. The best thing that can happen, they will go publicly about it. We will, again, get some free publicity. But for you, you will be ruined the damage will be done. It's a one-time payment. Pay and you will not hear from us ever again!"

The BTC wallet for this round of extortion collected 19 Bitcoins before it was emptied of all but 1 BTC, for an additional $5,000 USD. On October 6, two days later, the exact message was sent again; and on October 8 the message was repeated for a third time. On October 9, another message, one mirroring the friendlier tone of the original was sent to the Ashley Madison list, demanding 1 BTC. The wallet where funds were to be delivered collected a total of 19 BTC, for an additional $4,900 USD.

On October 11 and 12, the group changed tactics, promising to deliver a DDoS attack reaching 400-500 Gbps unless 10 BTC was paid. But unlike the previous attempts, the wallet for this run didn't collect a single Bitcoin. A day after the final DDoS was sent, on October 13, the group sent an email, requesting a phone call in order to discuss a government student aid program, oddly, the phone lines were only available between the hours of 8-9 pm EST.

On October 15, the group sent another Ashley Madison email, the request was for 1 BTC to avoid details being released, but if payment wasn't made within 48-hours, the total went up to 5 BTC. The timeline was seven days. The group used the same wallet referenced in the October 4 email; if payment wasn't made by then, all details would be "in the hands of the people you wanted to keep your cheating secret from." On October 15, the group sent another message, repeating the threats from the previous Ashley Madison emails, but the wallet referenced in the message had little traction, collecting a single Bitcoin a day after the message was sent.

Finally on October 19, the group sent the last message received by Salted Hash. This message demanded 2 BTC, and raised the price to 5 BTC if payment wasn't made within 48-hours. The wallet referenced by the email has collected a single payment since it was created. Since the Ashley Madison scammers started their run, a number of people have been discussing the scams online, including one blogger who publicly explained his connection to adult playground and reproduced one of the extortion emails.

The scam has also gotten the attention of law enforcement. The Guardia Civil in Spain is investigating dozens of complaints, and on Wednesday, the Spanish investigators from the country's Central Operations Unit said they are working with the FBI and Canadian police forces to locate the blackmailers. If you or your organization get one of the emails being delivered as part of this scam, ignore it. But more importantly, do not pay the ransom. Doing so only encourages these crooks to continue their schemes.

The email address sending these messages is: sharingservices [at] aol.com. It's a forged address, and the return-path leads to a dead mailbox. The group has claimed to be DD4BC. If this claim is true, their history is one of extortion and DDoS attacks against a number of targets in the public sector, including banks, publishers, and financial firms. They first surfaced in July 2014, but they have been operational since that time. The group was last active in August.

Tags:
information leaks hackers fraud DDoS
Source:
CSO Online
2185
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015