There are only two types of people when it comes to online security — you have either been hacked or you don’t know about it yet.
Today we have come to rely so much on other companies managing our digital worlds through ‘accounts’, that we don’t realise the dangers of such a structure. Companies having your identities, photos, information, etc. provide a honeypot for hackers who will go to any extent to get into such a service or platform. Larger the platform, bigger the probability of getting something juicy out of it. We do need to transition to a more self-sovereign way as it is fundamentally more natural to humans, and I have written about the tech which is enabling this here.
Below is a real-life incident I want to narrate as I know a lot of you have been in a very similar situation (or will be soon). So this may either give you some comfort or atleast some insight into such situations.
I was about to keep my phone away for the evening when it rang! It was an old buddy from my college days, and I could sense the tension in his “hello”. He got straight to the point: “I have been hacked, and now I am being blackmailed. What do I do?”
Of course, this was a serious matter. My friend has been a techie in his past, and I have always known him to be very careful in his handling of technology, passwords, etc. He told me that an email account of his had received an email from the same account. The sender of this mail introduced himself as someone from darknet who had hacked this mail account, introduced trojans in all devices that my friend had logged in from and had not only accessed all browsing history but also made videos while watching exotic videos. A demand of $805 was made to delete these, else all the matter would be sent to all his contacts. The money was to be transferred into a bitcoin wallet.
Now, this email was disturbing on several levels:
1. It was sent from and received by the same email id. It appeared in both the Inbox and the Sent Items of the mailbox. Looked like someone had indeed logged in.
2. The mail said it had access to an old password to this mail id — it even displayed that password that my friend immediately recognised. Another proof that whoever sent this mail was speaking the truth.
3. And of course… the blackmail. Once you submit to it, you are never free.
So how could this have happened? It was time to investigate!
First things, first! I calmed him down. I told him that the blackmailer could not have accessed history or cameras just by hacking an email account. To be able to do that, the blackmailer needed access to the hardware which is a very different kettle of fish. Secondly, the modus operandi of sending such an email to any mail account is pretty straightforward. All one needs to do is alter the header of the mail. What that means is sending it with a different “From” address. When the server receives such an email, it slots it into the Sent items as well as the Inbox. So that was that… one issue sorted.
Now for the mystery of the password. There have been several hacks in the past, like the LinkedIn hack. Login ids and passwords of the users were thus stolen and available in the darknet. This data typically finds its way to the darknet where people like our Mr Blackmailer come up with innovative uses for it. In the instance of this mail, the mail had been sent with password clearly flashing and in the hope that the victim uses the same password over several websites… very easy that one! To find out more, I decided to investigate the wallet itself. This wallet had been created just a day back and was tested for a small amount. What was interesting was that within a day of this mail, there had been 156 complaints against this wallet on Bitcoin Abuse Database of precisely the same nature and already, 4 people had made transfers in the $800 to $1100 range. So the plan seemed to be working to an extent.
Now, what do we do about it? First things first — in case you receive any such email, do not panic. It is not that you indeed have not been hacked, but the immediate need is to ascertain what has happened. Then, share this with experts who will guide you and help manage the crisis better. And finally, if required, approach the authorities like Cyber Cell where attempts at such crimes will be handled. Now for this particular Mr Blackmailer, it was not very difficult to ascertain that the very first test transaction in the wallet had originated from xapo.com. For the authorities with intent, this guy should be an easy catch unless he is sitting in North Korea!