Security Market Segment LS
Friday, 24 April 2020 11:38

Sextortion spams generating funds for cyber criminals: Sophos Featured

Sextortion spams generating funds for cyber criminals: Sophos Pixabay

Security outfit Sophos claims that funds extracted from victims of sextortion schemes have been deposited by cyber criminals in bitcoin wallets.

The company said in a detailed post by its researchers Tamás Kocsír and Sean Gallagher that the spam messages had been sent between 1 September last year and 31 January this year.

Recipients were told their PCs had been hacked, that the sender was in possession of videos of them visiting porn sites, and threatened to share the videos with their friends if they did not pay up.

Sums of as much as US$800 in bitcoin were demanded, the Sophos researchers said.

"The flow of that digital currency reveals that many of the operators behind these sextortion scams are connected to a much larger criminal digital economy," Kocsír and Gallagher claimed.

sophos sex2

"Though there were some smaller players involved in these spam campaigns, the movement of the bitcoin deposited in many of those wallets shows the campaigns were linked to other criminal enterprises — either funding other illicit activity or providing a way to convert the bitcoin to hard cash."

The date which the Sophos duo collected was analysed by blockchain analytics and cryptocurrency form CipherTrace which found that the wallet addresses used by the senders of the messages had made transactions with dark web marketplaces, stolen credit card sellers and others who are part of the cyber criminal economy.

Kocsír and Gallagher said there was nothing particularly unique about the messages themselves. Despite this, and the fact that the majority of recipients either did not see the messages or did not pay up, the wallets associated with the messages pulled in 50.98 bitcoin during the five months of the scam.

"That amounts to roughly US$473,000, based on the average daily price at the times the payments were made, and an average of US$3100 a day," the Sophos researchers noted.

They said there had been unusual spikes in the volume of such sextortion mnessages in the five-month period cited, with as much as a fifth of the spam monitored by the company falling into this category. " And the sextortion emails on just three days in October accounted for over 15 percent of all spam between September and January," they added.

A total of 328 wallets received payments during the period and 12 of these were connected to online cryptocurrency exchanges or other wallet services. A total of 476 output transactions from the remaining 316 were mostly sent to the following:

  • Binance, a global BTC exchange (70 transactions);
  • LocalBitcoins, another BTC exchange (48 transactions);
  • Coinpayments, a BTC payment gateway (30 transactions);
  • Other wallets within the sextortion scheme, consolidating funds (45 transactions); and
  • There were 54 transactions to addresses that could not be attributed – likely private non-hosted wallets.

Kocsír and Gallagher said it was difficult to trace the money that was generated by these scams in the real world.

"Tracking where physically in the world the money went from these sextortion scams is a difficult endeavour. Out of the 328 addresses provided, CipherTrace determined that 20 of the addresses had IP data associated with them, but those addresses were connected to VPNs or Tor exit nodes – so they were not useful in geo-locating their owners," they pointed out.

sophos graphic

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News