Sextortion and Ransomware

Author: Alejandro Godofredo Carlstein Ramos Mejia

In marketing, there are two emotions that can increase sales: fear and pleasure. Therefore, it is not surprising that scammers used these marketing concepts, for their nefarious purposes. We can call it social or psychological hacking. It allows these fraudsters to gain money from their preys plus entree to places where they are not supposed to have access. Therefore, no one is safe including corporations and governments. This kind of attack starts with a new way of blackmail, sextortion.

Sextortion is quite profitable for swindles. The FBI’s Internet Compliance Center (IC3) estimates a total of 83 million dollars in losses (Fazzini). It is incredible how many people are victimized by this kind of attack. The victim receives a shocking email. In this email, the crook claims to have filmed the victim masturbating (or watching something indecent) by gaining access to the computer. To make the threat even more believable, information such as the name, email and password are included into the message.

The email continues that if the victim does not pay a certain ransom, via bitcoins, inside the period of 24 to 72 hours, then the “film” will be exposed to all the victim’s relatives and co-workers. To make the threat even more convincing, the attacker explains that by opening a text editor and typing ‘48hr more’ (or something similar), the victim will be granted such time to obtain the sum to pay the ransom. Finally, the email threats the victim that he or she should not reach any government authority because it would be a waste of time and will regret it dearly.

The victim should know that the current email system is quite old and insecure. Attackers can easily change the content of the ‘from’ field. Actually, they can change the content of any field in the email. This is called Email spoofing. So, if they try to impress you by displaying your own email in the ‘from’ field, while insisting your email got hack (and they have full control of it), don’t be. This trick is an old technique used by spammers and scammers to prevent being track back.

There are different ways to obtain your email and password. One way is via the Deep Web, Darknet or Dark Web of which many things can be purchased such as fake driver licenses, passwords, drugs and more (DarkOwl). In this case, your leaked information can be purchased. As some of you may know, well-known companies such as Facebook as being previously victims of information leakage (Winder).

Another way these ruffians obtain your email and password is by publishing extensions, plugins, and applications in online markets such as Google Market, Firefox, and such (Doffman). This is dangerous in mobile devices and browser because it only takes the user to grant access to the storage or peripherals (such as the camera) while in regular computers the software may gain automatic access at installation.

Thanks to social media, job seeking sites and such websites, your information is exposed. If your email belongs to a domain that you own, your registration information is publicly available, unless you pay an extra fee to keep it private. They can also try to trick you by sending an email that seems to belong to a service provider you are using such as your hosting provider. Never, ever, click on a link provided to you by such emails. It’s better for you to go directly to the site of your service provider than using any link in the email. The same goes to phone numbers.

If these attackers notices that they keep failing in their intent to intimidate you, they will keep sending more emails with different claims into them. They are trying to figure out what “makes you tick”. They will claim to have installed a keylogger into your computer. They will state to have installed software that allows them to take screenshots of what you were watching. They will say that they have access all your online services. They will accuse you of all short of crimes. They will even tell you how you are their slave and they are your masters. They will use any physiological warfare at their disposition to bend your will.

This form of blackmail goes beyond the ransom for money. It imposes a security threat to governments and corporations. Just think about it. It only takes one victim to grant access, to these thugs, into a system. If a person, who is being blackmail, is willing to pay the ransom, then he or she may be willing to provide confidential information to these attackers. The best prevention is to inform your employees of such attack and create an HR program for victimized employees. Victims should be able to approach HR without fear of repercussion of any kind. Remember that your employees are your last line of defense. They can make it easier or harder to any attacker to infiltrate your system; which takes us to the next threat: Ransomware.

Ransomware is a corporate and governmental nightmare. When the attacker gains access to your system, a software will penetrate your systems by propagating and encrypting all content. Then, a message will show up indicating that only when the ransom is paid that the content would be unencrypted. The cost of paying the ransom normally is lower than the cost of hiring someone (or a company) to decrypt such content is higher; plus, there is no guarantee that it can be successfully done. Therefore, it is not surprise that entities that fall victim of such attack will pay the ransom in hopes to continue operating.

Another method of installing software such as the ransomware is via gratification. This trick involve leaving a USB flash drive in a location, such as the parking lot, or by providing such flash drive “for free” to victims. People love receiving or finding things for free.

The first line of defense is skepticism and some basic security measurements. You should not believe everything that an email says. You should not click on any link that an email provides. It is better if you go directly to the service provider instead. You should ensure that all your online accounts hold different strong passwords and change them frequently. You should make sure of the veracity of any plugin, extension, or application you are planning to install. Ask yourself if you really need it. Make separate copy of your content. If you find any devices or you are given a device such as a USB flash drive, do not plug it. It is not worth the risk.

If you are a corporation or government entity, you should have an active program to educate and support your employees. This program should include a place where employees can reach for help without fear of being judged, punished, discriminated, humiliated and fired. The less information your employees leak, due fear to be exposed, the harder is to gain unauthorized access.

Work Cities

Doffman, Zak. “New Android Warning: Millions Have Installed Apps Hiding A Costly Scam—Uninstall Now.” Fobes, 25 Sept. 2019, https://www.forbes.com/sites/zakdoffman/2019/09/25/new-android-warning-nasty-apps-installed-by-millions-scamming-100-from-unaware-users/#1e95f15762ec.

Fazzini, Kate. “Email Sextortion Scams Are on the Rise and They’re Scary — Here’s What to Do If You Get One.” CNBC, 17 June 2019, https://www.cnbc.com/2019/06/17/email-sextortion-scams-on-the-rise-says-fbi.html.

“DarkOwl.” What is the Darknet? DarkOwl LLC. N.d. Web. September 12, 2019. https://www.darkowl.com/what-is-the-darknet

Winder, Davey. “Unsecured Facebook Databases Leak Data Of 419 Million Users.” Fobes, 5 Sept. 2019, https://www.forbes.com/sites/daveywinder/2019/09/05/facebook-security-snafu-exposes-419-million-user-phone-numbers/#1b46efad1ab7.

Share

Some Advice When Working Remotely

Opinion by Alejandro G. Carlstein Ramos Mejia.

Working at home was pretty much standard prior the Industrial Era. Artisans, blacksmiths, artists, doctors and many other professionals used to work in the same places they used to live. Then, when the Industrial Era arrived, everyone were pull from their homes into confined spaces. Just in these few decades, with help of the technology advances, such as the internet, is that many jobs are being done remotely. While this article will not go over the pros and cons on working remotely, it will provide some advice to those of you that do work remotely or are planning to do so.

1)   Do Not Burn Out due Working Extra Hours

When working remotely, it is very easy to get into the zone. Without the distractions, commonly found at the office, you can find yourself working extra hours without realizing. While this sounds great, the issue is the risk of burning out. Working long hours can build unnecessary stress. Being overworked can lead you to sleep less, eat worse, skip exercise and gain lots of health issues, including depression. Therefore, schedule breaks to gain energies and do not forget to put an alarm. Remember that if your health gets affected then your work will be affected too. Your health is very important. If you cannot take care of yourself, then you will not be able to take care of anyone including your job.

Also, be sure to spend time with your family, friends and those important for you. Your job should not consume you and ruin your relationship with your loves ones. Your job should complement your life, not destroying it.

2)   Location, Location, Location

If you find your productivity being affected then try to work on a different location. Sometimes a change of scenery helps to gain our focus back. You do not have to work all day at your home. You can work at the near coffee shop, bar, and even at the house of a friend or familiar. Location is not an issue when working remotely. The only thing you need to ensure is that you have access to the tools required to do your work.

If your place has too many distractions, then visit your local library. Libraries have a code about keeping noises low. Some libraries even have private rooms available to the public. If a place such as a library is not good enough for you, then research about shared office spaces for rent.

Did you know that your mobile can be turn into a hotspot, depending of the model and carrier? You could share your phone’s internet access with other devices such as your laptop. If that is the case, then perhaps you would considered to work at the closest park. Pack your meals and enjoy nature while working.

3)   Be Aware of Office Politics

Office politics always gets in the way of work and every company has this cultural disease to one degree or another. It does not matter if you care about the company, work long hours, and get things done. When working remotely, you are going to encounter people that think you are not doing your job, are jealous that you work remotely, or have the wrong perception of you since you are not at reach.

While you cannot do much for office politics, you can do something to reduce the effect it has on your life and work. In meetings, make sure to have your camera on. Let people see your face and recall that you are alive and you are a human being. Reach to your co-workers, once in a while, to check how they are doing in life, not only when you need something from them. Arrange meetings, in-person, with those co-workers that live closed, geographically, from you. Always take some time to thank those co-worker that helped you out. Plan visits to your office just to meet with everyone there. In short, be as social as you can. 

Also, keep a work journal. Write down a summary of what you did and your accomplishments. In case someone does a false accusation, you can always reach your journal to put things straight. Confirm things via email. Remember that there are uncivilized people out.

4)   Get the Right Tools

This is one of my personal pitfalls. Spending time and money to get the right tools. Yes, good tools are expensive; however, they are a good investment in the long run. Put an account aside to save money and do your research in your spear time. This is something that you cannot wait for your job to provide you. Good tools will increase your productivity, reduce stress, and may help you to enjoy your life. If you have back problems, then get a good chair (even better, get a massage chair). If your laptop is slow and old, see if it can be updated; else, try to get into an agreement that allows you to get one. If you need a second monitor, you can purchase a portable monitor and only requires to be connected to the USB port of your laptop. Anything that can help you to focus on your job and get things done faster and better should be acquired. Having the right tools allows you to focus on your job and reduce the time wasted.

5)   Do Exercise

If you have an office job, regardless if it is at the office or at home, then you spend a lot of hours sitting down. Sitting for long hours seems to be bad for your health; therefore, it is important to schedule breaks where you stretch prior to continue working. Also, try to have some physical activity that helps to keep you healthy throughout the week.

For some people doing exercise seems natural, they always seems to have time to do it. If you do not have time then check out some exercise plans such as the 5BX, devised by Dr. Bill Orban from the Royal Canadian Air Force in the late 1950’s. There are many exercise plans and fitness programs out there; however, be aware that some may not be for you. Therefore, you should consult with a physician or other health care professional prior to use any of these fitness programs or exercise plans. 

6)   Learn to Disconnect Yourself from Work

Our jobs take a huge part of our lives. We spend at least one third of the day working. Therefore, we may find ourselves thinking or talking about work outside our office hours which can contribute to burn ourselves in the near future. Even if you have a passion for your job, you should take a break from it. It is not healthy. Therefore, make sure you engage in non-work related activities.

If you find yourself talking about work, perhaps consider to change the topic. You may be passionate about your job or just venting your problems with it; however, at some point, you should drop the topic and talk about something else.

There are cases when a solution to a problem, a reminder of things you must do, or the realization of something you forgot to do comes at you while sleeping. This may keep your mind busy while you are trying to sleep and ending you tired the coming morning. One way to deal with this is to take a moment to write down a reminder (or summary) of what it came to your mind, then go back to sleep. You will noticed that it put your mind at easy and you may go back to sleep, getting the rest you need. Therefore, leave a pen and paper next to your bed for such occasions.

7)   Socialize

Regardless if you are an introvert or extrovert, schedule sometime to meet with your co-workers in one way or another. While building a culture does not require all members to be face-to-face, it does not hurt to come up with excuses to meet up. It does not have to be work related either. It can be an online or in-site event. Just spend some of your time interacting with others in your company, regardless if they are members of your same team or not.

8)   Be Aware of Falling into Depression

Depending of your personality, you may be a high social creature. You may need to have an intermittent interaction with people around you to work on constant pace. If you find yourself gaining or losing weight, having troubles going to sleep, feeling restless and agitated, or slower down mentally and physically due lack of energy, having troubles concentrating, losing interest or pleasure in your activities and having thoughts of suicide then seek medical mental health immediately. Do not be ashamed or afraid to ask for help.

There is a chance that remote work is not for you. Everyone is different. One way to find out is to start small, working remotely by short periods of time. If you do not seems to be affected, then you can expand the time you spend working remotely.

If you do not have a choice and you must work remotely then do not do it alone. Try to work with a co-worker or someone. It is not required, for both, to work on the same thing. It is just a matter to have some company while working. Again, seek medical mental health to see what you can do about it else try to change to a job that allows you to work at the office, surrounded with people.

Conclusion

Working remotely is highly rewarding and productive; however, like everything in life, there are pros and cons. You must be aware that working remotely can end having you working long hours. To make the most of your job, you must obtain the right tools of your trade. If you feel unmotivated, try to change locations and socialize with your co-workers. Learn to take a break from your job and spend time with your loves ones. They will be your lighting rod. Reduce your stress by keep yourself healthy. Heating properly and doing exercise may do the trick. Consult with a physician or other health care professional. Finally, be aware about having depression. Remote work is not for everyone. If you caught yourself dealing with depression seek professional help immediately. Do not be ashamed or afraid to ask for help.

Do you have experience working remotely? Do you have advice no cover by this article? Share your experience in the comment section below. 

Share

SQL Join Types: Two (Outer) Full Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	FULL JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	FULL JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
--WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Alternative Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365)

Result

OrderID

CustomerName

ShipperName

10309   

Hungry Owl All-Night Grocers

Speedy Express

10365   

Antonio Moreno Taquería

United Package

10310   

The Big Cheese

United Package 

10308   

Ana Trujillo Emparedados y helados

Federal Shipping

NULL

Alfreds Futterkiste

NULL

All Queries

CREATE TABLE Orders(OrderID INT, CustomerID INT, EmployeeID INT, OrderDate DATE, ShipperID INT);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10308, 2, 7, '1996-09-18', 3);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10309, 37, 3, '1996-09-19', 1);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10310, 77, 8, '1996-09-20', 2);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10365, 3, 3, '1996-11-27', 2);

CREATE TABLE Customers(CustomerID INT, CustomerName VARCHAR(50));
INSERT INTO Customers(CustomerID, CustomerName) VALUES (1, 'Alfreds Futterkiste');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (2, 'Ana Trujillo Emparedados y helados');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (3, 'Antonio Moreno Taquería');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (37, 'Hungry Owl All-Night Grocers');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (77, 'The Big Cheese');

CREATE TABLE Shippers(ShipperID INT, ShipperName VARCHAR(50));
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (1, 'Speedy Express');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (2, 'United Package');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (3, 'Federal Shipping');

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365
Share

SQL Join Types: Two Left (Outer) Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share

SQL Join Types: Inner Join and Left (Outer) Join

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27 

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2 : Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	INNER JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share