Sextortion and Ransomware

Author: Alejandro Godofredo Carlstein Ramos Mejia

In marketing, there are two emotions that can increase sales: fear and pleasure. Therefore, it is not surprising that scammers used these marketing concepts, for their nefarious purposes. We can call it social or psychological hacking. It allows these fraudsters to gain money from their preys plus entree to places where they are not supposed to have access. Therefore, no one is safe including corporations and governments. This kind of attack starts with a new way of blackmail, sextortion.

Sextortion is quite profitable for swindles. The FBI’s Internet Compliance Center (IC3) estimates a total of 83 million dollars in losses (Fazzini). It is incredible how many people are victimized by this kind of attack. The victim receives a shocking email. In this email, the crook claims to have filmed the victim masturbating (or watching something indecent) by gaining access to the computer. To make the threat even more believable, information such as the name, email and password are included into the message.

The email continues that if the victim does not pay a certain ransom, via bitcoins, inside the period of 24 to 72 hours, then the “film” will be exposed to all the victim’s relatives and co-workers. To make the threat even more convincing, the attacker explains that by opening a text editor and typing ‘48hr more’ (or something similar), the victim will be granted such time to obtain the sum to pay the ransom. Finally, the email threats the victim that he or she should not reach any government authority because it would be a waste of time and will regret it dearly.

The victim should know that the current email system is quite old and insecure. Attackers can easily change the content of the ‘from’ field. Actually, they can change the content of any field in the email. This is called Email spoofing. So, if they try to impress you by displaying your own email in the ‘from’ field, while insisting your email got hack (and they have full control of it), don’t be. This trick is an old technique used by spammers and scammers to prevent being track back.

There are different ways to obtain your email and password. One way is via the Deep Web, Darknet or Dark Web of which many things can be purchased such as fake driver licenses, passwords, drugs and more (DarkOwl). In this case, your leaked information can be purchased. As some of you may know, well-known companies such as Facebook as being previously victims of information leakage (Winder).

Another way these ruffians obtain your email and password is by publishing extensions, plugins, and applications in online markets such as Google Market, Firefox, and such (Doffman). This is dangerous in mobile devices and browser because it only takes the user to grant access to the storage or peripherals (such as the camera) while in regular computers the software may gain automatic access at installation.

Thanks to social media, job seeking sites and such websites, your information is exposed. If your email belongs to a domain that you own, your registration information is publicly available, unless you pay an extra fee to keep it private. They can also try to trick you by sending an email that seems to belong to a service provider you are using such as your hosting provider. Never, ever, click on a link provided to you by such emails. It’s better for you to go directly to the site of your service provider than using any link in the email. The same goes to phone numbers.

If these attackers notices that they keep failing in their intent to intimidate you, they will keep sending more emails with different claims into them. They are trying to figure out what “makes you tick”. They will claim to have installed a keylogger into your computer. They will state to have installed software that allows them to take screenshots of what you were watching. They will say that they have access all your online services. They will accuse you of all short of crimes. They will even tell you how you are their slave and they are your masters. They will use any physiological warfare at their disposition to bend your will.

This form of blackmail goes beyond the ransom for money. It imposes a security threat to governments and corporations. Just think about it. It only takes one victim to grant access, to these thugs, into a system. If a person, who is being blackmail, is willing to pay the ransom, then he or she may be willing to provide confidential information to these attackers. The best prevention is to inform your employees of such attack and create an HR program for victimized employees. Victims should be able to approach HR without fear of repercussion of any kind. Remember that your employees are your last line of defense. They can make it easier or harder to any attacker to infiltrate your system; which takes us to the next threat: Ransomware.

Ransomware is a corporate and governmental nightmare. When the attacker gains access to your system, a software will penetrate your systems by propagating and encrypting all content. Then, a message will show up indicating that only when the ransom is paid that the content would be unencrypted. The cost of paying the ransom normally is lower than the cost of hiring someone (or a company) to decrypt such content is higher; plus, there is no guarantee that it can be successfully done. Therefore, it is not surprise that entities that fall victim of such attack will pay the ransom in hopes to continue operating.

Another method of installing software such as the ransomware is via gratification. This trick involve leaving a USB flash drive in a location, such as the parking lot, or by providing such flash drive “for free” to victims. People love receiving or finding things for free.

The first line of defense is skepticism and some basic security measurements. You should not believe everything that an email says. You should not click on any link that an email provides. It is better if you go directly to the service provider instead. You should ensure that all your online accounts hold different strong passwords and change them frequently. You should make sure of the veracity of any plugin, extension, or application you are planning to install. Ask yourself if you really need it. Make separate copy of your content. If you find any devices or you are given a device such as a USB flash drive, do not plug it. It is not worth the risk.

If you are a corporation or government entity, you should have an active program to educate and support your employees. This program should include a place where employees can reach for help without fear of being judged, punished, discriminated, humiliated and fired. The less information your employees leak, due fear to be exposed, the harder is to gain unauthorized access.

Work Cities

Doffman, Zak. “New Android Warning: Millions Have Installed Apps Hiding A Costly Scam—Uninstall Now.” Fobes, 25 Sept. 2019, https://www.forbes.com/sites/zakdoffman/2019/09/25/new-android-warning-nasty-apps-installed-by-millions-scamming-100-from-unaware-users/#1e95f15762ec.

Fazzini, Kate. “Email Sextortion Scams Are on the Rise and They’re Scary — Here’s What to Do If You Get One.” CNBC, 17 June 2019, https://www.cnbc.com/2019/06/17/email-sextortion-scams-on-the-rise-says-fbi.html.

“DarkOwl.” What is the Darknet? DarkOwl LLC. N.d. Web. September 12, 2019. https://www.darkowl.com/what-is-the-darknet

Winder, Davey. “Unsecured Facebook Databases Leak Data Of 419 Million Users.” Fobes, 5 Sept. 2019, https://www.forbes.com/sites/daveywinder/2019/09/05/facebook-security-snafu-exposes-419-million-user-phone-numbers/#1b46efad1ab7.

Share

SQL Join Types: Two (Outer) Full Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	FULL JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	FULL JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
--WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Alternative Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365)

Result

OrderID

CustomerName

ShipperName

10309   

Hungry Owl All-Night Grocers

Speedy Express

10365   

Antonio Moreno Taquería

United Package

10310   

The Big Cheese

United Package 

10308   

Ana Trujillo Emparedados y helados

Federal Shipping

NULL

Alfreds Futterkiste

NULL

All Queries

CREATE TABLE Orders(OrderID INT, CustomerID INT, EmployeeID INT, OrderDate DATE, ShipperID INT);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10308, 2, 7, '1996-09-18', 3);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10309, 37, 3, '1996-09-19', 1);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10310, 77, 8, '1996-09-20', 2);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10365, 3, 3, '1996-11-27', 2);

CREATE TABLE Customers(CustomerID INT, CustomerName VARCHAR(50));
INSERT INTO Customers(CustomerID, CustomerName) VALUES (1, 'Alfreds Futterkiste');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (2, 'Ana Trujillo Emparedados y helados');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (3, 'Antonio Moreno Taquería');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (37, 'Hungry Owl All-Night Grocers');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (77, 'The Big Cheese');

CREATE TABLE Shippers(ShipperID INT, ShipperName VARCHAR(50));
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (1, 'Speedy Express');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (2, 'United Package');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (3, 'Federal Shipping');

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365
Share

SQL Join Types: Two Left (Outer) Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share

SQL Join Types: Inner Join and Left (Outer) Join

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27 

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2 : Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	INNER JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share

SQL Join Types: Two Inner Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27 

 

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	INNER JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	INNER JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10365 

Antonio Moreno Taquería 

United Package 

10310 

The Big Cheese 

United Package 

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

Share