Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
There's a TV show broadcast over here in the UK (on some of the cable channels) "America's Dumbest Criminals" - guess this guy'll be on soon enough. I have to admit I thought a lot of the stories were made up, but if people are going to sign their REAL NAME to an extortion demand, sheesh, perhaps people *can* be that stupid.
Well, on the up-side, it at least frees the cops' time up so they can catch criminals with at least 1 brain cell. Let's hope the feedback loop stays negative...
Simon.
Physicists get Hadrons!
This reminds me of the classic story (urban legend?) of the bank robber that wrote a robbery note on one of his deposit slips.
Best Windows Freeware
...be made out to Amanda Huginkiss.
the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.
Almost as smart as this guy - "A man who walked into a Wal-Mart covered in blood and bought garbage bags Friday was charged with murder after authorities found a stabbed body in a trash bin."
Planning people, planning!
with various posts about CowboyNeal unless /. writes a check, payable to Rob Malda, for $1 million.
Beware!
To eliminate himself from suspicion, he should have told them to make the check out to "anybody but Myron Tereshchuk". They would then have everyone in the world BUT him as potential suspects! Brilliant!
demanded to be paid in verified AOL email adresses. This currency is rock stable.
They never get caught.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
"At one point, the company president tried to use a "Web bug" to trace his cyber tormenter, but Tereshchuk detected the ruse."
Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug?? Maybe he was using Mozilla or something less spyware-enabled? ^_^
Still not a bad hack attempt - smart to use others unsecured wireless connections. I'll bet we hear about more of these types of intrusions in the future (if the media prints it).
You can make your threats as vauge or specific as you want... you can be ~very~ anonymous given the tools available today (mail, internet, courier, payphone, stolen cellphones).
However, at one point, sooner or later, you need to pickup the cheque or cash. Wire transfers can be traced, as can direct deposits. If there's a cash-only transaction, the cash can be marked and the police can watch the drop point.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
If someone's a REAL master criminal, then he doesn't get caught and you never hear about him. Therefore, the only criminals you hear about are the dumb ones who get caught. Or at least that's my theory. Seems worthy of a $100 million research grant. (And there you have my template for becoming a master criminal. Enjoy.)
Yup, the drop is always the hard part, isn't it?
And thank goodness. We'll always have action movies.
One must have an impressive grudge to consider using RICIN (which happens to be my favorite poison)
We should try the same scheme, but tell them to make the check payable to Darl McBride or Bill Gates.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
But as the stupid one are caught you are left with the intelligent mastermind, which will enjoy their million extorqued. "Darwnism", if I may use the analogy at its best.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Mike Rotch, Dick Fitzwell, Richard Cranium, Richard Dragon, Peter Dragon, Richard Cumming, Hugh Johnson, Jack Hoff...
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
Writing hold up notes on one of your own return address formatted envelopes is not a good way to go about it either. Or in his case demanding a check in his own name. Cracks me up when I see people make fundamental mistakes like that.
Pete Carr Owner Chatmag.com
Uh, shouldn't that be Moron Tereshchuk?
This guy doesn't sound much better in a pinch than Peter Griffin:
! "
Psych ward clerk: "What's your name, sir?"
Peter: "Umm.....Pee.....ter.............Griffin.....damn
Bonus Simpsons quote:
Homer at Post Office (trying to disguise voice): "Hello, my name is Mr. Burns. I believe you have a letter for me"
Post Office employee: "Ok, what's your first name?"
Homer (smugly): "I don't know!
It would be cool if it didn't suck.
Probem is that you never hear of those cases, as the people paying dont want to risk the press release.
---- Booth was a patriot ----
"You're Myron? But I'm Myron!!
"So, is this what it sounds like.. when doves cry?" (hugs)
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
How can someone be 'smart' to get that far, and then use their name. It defies all logic known to man. Perhaps idiots are needed in the world afterall for our entertainment.
I currently know of a active web bug that targets Mac OS X to contact a site.
p ?t =8262&postdays=0&postorder=asc&start=6 0
http://forum.folding-community.org/viewtopic.ph
Make sure you have your Little Snitch installed or you'll never see it and to block the connection.
So much for Mac OS X security, even Apple leaves a few holes open on purpose.
(up to date Mac OS X 10.3.4 w/security update)
And make sure to send some big cops to get me. I'm likely to resist arrest. I'll deny everything. Better shoot me first, and ask questions later.
... seems to be Darwin Awards material.
Looks like a plea agreement. read it and weep^h^h^h^hlaugh here(pdf).
That would make it easier to give him a transfusion after the shoot-out.
an editor/writer that posts an article with a title like 'A How-Not-To guid to cyber-extortion'
Dumb Criminals June21st
Check the frist post
Only the dumb criminals get caught. The authorities don't even know the smart criminals are committing crimes, let alone catching them.
Stupid! You're so STUUUPID!
--
Next up on Wheel of Fish....
You mean like the guys at Enron who thought that they were so smart that they could write their own rules and would never get caught?
pffft. Amateur.
Everybody knows that only an idiot would ask for the check out to himself; so he could use that as an alibi, since nobody would believe that it was him.
Of course, a truly smart criminal would know that a smart investigator would realize that most people know that you shouldn't ask for the check to be written out to your own real name; so he should not have the check written to his own name. But naturally, a well-trained detective would recommend that possibility and immediately discount the possiblity that the name he demanded to be written on the check was his own name; so he should have used his own name.
But the company he was blackmailing was located in Connecticut, which is kind of like a miniature Australia; and everybody knows that Australia is populated by criminals...
(Ow, I think my head hurts now.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
...never break the law. They write it.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
a robbery note!?!
Speaking of idiots...
Bentley, who also faces charges including grand theft auto, was held without bail at the Collier County Jail.
says the article
Is playing GTA *that* criminal!?!
There's a TV show broadcast over here in the UK (on some of the cable channels) "America's Dumbest Criminals" - guess this guy'll be on soon enough. I have to admit I thought a lot of the stories were made up, but if people are going to sign their REAL NAME to an extortion demand, sheesh, perhaps people *can* be that stupid.
Actually it is not that uncommon. One of the most common mistakes bank robbers make is to write down the demands on the backs of their deposit slips....
LedgerSMB: Open source Accounting/ERP
are those where nobody, even the victim, realizes that a crime has been committed. Brings to mind the old (urban?) legend about a programmer at a bank who had fractional pennies skimmed from everyone's interest payments and added to a special account he'd set up. They caught him because he'd made the special account a nonsense name that would come up last in sort order - dump all fractional interest in the final account. One day, for whatever reason (contest?) they happened to look at the name on that last account, and the suspicion started.
The living have better things to do than to continue hating the dead.
he must have been reading from SCOs manuals on how to extort people....
Are stupid. The smart ones are the ones you have never heard of. From several cops I know: most crooks talk themselves into jail. Their ego demands they brag about their "accomplishment" to someone and the word gets out.
Professional Politicians are not the solution, they ARE the problem.
And that is supposed to mean the system works and society is safe? THINK AGAIN!
A 90-plus percent conviction rate says nothing about
- crimes that go undetected (obviously not part of any statistc)
- crimes that never go to court (lack of evidence/suspects, or shady deals with the DA)
- innocent people being convicted (erroneously, or -even worse- deliberately)
I'm not advocating crime (i concur with other posters in suggesting a political career instead), but i recommend scepticism towards these bogus statistics. Especially with the current abrogation of civil rights, the conviction rate is about the worst metric for the qality of a judicial systemAnd make no mistake: a right taken from a "suspected terrorist" is a right taken from YOU. Just wait until your name shows up on some computer-generated list of (probable) suspects.
But coming back to conviction rates: history has quite a few examples of systems with really high conviction rates. You might want to read up on Cheka, NKWD, GESTAPO, STASI, .. All of these have one thing in common: they were not bound by the law they were (supposed) to uphold. Then read on about Camp X-Ray.
... Myron Tereschuk did NOT send the $17 million extortion note.
Maybe somebody else hit the victim company and also set up a phony bank account in Myron Tereschuk's name. Then when the $17 million arrives, it's wired out to Eastern Europe 5 minutes later.
Of course, the police know this. That's why they use the clues they have to stake out Myron Tereschuk and gather more evidence, not just to shoot him on sight.
I'd force my victim to *induce* the money. I could think of very good ways to do exactly that, without leaving traces.
The idea is to change value, not to transfer money. It's about information, not material "money".
But that's probably something "classical" criminals would never think of.
I'll never understand how people stupid enough to rob a bank can handle something complicated like a knife or a gun.
here .
Fight Spammers!
Start software companies or get into politics ... and manage not to get caught.
Break into the company's computers, steal some data. Break into the victim's computer, plant the data in some out-of-the-way subdirectory where he's unlikely to look. Start extorting the company, then at some point offer up the identity of your victim as your own. It seems like this would be pretty easy, especially when you consider how easy it is to take a computer over with trojans and worms now days. If you set the trojan to automatically erase most of itself after you planted the files, I doubt anyone would listen when the victim started claiming that he didn't know how the files got there.
This is an example of the sort of societal problems that come from widespread security vulnerabilities in computers. Windows is so easy to take over now that we can't really be sure of the origin of ANYTHING that we find on someone's comp. It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth. How hard would it be to write a worm/trojan that causes a computer to automatically download some illegal material, send an email 'tip' to the authorities via some anonymous remailer, and then erase most of the trojan? Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more? What's to stop a criminal from installing a trojan on his own computer and then claiming (quite reasonably) that someone took over his computer and put the material there?
I really don't want this to turn into a anti-microsoft rant, but Windows vulnerabilities have basically reduced computers to the status of a big unlocked plastic bin that's sitting by the curb in front of everyone's house. If you find something illegal in it then yes, the guy who owns the bin looks pretty suspicious, but who's to say the neighbor didn't put it there? Or some random person who noticed the bin while driving by and decided to stop and place something inside? These security flaws have simultaneously taken away people's accountability for what's on their computers, and made it really easy to frame innocent people for major crimes.
Hey, that really works. I've robbed a bank last friday and no cops here yet.
... Wait a second, there's somebody knocking my door...
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
2. Utilize unsecured Wireless Access Points to provide 100% annonymity.
3. Make checks payable to Myron Tereshchuk.
4. D'oh!
Are you a VF grad? Check out the VFMA Alumni Forums VFMA Alumni Forum
There's simply no way to get $17 million and not have it be traced. Any financial transaction that large will trip alarm bells that'll make it stand out...
Large-scale extortion never works. What ever account gets that money will be traced, and that'll eventually give up the location of the criminal.
If someone told me to make the check payable to Myron Tereshchuk, I would immediately suspect an enemy of Myron Tereshchuk. Turns out they had other evidence though.
You mean like the guys at Enron who thought that they were so smart that they could write their own rules and would never get caught?
And of those hundreds or thousands of people who worked for Enron (not only top execs who masterminded crimes, but the traders and other foot soldiers who carried them out), how many are doing time today? How many have even been charged?
Where the street criminals are stupid is, they're liable to do long hard time for something that nets them a few hundred bucks. But they're working class criminals, they don't have the suits or connections to do crime wholesale. Enron traders made a bundle with essentially zero risk (maybe a couple of the top guys will do a few years, but considering the amount of money involved, it was a good gamble even if they did get caught; no traders have even been charged). Halliburton execs just pay a small penalty as cost of doing business with the government, and double the amount of overcharge on the next contract to make up for it. Try a google for "price fixing". Qwest. Tyco. Adelphia. Vivendi Universal. AOLTimeWarner. Samsung. Bayer. DuPont...
Some will rob you with a six-gun,
And some with a fountain pen.
--Woody Guthrie
Looks like Myron is also a cybersquatter too!
He owned jamore.com at one time which was a Chrisitan Dior perfume.
... as Moron Tereshchuk, not Myron. But at the end of the post it's clear I was correct.
There you are, staring at me again.
...of a 17 million dollares check made to "Cash".
Nah, he should have asked for all of it in coins. Pennies, preferably.
I think that would be a virus in everyone elses book. One that probably reports in IP addesses everytime he logs in. I guess WebBug sounds better when its in their favor.
I didn't use the preview button, so get over it!!!!
Mike
Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...
With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...
Would you please post a racist comment against the Indians and check that out?!
Just read through some posts on outsourcing, which are nothing more than racist attacks on Indians. Oh, and also look up satire.
Tubal-Cain smokes the white owl.
It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth.
There's your answer. I imagine framing someone using your method would be difficult. In this case (rtfa) the fact that he wrote the check out to his name didn't seem to matter much (despite everones knee-jerk reaction "omfg, he's so dumb" - he was a suspect anyway). The FBI followed him around for months until they eventually caught him red handed.
http://www.usdoj.gov/usao/vae/ArchivePress/JunePDF Archive/04/tereshchuksof060804.pdfd oj.gov/usao/vae/ArchivePress/JunePDF Archive/04/tereshchuk060804.pdf
http://www.us
...which can be summed up for the grandparent's benifit in one word (sortof): RTFA!
We don't ever hear about smart criminals because they hardly ever get caught. And when they do get caught it is because of some stupid mistake they've made.
Although why a guy would ask for a $17m check, in his own name and think he could possibly cash it is beyond me. An anonymous drop off point. Cashing it through a fake id and transfering portions of it through several number accounts in various countries. Using some proxy who you expect to get caught, but not before you get your money. I mean we're not talking about robbing the local kwik-e-mart. This is $17m, certainly you need to come up with a real plan.
The fact that they company turned the guy in rather than meeting the demands of the extorsion only shows that the information the guy had wasn't good enough to warrant $17m to keep it secret. Otherwise when the guy was caught he would have told everyone what it was and the company would be ruined. (just because you catch a blackmailer doesn't mean you can silence them, even killing them doesn't work if they have someone scanning obituaries to release information on your death).
“Common sense is not so common.” — Voltaire
This guy makes Darl look like Warren Buffett.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
So what's the best way to demand an extortion payment? The new $20 bills have RFID tags in them, so you can't get 'unmarked bills.' Do you ask for gold coins? Or will the cops stake out the location of the drop? Payments to a swiss escrow account, perhaps? There has to be a more creative way...
___
It's the end of my comment as I know it and I feel fine.
People have Used this defense and gotten off.
You can't really blame this on Windows, is just a fact of life that computers can be modified to look whatever way you want. Logs can be modified/erased, files can be overwritten.
Imagine if you will though a politicians home computer is broken into, child porn is placed on the computer and its set to go on kazaa. A tip is sent into police that ip 24.55.34.21 is sending out child porn. Police show up and arrest him/her. Now even though they *might* be able to get off saying they were hacked (even if all evidence was removed from the computer), their career will be ruined with the stigma that they were suspected of downloading child pron. This would pretty much ruin anyones life.
Everyone that disagrees with me is a paid shill
You always hear about dumb thieves getting cought becouse they are dumb. What about the smart ones? You never hear about them getting cought. It makes me wonder how much crime there really is, on the internet or otherwise.
stendec@gmail.com
But the company he was blackmailing was located in Connecticut, which is kind of like a miniature Australia; and everybody knows that Australia is populated by criminals
I resent that. We do not say anything resembling "G'day mate" nor do we wrestle alligator.
Besides, I'm not... well i know people who i'm pretty sure are NOT criminals.
Just a guy with an opinion
my cousin is a stupid criminal. He was arrested as the driver in a get away car [armed robery, Las Vegas] He tried to tell the Judge, "Hey, I was just hitchhiking and these guys picked me up."
I am consouled by the fact we were both adopted, from different families.
he gets out in Spring of 2006 and wants to move near me
-- www.globaltics.net
Political discussion for a new world
If he had such sensitive information that he expected the company to pay him off, then what's so foolish about giving away his name? If the information is valuable then he is protected - if he gets prosecuted, he leaks the information.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on.
On the contrary, the problem is that not enough people seek revenge.
For example, by all appearances Kenneth Lay and his partners in crime walk freely and without fear. This is a condemnation of all of the thousands of workers whose lives they destroyed: that not one of them was man enough to take revenge. (Now, if I misunderstand the situation -- if Ken Lay et al surround themselves with bodyguards or have fled overseas -- I apologize to all Enron ex-employees.) Forget judicial reform: what level of corporate anti-worker crime would remain, if even one out of every twenty executives who destroyed the lives of hundreds of workers was murdered?
But no, you prefer to lie supine as you are trampled. You even tell yourself that your meekness and impotence is a virtue. Well then, you deserve to be trampled (you pathetic wretch). And as you lie there know that through your complicity in your own degradation, you embolden those everywhere who would prey upon the weak.
The smart criminals become lawyers, politicians, and investment bankers.
that tyco CEO sure knows how to party!
He should have asked for the money in non-expiring gift certificates.
Does something potentially worring strike you about the following situation;
1) A company/person reports receiving threats
2) These threats cannot be traced
3) After a while, one item of communication contains information singling out someone as the culprit
4) This person is then arrested and charged
I mean, yes, the fact that there had been a previous dispute between the companies indicates that the charged person had a motive to damage the other - but it ALSO indicates a motive for the OTHER part. Both parties had a motive to damage the other.
People are likely to jump on it, of course, since it seems to be "just another case of a dumb criminal exposing himself".
I would be seriously worried if this guy is convicted, or even suffers significantly as a result, without additional pieces of evidence. At the very least, check his computer for electronic evidence, and whereabouts at the times the threats were sent.
There is no other word.
*sigh*
--
Tomas
Yep, that's only as difficult as making the bank computers round off those extra portions of a penny into your bank account.
It's not stealing; it's like the take-a-penny tray in the Seven-Eleven.
"Mediocrity knows nothing higher than itself, but talent instantly recognizes genius." -- Sir Arthur Conan Doyle
I have a book floating around somewhere about the 501 dumbest criminals or something like that.
As the story goes, two gentlemen walked into a convenience store. The storekeeper asked them if they'd like to sign a petition to increase the police force in the city. They both signed the petition, and then proceeded to draw guns, by the means of which they robbed the store and took off. When the po-lice arrived, they thought the two gentlemen must have signed fake names and addresses on the petition, but on a hunch, they decided to go to the address listed. Lo and behold, it was the same two gentlemen, and there was a bunch of stolen money and whatnot.
The moral of the story: Unless you own your own country, with an army and a lot of guns, you don't put your name on a demand for ransom. The rest, as they say, is history.
Your complaint ("(slashcode will probably put a space in there somewhere.)") is a result of your laziness. Wouldn't it have been easier to create a link that to complain about the spaces? It certainly would have meant less typing.
Oh, well, I guess he must be guilty then. I mean nobody who has it in for him might try and frame him, right?
>Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more?
In other news:
Hide some nasty kiddie porn on a page so that it loads into his cache but isn't displayed.
Call the cops to search his hard drive. Voila!
So not just a Microsoft problem, huh?
They will never know the simple pleasure of a monkey knife fight
>You mean like the guys at Enron who thought that they were so smart that they
>could write their own rules and would never get caught?
Was any money recovered from them? Often people go to jail for a couple of years for fraud or drug dealing or whatever, but the money is not always recovered. A few million dollars for 2 or 3 years in jail... doesn't sound too bad to me.
Or do you want a sandwich?
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
Yes, but as he was pointing out, hailing 90% conviction rates as evidence of the 'success' of the criminal justice system is unreasonable. There are a number of alternative explanations for the statistics aside from the "we convict almost all criminals we catch". For example, the statistics could just as easily be evidence of significant bias in the judicial process in favour of the prosection.
If you can't recognize that, then you are beyond help.
HAND.
"...He also avoided a web bug sent by the firm..."
what's a 'web bug'?
Actually, quite often it's the same thing that kills off stuntsters, etc that causes criminals (even smart ones) to be caught:
a) Bad luck. Like if you're robbing a bank and it just happens that a few cops are in to grab some coffee-cash
b) Brazeness: A form of stupidity, it's when successful crime leads to more successful crime, and eventually increased risks, until one is caught for said crime.
"Goddamn it! I always screw up some mundane little detail!"
"You want a toe? I can get you a toe by three o'clock... with nail polish."
HTH. HAND.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent