Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug??
Web bugs work on all web browsers, unless you have image loading disabled. Read about them here, and repeat after me: "I will not be a mindless fanboy. I will not be a mindless fanboy.".
Tubal-Cain smokes the white owl.
Well, there's a pretty extensive web column with a few new cases each week, called Dumb Crooks. Those cases you mention are there, plus hundreds of others. Pretty amusing read.
and the guy who rubbed fresh lemons on his face before robbing a bank because someone told him that if you did that, the cameras could not pick up your image. True story according to "news of the weird", a syndicated feature found in many independent newspapers here in the US. They have stories like this all the time.
News of the Weird can be found here. Its a very good weekly read that has tons of these exact type of stories.
Tequila: It's not just for breakfast anymore!
There is an old method that does work and is used for extortion and other purposes...
1/ create bank / building society account in ficticious name with false documents and genuine 500 cash deposit. Make sure account comes with an ATM card.
2/ wait one year while doing the minimum to keep the account active. Do not go near the maildrop you used, but do make sure it is paid up.
3/ Do extortion thing, instruct victim in the following manner...
a/ pay 100,000 into account number xxxx at bank xxx
b/ notify the police if you wish, but be advised that should the account be suspended or frozen in ANY way WHATSOEVER you will simply and without further warning do whatever it was you threatened (eg put HIV+ blood in baby food which was most recent case here that comes to mind) and walk away from the whole deal.
4/ withdraw the money from randomly selected ATM machines over the next year or three, just scout them out first to make sure they aren't covered by security cameras (if they are wear a full face crash helmet) and make sure you have a concealed carry for the card itself, don't wanna get caught with that six months later....
You guys ought to get out more, I'm really surprised that in a diverse forum like this nobody knows about this one...
http://slashdot.org/~GuyFawkes/journal
Looks like a plea agreement. read it and weep^h^h^h^hlaugh here(pdf).
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
On the contrary. It is actually quite easy to generate a _completely_ untraceable email address. If one proceeds to use it from different (and carefully chosen) internet cafes and insecure wifi points you could conduct a series of correspondences without any chance of them tracing you. I shan't go into the details here but there are a number of web pages that describe the process. I believe "The Register" linked to such an article about 18 months ago.
"The first thing to do when you find yourself in a hole is stop digging."
However, yes, any method of payment where you can pick it up from multiple points is much better than a single point of capture. ATMs are very good because there are literally hundreds of them to choose from.
Just don't do something stupid like take a trip across the country and withdraw the money from there, because they will check flight records. And for God's sake, wipe the card free of fingerprints before sticking it in the machine.
The only thing I'm not sure about is the entire premise of this. I presume that the whole wait-a-year thing is to make sure the security tapes are gone and that one one remembers you from when you opened the account. But I'm not sure that that is enough.
A slightly more clever idea would be to set up one of those fake ATM covers to steal card numbers and PINs, but just steal a few and don't use them to steal from the accounts...use them to funnel your money through. (You'll need to explain what's going on to the guy you're blackmailing, otherwise the account owner will end up in jail and you'll have no money.) Of course that's yet another set of risks...
If corporations are people, aren't stockholders guilty of slavery?
Hmmm, HIV is not transmitted by eating and doesn't survive long outside human body. Put botulism in baby food, and we are talking. Besides, companies don't care what you do with the rest of the world. You will get more of a response if you threaten to release some internal memos saying there is no SCO source in Linux.
1/ create bank / building society account in ficticious name with false documents and genuine 500 cash deposit. Make sure account comes with an ATM card.
Sounds troublesome.
If you do this inside a real bank there will be a video capture of your face.
2/ wait one year while doing the minimum to keep the account active. Do not go near the maildrop you used, but do make sure it is paid up.
Why?
4/ withdraw the money from randomly selected ATM machines over the next year or three, just scout them out first to make sure they aren't covered by security cameras (if they are wear a full face crash helmet) and make sure you have a concealed carry for the card itself, don't wanna get caught with that six months later....
Bad, bad, bad.
You'll have to travel *lots* to pick up all the bucks (what's the per-day limit on an ATM?) without visiting an ATM twice. Each transaction leaves a trace.
Psych ward clerk: "What's your name, sir?"! "
Peter: "Umm.....Pee.....ter.............Griffin.....damn
That one's only funny when you explain the context. He tried to create a fake name and said "pea...tear...griffen", naming objects he saw in the room.
Better yet, encode your own generic magstripe cards. Dispose of them after single use. They would be blank, wouldn't look like ATM cards, and the relevant numbers aren't printed on the card. Make sure not to leave a fingerprint on the card, and drop it right in front of the ATM machine.
This minimizes the "caught with it on you" aspect.
Um, this may be more philosophy than Slashdot usually prefers, but you're being a bit too glib here.
Punishment (including jail) can serve any combination of the following: to rehabilitate, to exact vengeance, and to isolate [i.e. to protect either the perpetrator or the innocent]. These are typically if not entirely not mutually exclusive, so it isn't unreasonable for a judicial system to adopt more than one.
The problem however, is that the American judicial system (or perhaps more clearly, the American criminal system) does not have a single perspective on the goal of the system [and in all fairness, no other nation in the world has a single perspective either]. Historically, legal Opinions laid down by Judges (these are the explanations written by judges in various cases, and are only presented when desired by the judge) have advocated various combinations of the three possible goals, and so it becomes impossible to determine which is 'right'. As if to make the problem worse, our founding fathers were clearly in dispute about the goals of their criminal system both as implied by their lack of its discussion in the constitution (there are no claims to the purpose of the criminal system in that hallowed document), and in their explicitly written debates about the issue over their lifetimes.
The only consensus is that the Jury is never supposed to attempt to subvert the law to their own opinions. The entire purpose of a jury is to determine the guilt [or lack thereof] of a defendent, and then in certain cases to determine the specific punishment from a list of possibilities.
So, to summarize, I agree that the jury should have given the subject lifetime in jail (if it was his 3rd offense in a 3-strike state), but I disagree with your statement of hte purpose of jailtime.
"Stumble before you crawl"
Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...
With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...
http://www.usdoj.gov/usao/vae/ArchivePress/JunePDF Archive/04/tereshchuksof060804.pdfd oj.gov/usao/vae/ArchivePress/JunePDF Archive/04/tereshchuk060804.pdf
http://www.us
> Except there was a slight problem; when he cut the cables to the video cameras, he had also cut
> the power to the sliding doors, which automatically locked when there was a power failure.
Sounds like an urban legend to me. Such doors *unlock* when power is removed, because fire codes require it.
Chris Mattern
A few years ago I heard about a guy who robbed a bank in Florida. He forgot to bring a backpack or anything, so to avoid suspicion he put the sack with the money in it down the front of his pants. (Did you recently rob a bank, or are you just happy to see me?).
He got about 2 blocks before the dyepack exploded, covering his ummm naughty bits with stinging purple ink (they put an irritant in it). When the police heard the report of a man standing in a public fountain washing his blue balls they knew they had their man.
Chip H.
My face is not important. Sure if I happen to be walking outside the police station just after they show my picture to all cops they will be suspicious. Otherwise there are millions of people in the US who look enough like me that you need to check them out. Sure nearly all are easy to clear, but shear numbers means you can't check all the pictures on file. You compare to known criminals (who are more likely to do something again) and then what? Mind it is a good idea to avoid giving them photos just in case they stumble on you, but that isn't always doable.
Pictures of my license plate (unless it is a rental under a false name, or stolen and I leave the car on the side of the road a few minutes latter) matter. Anything that can tell give the police just a hint of who I might be other than a white male between 25 and 32. (wigs or hair dye is easy to get, and contacts means that I won't always have glasses)
You can visit an ATM twice. You just have to visit enough ATMs at random enough times that they cannot place police officers at each one you use. If they can predict anything about where and when you withdraw cash, an officer will be across the street and waiting for you to swipe your card just in case they are right.
ATMs are suggested because they are everywhere, in particular poorly traveled places. $200/day 2 out of 3 days gives you $40,000/year tax free. I could live on that. Course you have to keep contacts in the underworld (to keep fake IDs up just in case you need one) and that costs some money. A bank branch leaves the possibility that there is a cop around the corner who can get to the parking lot before you can leave. Not worth the money.
Yes you have to travel a lot. Still I can visit an ATM in Minneapolis, and Fargo (4 hours apart), and still make it home in time for supper. I'm not sure what the right balance between hitting ATMs on the way, and passing them so they don't know your route is. Still that is a lot of ATMs.
Fire codes are different for each City/County.
And sometimes drasticaly different.
For highly secure areas like banks, or research companies, some areas are allowed to be fail secure or fail safe.
The first meaning, power is needed to UNLOCK the door, and the second power is needed to LOCK the door.
Naturaly when power goes out, the opposite happens. Most times this is because of Maglocks and Door strikes.
It is very possible that this dumbass locked himself in. But even more possible that there is an override latch of some sort, and he was just too dumb to find it !!