Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug??
Web bugs work on all web browsers, unless you have image loading disabled. Read about them here, and repeat after me: "I will not be a mindless fanboy. I will not be a mindless fanboy.".
Tubal-Cain smokes the white owl.
Well, there's a pretty extensive web column with a few new cases each week, called Dumb Crooks. Those cases you mention are there, plus hundreds of others. Pretty amusing read.
and the guy who rubbed fresh lemons on his face before robbing a bank because someone told him that if you did that, the cameras could not pick up your image. True story according to "news of the weird", a syndicated feature found in many independent newspapers here in the US. They have stories like this all the time.
News of the Weird can be found here. Its a very good weekly read that has tons of these exact type of stories.
Tequila: It's not just for breakfast anymore!
There is an old method that does work and is used for extortion and other purposes...
1/ create bank / building society account in ficticious name with false documents and genuine 500 cash deposit. Make sure account comes with an ATM card.
2/ wait one year while doing the minimum to keep the account active. Do not go near the maildrop you used, but do make sure it is paid up.
3/ Do extortion thing, instruct victim in the following manner...
a/ pay 100,000 into account number xxxx at bank xxx
b/ notify the police if you wish, but be advised that should the account be suspended or frozen in ANY way WHATSOEVER you will simply and without further warning do whatever it was you threatened (eg put HIV+ blood in baby food which was most recent case here that comes to mind) and walk away from the whole deal.
4/ withdraw the money from randomly selected ATM machines over the next year or three, just scout them out first to make sure they aren't covered by security cameras (if they are wear a full face crash helmet) and make sure you have a concealed carry for the card itself, don't wanna get caught with that six months later....
You guys ought to get out more, I'm really surprised that in a diverse forum like this nobody knows about this one...
http://slashdot.org/~GuyFawkes/journal
Looks like a plea agreement. read it and weep^h^h^h^hlaugh here(pdf).
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
On the contrary. It is actually quite easy to generate a _completely_ untraceable email address. If one proceeds to use it from different (and carefully chosen) internet cafes and insecure wifi points you could conduct a series of correspondences without any chance of them tracing you. I shan't go into the details here but there are a number of web pages that describe the process. I believe "The Register" linked to such an article about 18 months ago.
"The first thing to do when you find yourself in a hole is stop digging."
Hmmm, HIV is not transmitted by eating and doesn't survive long outside human body. Put botulism in baby food, and we are talking. Besides, companies don't care what you do with the rest of the world. You will get more of a response if you threaten to release some internal memos saying there is no SCO source in Linux.
Um, this may be more philosophy than Slashdot usually prefers, but you're being a bit too glib here.
Punishment (including jail) can serve any combination of the following: to rehabilitate, to exact vengeance, and to isolate [i.e. to protect either the perpetrator or the innocent]. These are typically if not entirely not mutually exclusive, so it isn't unreasonable for a judicial system to adopt more than one.
The problem however, is that the American judicial system (or perhaps more clearly, the American criminal system) does not have a single perspective on the goal of the system [and in all fairness, no other nation in the world has a single perspective either]. Historically, legal Opinions laid down by Judges (these are the explanations written by judges in various cases, and are only presented when desired by the judge) have advocated various combinations of the three possible goals, and so it becomes impossible to determine which is 'right'. As if to make the problem worse, our founding fathers were clearly in dispute about the goals of their criminal system both as implied by their lack of its discussion in the constitution (there are no claims to the purpose of the criminal system in that hallowed document), and in their explicitly written debates about the issue over their lifetimes.
The only consensus is that the Jury is never supposed to attempt to subvert the law to their own opinions. The entire purpose of a jury is to determine the guilt [or lack thereof] of a defendent, and then in certain cases to determine the specific punishment from a list of possibilities.
So, to summarize, I agree that the jury should have given the subject lifetime in jail (if it was his 3rd offense in a 3-strike state), but I disagree with your statement of hte purpose of jailtime.
"Stumble before you crawl"
Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...
With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...
> Except there was a slight problem; when he cut the cables to the video cameras, he had also cut
> the power to the sliding doors, which automatically locked when there was a power failure.
Sounds like an urban legend to me. Such doors *unlock* when power is removed, because fire codes require it.
Chris Mattern
Fire codes are different for each City/County.
And sometimes drasticaly different.
For highly secure areas like banks, or research companies, some areas are allowed to be fail secure or fail safe.
The first meaning, power is needed to UNLOCK the door, and the second power is needed to LOCK the door.
Naturaly when power goes out, the opposite happens. Most times this is because of Maglocks and Door strikes.
It is very possible that this dumbass locked himself in. But even more possible that there is an override latch of some sort, and he was just too dumb to find it !!