A How-Not-To Guide to Cyber-Extortion

TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""

Re:Did they use a trojan or spyware?

[Aardpig]

Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug??

Web bugs work on all web browsers, unless you have image loading disabled. Read about them here, and repeat after me: "I will not be a mindless fanboy. I will not be a mindless fanboy.".

Re:Darwinian criminal behaviour ...

[ornil]

Well, there's a pretty extensive web column with a few new cases each week, called Dumb Crooks. Those cases you mention are there, plus hundreds of others. Pretty amusing read.

Re:Darwinian criminal behaviour ...

[Pharmboy]

and the guy who rubbed fresh lemons on his face before robbing a bank because someone told him that if you did that, the cameras could not pick up your image. True story according to "news of the weird", a syndicated feature found in many independent newspapers here in the US. They have stories like this all the time.

News of the Weird can be found here. Its a very good weekly read that has tons of these exact type of stories.

Re:this is why extortion never works

[GuyFawkes]

There is an old method that does work and is used for extortion and other purposes...

1/ create bank / building society account in ficticious name with false documents and genuine 500 cash deposit. Make sure account comes with an ATM card.

2/ wait one year while doing the minimum to keep the account active. Do not go near the maildrop you used, but do make sure it is paid up.

3/ Do extortion thing, instruct victim in the following manner...
a/ pay 100,000 into account number xxxx at bank xxx
b/ notify the police if you wish, but be advised that should the account be suspended or frozen in ANY way WHATSOEVER you will simply and without further warning do whatever it was you threatened (eg put HIV+ blood in baby food which was most recent case here that comes to mind) and walk away from the whole deal.

4/ withdraw the money from randomly selected ATM machines over the next year or three, just scout them out first to make sure they aren't covered by security cameras (if they are wear a full face crash helmet) and make sure you have a concealed carry for the card itself, don't wanna get caught with that six months later....

You guys ought to get out more, I'm really surprised that in a diverse forum like this nobody knows about this one...

Sad part is Micropatent is full of criminals.

Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.

After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...

With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...