Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
This reminds me of two other cases:
The guy who robs the bank but drops his wallet (with ID inside)
The guy who writes a bank robbery note on the back of his own checking account deposit slip.
And yes, both are true stories. Its probably a Good Thing(tm) that most criminals are incredibly stupid.
Tequila: It's not just for breakfast anymore!
If everything happens inside the US, you are right, but you can successfully send money to less than scrupulous parties in certain nations...
I haven't done it myself, but I've read about it being done(not to mention there have been successful Nigerian 419ers).
That being said, after 9/11 it is getting harder, but not impossible, to make fradulent wire transfers.
Really? Is there some statistic on how many crimes remain unsolved?
The vast majority of non-cyber crimes are solved. This is due in part to many crimes being "crimes of opportunity" (no planning) and the fact that most really smart people can get good jobs and understand that most crimes are solved. Also, most crimes that go to court result in conviction (well over 90%).
I worked in the criminal defense field for a while, and from first hand experience, I can tell you that most criminals are not only very stupid, but they seem to think that everyone else is stupid, too. Incompetent people don't realize they are incompetent. There was a British study that demonstrated this a year or two ago.
Tequila: It's not just for breakfast anymore!
One must have an impressive grudge to consider using RICIN (which happens to be my favorite poison)
smart to use others unsecured wireless connections
/. while waiting for my client to arrive.
I was recently in an office building in Dallas where I found 7 unsecured wireless connections. Each company had taken the time to change the SSID to match the name of their company, but it seems that encryption was something they didn't want to be bothered with.
I bounced around until I found the one with the fastest internet connection and proceeded to read
"Lame" - Galaxar
How can someone be 'smart' to get that far, and then use their name. It defies all logic known to man. Perhaps idiots are needed in the world afterall for our entertainment.
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
An honest question: where would they go from there when they found out he was using random open wireless networks? That gotta be pretty tough to track down...
||:|::
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
I could be wrong, but can't they program the ATM to treat the account as "stolen" and just eat your ATM card?
Break into the company's computers, steal some data. Break into the victim's computer, plant the data in some out-of-the-way subdirectory where he's unlikely to look. Start extorting the company, then at some point offer up the identity of your victim as your own. It seems like this would be pretty easy, especially when you consider how easy it is to take a computer over with trojans and worms now days. If you set the trojan to automatically erase most of itself after you planted the files, I doubt anyone would listen when the victim started claiming that he didn't know how the files got there.
This is an example of the sort of societal problems that come from widespread security vulnerabilities in computers. Windows is so easy to take over now that we can't really be sure of the origin of ANYTHING that we find on someone's comp. It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth. How hard would it be to write a worm/trojan that causes a computer to automatically download some illegal material, send an email 'tip' to the authorities via some anonymous remailer, and then erase most of the trojan? Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more? What's to stop a criminal from installing a trojan on his own computer and then claiming (quite reasonably) that someone took over his computer and put the material there?
I really don't want this to turn into a anti-microsoft rant, but Windows vulnerabilities have basically reduced computers to the status of a big unlocked plastic bin that's sitting by the curb in front of everyone's house. If you find something illegal in it then yes, the guy who owns the bin looks pretty suspicious, but who's to say the neighbor didn't put it there? Or some random person who noticed the bin while driving by and decided to stop and place something inside? These security flaws have simultaneously taken away people's accountability for what's on their computers, and made it really easy to frame innocent people for major crimes.
One more...
I was doing some contract work for First Tennessee a few years ago when someone robbed one of their rural branches. Redneck thief walks in, announces he has a bomb, demands money. They give him money, he lights the fuse on the bomb and tosses it over the counter. Luckily, all it did was burn a hole in the carpet, but the tellers were pretty shook up.
When the crook gets back to his house (probably a trailer, never heard one way or the other), the sheriff's department is already there and waiting for him. It seems he had been growing marijuana in the back yard, and they were there to burn his pot patch and arrest him on dope charges. The bank robbery was just a nice bonus for them.
Chip H.
So what's the best way to demand an extortion payment? The new $20 bills have RFID tags in them, so you can't get 'unmarked bills.' Do you ask for gold coins? Or will the cops stake out the location of the drop? Payments to a swiss escrow account, perhaps? There has to be a more creative way...
___
It's the end of my comment as I know it and I feel fine.
Does something potentially worring strike you about the following situation;
1) A company/person reports receiving threats
2) These threats cannot be traced
3) After a while, one item of communication contains information singling out someone as the culprit
4) This person is then arrested and charged
I mean, yes, the fact that there had been a previous dispute between the companies indicates that the charged person had a motive to damage the other - but it ALSO indicates a motive for the OTHER part. Both parties had a motive to damage the other.
People are likely to jump on it, of course, since it seems to be "just another case of a dumb criminal exposing himself".
I would be seriously worried if this guy is convicted, or even suffers significantly as a result, without additional pieces of evidence. At the very least, check his computer for electronic evidence, and whereabouts at the times the threats were sent.