A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
This reminds me of two other cases:
The guy who robs the bank but drops his wallet (with ID inside)
The guy who writes a bank robbery note on the back of his own checking account deposit slip.
And yes, both are true stories. Its probably a Good Thing(tm) that most criminals are incredibly stupid.
Tequila: It's not just for breakfast anymore!
If everything happens inside the US, you are right, but you can successfully send money to less than scrupulous parties in certain nations...
I haven't done it myself, but I've read about it being done(not to mention there have been successful Nigerian 419ers).
That being said, after 9/11 it is getting harder, but not impossible, to make fradulent wire transfers.
Really? Is there some statistic on how many crimes remain unsolved?
The vast majority of non-cyber crimes are solved. This is due in part to many crimes being "crimes of opportunity" (no planning) and the fact that most really smart people can get good jobs and understand that most crimes are solved. Also, most crimes that go to court result in conviction (well over 90%).
I worked in the criminal defense field for a while, and from first hand experience, I can tell you that most criminals are not only very stupid, but they seem to think that everyone else is stupid, too. Incompetent people don't realize they are incompetent. There was a British study that demonstrated this a year or two ago.
Tequila: It's not just for breakfast anymore!
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
Break into the company's computers, steal some data. Break into the victim's computer, plant the data in some out-of-the-way subdirectory where he's unlikely to look. Start extorting the company, then at some point offer up the identity of your victim as your own. It seems like this would be pretty easy, especially when you consider how easy it is to take a computer over with trojans and worms now days. If you set the trojan to automatically erase most of itself after you planted the files, I doubt anyone would listen when the victim started claiming that he didn't know how the files got there.
This is an example of the sort of societal problems that come from widespread security vulnerabilities in computers. Windows is so easy to take over now that we can't really be sure of the origin of ANYTHING that we find on someone's comp. It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth. How hard would it be to write a worm/trojan that causes a computer to automatically download some illegal material, send an email 'tip' to the authorities via some anonymous remailer, and then erase most of the trojan? Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more? What's to stop a criminal from installing a trojan on his own computer and then claiming (quite reasonably) that someone took over his computer and put the material there?
I really don't want this to turn into a anti-microsoft rant, but Windows vulnerabilities have basically reduced computers to the status of a big unlocked plastic bin that's sitting by the curb in front of everyone's house. If you find something illegal in it then yes, the guy who owns the bin looks pretty suspicious, but who's to say the neighbor didn't put it there? Or some random person who noticed the bin while driving by and decided to stop and place something inside? These security flaws have simultaneously taken away people's accountability for what's on their computers, and made it really easy to frame innocent people for major crimes.
One more...
I was doing some contract work for First Tennessee a few years ago when someone robbed one of their rural branches. Redneck thief walks in, announces he has a bomb, demands money. They give him money, he lights the fuse on the bomb and tosses it over the counter. Luckily, all it did was burn a hole in the carpet, but the tellers were pretty shook up.
When the crook gets back to his house (probably a trailer, never heard one way or the other), the sheriff's department is already there and waiting for him. It seems he had been growing marijuana in the back yard, and they were there to burn his pot patch and arrest him on dope charges. The bank robbery was just a nice bonus for them.
Chip H.