Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
There's a TV show broadcast over here in the UK (on some of the cable channels) "America's Dumbest Criminals" - guess this guy'll be on soon enough. I have to admit I thought a lot of the stories were made up, but if people are going to sign their REAL NAME to an extortion demand, sheesh, perhaps people *can* be that stupid.
Well, on the up-side, it at least frees the cops' time up so they can catch criminals with at least 1 brain cell. Let's hope the feedback loop stays negative...
Simon.
Physicists get Hadrons!
the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.
Almost as smart as this guy - "A man who walked into a Wal-Mart covered in blood and bought garbage bags Friday was charged with murder after authorities found a stabbed body in a trash bin."
Planning people, planning!
with various posts about CowboyNeal unless /. writes a check, payable to Rob Malda, for $1 million.
Beware!
To eliminate himself from suspicion, he should have told them to make the check out to "anybody but Myron Tereshchuk". They would then have everyone in the world BUT him as potential suspects! Brilliant!
They never get caught.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
"At one point, the company president tried to use a "Web bug" to trace his cyber tormenter, but Tereshchuk detected the ruse."
Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug?? Maybe he was using Mozilla or something less spyware-enabled? ^_^
Still not a bad hack attempt - smart to use others unsecured wireless connections. I'll bet we hear about more of these types of intrusions in the future (if the media prints it).
You can make your threats as vauge or specific as you want... you can be ~very~ anonymous given the tools available today (mail, internet, courier, payphone, stolen cellphones).
However, at one point, sooner or later, you need to pickup the cheque or cash. Wire transfers can be traced, as can direct deposits. If there's a cash-only transaction, the cash can be marked and the police can watch the drop point.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
If someone's a REAL master criminal, then he doesn't get caught and you never hear about him. Therefore, the only criminals you hear about are the dumb ones who get caught. Or at least that's my theory. Seems worthy of a $100 million research grant. (And there you have my template for becoming a master criminal. Enjoy.)
Yup, the drop is always the hard part, isn't it?
And thank goodness. We'll always have action movies.
But as the stupid one are caught you are left with the intelligent mastermind, which will enjoy their million extorqued. "Darwnism", if I may use the analogy at its best.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
Writing hold up notes on one of your own return address formatted envelopes is not a good way to go about it either. Or in his case demanding a check in his own name. Cracks me up when I see people make fundamental mistakes like that.
Pete Carr Owner Chatmag.com
Uh, shouldn't that be Moron Tereshchuk?
This guy doesn't sound much better in a pinch than Peter Griffin:
! "
Psych ward clerk: "What's your name, sir?"
Peter: "Umm.....Pee.....ter.............Griffin.....damn
Bonus Simpsons quote:
Homer at Post Office (trying to disguise voice): "Hello, my name is Mr. Burns. I believe you have a letter for me"
Post Office employee: "Ok, what's your first name?"
Homer (smugly): "I don't know!
It would be cool if it didn't suck.
Looks like a plea agreement. read it and weep^h^h^h^hlaugh here(pdf).
"Jack Hoff"... That takes me back. There was a local cop in my home town whose last name was Knouff. In his off duty time, he was a heavy drug user and mall cop, in that order. In junior high, we always called him Jack. Being sort of a failed body builder/wannabe stud/ scumbag type, he was usually hitting on high school girls who would then laugh at him and continue teasing him after we left. After a while, there must have been hundreds of kids doing this to him. Years later, I heard he had some kind of meltdown drunk and on duty at the mall where he beat the crap out of a 15 year old. Turns out his real name was Ralph, which I'm not sure was really any better. I wonder whatever happened to old Officer Jack Knouff? Now that it I'm thinking of it, the police chief here was named Richard Reems... I'm starting to think my hometown was run by the cast of a gay porn movie...
Someday a real rain is gonna come...
Only the dumb criminals get caught. The authorities don't even know the smart criminals are committing crimes, let alone catching them.
pffft. Amateur.
Everybody knows that only an idiot would ask for the check out to himself; so he could use that as an alibi, since nobody would believe that it was him.
Of course, a truly smart criminal would know that a smart investigator would realize that most people know that you shouldn't ask for the check to be written out to your own real name; so he should not have the check written to his own name. But naturally, a well-trained detective would recommend that possibility and immediately discount the possiblity that the name he demanded to be written on the check was his own name; so he should have used his own name.
But the company he was blackmailing was located in Connecticut, which is kind of like a miniature Australia; and everybody knows that Australia is populated by criminals...
(Ow, I think my head hurts now.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
...never break the law. They write it.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
And that is supposed to mean the system works and society is safe? THINK AGAIN!
A 90-plus percent conviction rate says nothing about
- crimes that go undetected (obviously not part of any statistc)
- crimes that never go to court (lack of evidence/suspects, or shady deals with the DA)
- innocent people being convicted (erroneously, or -even worse- deliberately)
I'm not advocating crime (i concur with other posters in suggesting a political career instead), but i recommend scepticism towards these bogus statistics. Especially with the current abrogation of civil rights, the conviction rate is about the worst metric for the qality of a judicial systemAnd make no mistake: a right taken from a "suspected terrorist" is a right taken from YOU. Just wait until your name shows up on some computer-generated list of (probable) suspects.
But coming back to conviction rates: history has quite a few examples of systems with really high conviction rates. You might want to read up on Cheka, NKWD, GESTAPO, STASI, .. All of these have one thing in common: they were not bound by the law they were (supposed) to uphold. Then read on about Camp X-Ray.
here .
Fight Spammers!
Break into the company's computers, steal some data. Break into the victim's computer, plant the data in some out-of-the-way subdirectory where he's unlikely to look. Start extorting the company, then at some point offer up the identity of your victim as your own. It seems like this would be pretty easy, especially when you consider how easy it is to take a computer over with trojans and worms now days. If you set the trojan to automatically erase most of itself after you planted the files, I doubt anyone would listen when the victim started claiming that he didn't know how the files got there.
This is an example of the sort of societal problems that come from widespread security vulnerabilities in computers. Windows is so easy to take over now that we can't really be sure of the origin of ANYTHING that we find on someone's comp. It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth. How hard would it be to write a worm/trojan that causes a computer to automatically download some illegal material, send an email 'tip' to the authorities via some anonymous remailer, and then erase most of the trojan? Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more? What's to stop a criminal from installing a trojan on his own computer and then claiming (quite reasonably) that someone took over his computer and put the material there?
I really don't want this to turn into a anti-microsoft rant, but Windows vulnerabilities have basically reduced computers to the status of a big unlocked plastic bin that's sitting by the curb in front of everyone's house. If you find something illegal in it then yes, the guy who owns the bin looks pretty suspicious, but who's to say the neighbor didn't put it there? Or some random person who noticed the bin while driving by and decided to stop and place something inside? These security flaws have simultaneously taken away people's accountability for what's on their computers, and made it really easy to frame innocent people for major crimes.
Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...
With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...