Slashdot Mirror
A How-Not-To Guide to Cyber-Extortion
TexasDex writes "The Register reports: Myron Tereshchuk, 42, of Maryland, pleaded guilty to "attempted extortion affecting commerce" for sending threatening messages to a competing patent firm, including a demand for $17 million in exchange for not revealing sensitive information. He was clever in hiding his tracks, the messages came from two different homes and a dentist's office, all of which turned out to be running unsecured WAPs. He also avoided a web bug sent by the firm, and managed to penetrate the company's computer system. But he made a few mistakes. First of all he was already a prime suspect due to "past altercations between Tereshchuk and the company". But "the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.'""
There's a TV show broadcast over here in the UK (on some of the cable channels) "America's Dumbest Criminals" - guess this guy'll be on soon enough. I have to admit I thought a lot of the stories were made up, but if people are going to sign their REAL NAME to an extortion demand, sheesh, perhaps people *can* be that stupid.
Well, on the up-side, it at least frees the cops' time up so they can catch criminals with at least 1 brain cell. Let's hope the feedback loop stays negative...
Simon.
Physicists get Hadrons!
the clearest sign came when he issued the $17m extortion demand, and instructed the company to 'make the check payable to Myron Tereshchuk.
Almost as smart as this guy - "A man who walked into a Wal-Mart covered in blood and bought garbage bags Friday was charged with murder after authorities found a stabbed body in a trash bin."
Planning people, planning!
with various posts about CowboyNeal unless /. writes a check, payable to Rob Malda, for $1 million.
Beware!
To eliminate himself from suspicion, he should have told them to make the check out to "anybody but Myron Tereshchuk". They would then have everyone in the world BUT him as potential suspects! Brilliant!
They never get caught.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
"At one point, the company president tried to use a "Web bug" to trace his cyber tormenter, but Tereshchuk detected the ruse."
Uhh - sounds like they tried to install some kind of activex microblaster-enabled spyware bug?? Maybe he was using Mozilla or something less spyware-enabled? ^_^
Still not a bad hack attempt - smart to use others unsecured wireless connections. I'll bet we hear about more of these types of intrusions in the future (if the media prints it).
You can make your threats as vauge or specific as you want... you can be ~very~ anonymous given the tools available today (mail, internet, courier, payphone, stolen cellphones).
However, at one point, sooner or later, you need to pickup the cheque or cash. Wire transfers can be traced, as can direct deposits. If there's a cash-only transaction, the cash can be marked and the police can watch the drop point.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
If someone's a REAL master criminal, then he doesn't get caught and you never hear about him. Therefore, the only criminals you hear about are the dumb ones who get caught. Or at least that's my theory. Seems worthy of a $100 million research grant. (And there you have my template for becoming a master criminal. Enjoy.)
Yup, the drop is always the hard part, isn't it?
And thank goodness. We'll always have action movies.
But as the stupid one are caught you are left with the intelligent mastermind, which will enjoy their million extorqued. "Darwnism", if I may use the analogy at its best.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
"Jack Hoff"... That takes me back. There was a local cop in my home town whose last name was Knouff. In his off duty time, he was a heavy drug user and mall cop, in that order. In junior high, we always called him Jack. Being sort of a failed body builder/wannabe stud/ scumbag type, he was usually hitting on high school girls who would then laugh at him and continue teasing him after we left. After a while, there must have been hundreds of kids doing this to him. Years later, I heard he had some kind of meltdown drunk and on duty at the mall where he beat the crap out of a 15 year old. Turns out his real name was Ralph, which I'm not sure was really any better. I wonder whatever happened to old Officer Jack Knouff? Now that it I'm thinking of it, the police chief here was named Richard Reems... I'm starting to think my hometown was run by the cast of a gay porn movie...
Someday a real rain is gonna come...
Only the dumb criminals get caught. The authorities don't even know the smart criminals are committing crimes, let alone catching them.
You can't stay anonymous forever on the Internet. There are too many methods available to trace a person back to the source. Subpoenaing server logs or ISP client records is a good start.
On the contrary. It is actually quite easy to generate a _completely_ untraceable email address. If one proceeds to use it from different (and carefully chosen) internet cafes and insecure wifi points you could conduct a series of correspondences without any chance of them tracing you. I shan't go into the details here but there are a number of web pages that describe the process. I believe "The Register" linked to such an article about 18 months ago.
"The first thing to do when you find yourself in a hole is stop digging."
pffft. Amateur.
Everybody knows that only an idiot would ask for the check out to himself; so he could use that as an alibi, since nobody would believe that it was him.
Of course, a truly smart criminal would know that a smart investigator would realize that most people know that you shouldn't ask for the check to be written out to your own real name; so he should not have the check written to his own name. But naturally, a well-trained detective would recommend that possibility and immediately discount the possiblity that the name he demanded to be written on the check was his own name; so he should have used his own name.
But the company he was blackmailing was located in Connecticut, which is kind of like a miniature Australia; and everybody knows that Australia is populated by criminals...
(Ow, I think my head hurts now.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
...never break the law. They write it.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
Actually, I would not say that it is funny, but interesting. There is a lot of comments about how the company he was extorting was in corruption with the USPTO. I would not doubt this either. The sole purpose of this company was intellectual property. In the world of IP, it is much easier to make money from basically nothing. You take the work of others, and make it illegal for any one else to use it. The problem is, you need some good lawyers and some connections in the USPTO to guarantee that you receive the patents soon enough and that they go through. Now, you can argua about IP and the function it is supposed to serve, but it is what is happening in reality that I am concerned about. IP is not about progress, rarely is the case. It is about keeping control over a particular industry/technology/company/etc. It appears that this criminal was in the know of the problems, but was unfortunately a complete idiot and when it came down to it, acted foolishly. Even all the comments on slashdot are about "darwin" this "dumb criminal" that. For a bunch of geeks, it makes me sad to hear that most of you fail to look deeper into this. Go ahead, make your jokes. Laugh at the foolish criminal that has the same immoral thoughts as the company he went after. He went for the money, not the right thing to do. If he really did have information that would have exposed the company to ties with the USPTO, it would give more firepower to changing the patent system or even eliminating it and replacing it with something that would work more in helping progress science. Now, I don't know what is true or not, and these all could be lies, but I don't ignore it as absurd simply because it was a foolish criminal that said it. Making a fool out of a someone that is an enemy will tend to help you escape some of those ugly comments they made. Then again, I could have misread, I did read through only some of it really quick anyway. I recommend people read this, not any foolish remarks on a foolish person. This is slashdot, not Criminal Minds R' Us. I'll read it later, will you?
Question everything.
Break into the company's computers, steal some data. Break into the victim's computer, plant the data in some out-of-the-way subdirectory where he's unlikely to look. Start extorting the company, then at some point offer up the identity of your victim as your own. It seems like this would be pretty easy, especially when you consider how easy it is to take a computer over with trojans and worms now days. If you set the trojan to automatically erase most of itself after you planted the files, I doubt anyone would listen when the victim started claiming that he didn't know how the files got there.
This is an example of the sort of societal problems that come from widespread security vulnerabilities in computers. Windows is so easy to take over now that we can't really be sure of the origin of ANYTHING that we find on someone's comp. It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth. How hard would it be to write a worm/trojan that causes a computer to automatically download some illegal material, send an email 'tip' to the authorities via some anonymous remailer, and then erase most of the trojan? Can we really ever be sure 'beyond a reasonable doubt' that anyone is responsible for what's on their computers any more? What's to stop a criminal from installing a trojan on his own computer and then claiming (quite reasonably) that someone took over his computer and put the material there?
I really don't want this to turn into a anti-microsoft rant, but Windows vulnerabilities have basically reduced computers to the status of a big unlocked plastic bin that's sitting by the curb in front of everyone's house. If you find something illegal in it then yes, the guy who owns the bin looks pretty suspicious, but who's to say the neighbor didn't put it there? Or some random person who noticed the bin while driving by and decided to stop and place something inside? These security flaws have simultaneously taken away people's accountability for what's on their computers, and made it really easy to frame innocent people for major crimes.
Although I cannot condone what this gentleman did. I do feel kind of bad that he didn't get the money from this firm. Having worked for this patent firm "Micropatent", I've found that it is completely full of criminals, or at the very least, "Higly immoral people." The company has a large group of non-citizens who depend on their employment there to remain residents in the US. A few employee's whom I've talked to have been forced to move across the country and take a pay cut just to stay in america. They know this and exploit it. Additionally, their CIO has had a history of bad IT practices, utilizing minimal or often times no security to protect their own IP data as well as customer data. The biggest incident at this company was what the UNIX team found to be a 'staged break-in' which was allegedly staged by the CIO, Director of operations, Director of Development, A contracting senior developer, and the IT manager. During this breakin, mass amounts of data was exported off the servers, and the admin team was not allowed to track the data. Later investigation lead to considerable evidence including file timestamps, transfer logs, su logs, which overwhelmingly suggested that this was an inside job. This was brought to the attention to the VP of finance, as there was a LOT of money flying out the door that shouldn't have, and previous discussions were had with this VP. Eventually, the CIO and director of operations found out that the admin team were keen to these happenings and begin to harass the entire team. The whole team brough harassment charges up to the Human Resources Director, who suggested that the management in Micropatent were found guilty. However the day before her report was due to come out, all but one member of the team were fired. Incidentally, the VP of finance and HUMAN RESOURCES were fired as well.
After all the harassment and insane goings on, it is common to want to seek some sort of revenge, however people need to realize that it is just not worth it and then move on. That's what I had to do. Funny part is this guy never even worked there...
With any luck, someday the feds will set their sites on Micropatent and they'll get what they deserve...