Sextortion – are you aware of it?

As so many are flocking to cell phones and the ages of the users are getting younger, there is a topic that parents need to be aware of.

Sextortion is a form of sexual exploitation that employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.[1]

We as a society need to be able to band together to combat this psychological attack against our youth. 83% of the victims are female, and 46% are minors. Like physical sexual assault, it is estimated that only a third or less of the victims report the crime. 60% of the perpetrators knew the victim before the incident.

I have reviewed the evidence of one of these cases personally. No, I will not share that data as the victim does not deserve that. The portrayal below is based on that incident but is sanitized for her privacy. This was properly reported to the appropriate authorities.

Here is how this abuse occurred:

  • Victim received a text from an unknown source
  • criminal claimed that they had nude photos of the victim
  • They also recited her street address, including which room within her apartment was hers
  • the pictures were going to be shared on all forms of social media unless she complied with the criminal
  • the criminal wanted her to disrobe for more pictures
  • on a the second day the criminal resumed texting with a more aggressive tone
  • the same intent of getting more pictures
  • Criminal escalated to calling the victim and pressuring her to an online video chat service in Scandinavia (I believe in Norway) to excuse herself from family to go to a bathroom to disrobe and put herself on display.

As I and my colleagues tried to trace the evidence and find the personal data exposure, we were impressed with the victim’s awareness of protecting her data. She does not have her college address shared with any databases other than Amazon, and even they did not have which room was hers.

Text messages are very hard to trace unless you are law enforcement. Even for them, they are not easy. Because of my role, I was able to provide the FBI with the owner (not the user) of the phone numbers used to text and call the victim.  I was also able to  alert the abuse team at the video chat service so that they could review the actions of their users. Since I did not have a subpoena, I was unable to get data to relay to the FBI.

When the victim returned to campus, she found that her roommates were also victims. Since the issue was clearly involving a local perp, the apartment management was advised. They had a very lame excuse that this was a data breach when someone restarted the internet. I am still stunned with how stupid this answer is. The apartment management company did say that seven women had come forward. This number ended up rising to twenty when published by a local media source. The article was a plea for other victims to come forward. It is my personal opinion that the apartment complex has a rogue employee that needs to be identified, arrested, and prosecuted. So far this particular incident is limited to the complex.

When I asked if the abuse has continued, the victim stated that there has not been a peep since the police report was filed. The situation is getting great exposure on campus so the student body is much more aware.

If you check the links below, you will find that this situation is not isolated, but becoming more and more common.

Parents need the same level of awareness. This is the tool that you need to arm your kids (regardless of how grown that they are) so that they can fend off these pond scum samples.

Obviously the first line is to make sure that they do not have these kinds of pictures TO BE shared in the first place. I also know that this is wishful thinking, just like abstaining from sex before committed relationships. It is talking to them so that they know if they do not have content for the criminals to share, then why co-operate with their demands. Do not delete the texts, call logs or any other evidence. The local police (and likely the FBI) need to be contacted. Take the time to file the report. The perp needs to be caught. This is nothing to be ashamed of. Even if your kids DID have content that could be exposed, this is not the time to blame the victim. They did nothing to deserve this. My thought is to treat that situation as you would when your kid calls form a party/bar after drinking. Get them to safety then discuss when it is more mentally safe to do so. If your kids know without a doubt that you will stand with them, then they will be more likely to tell you of the incident so you can help them through it.

I hope that nobody that you know has to go through this, but the numbers indicate that it will hit close to home.

Related useful links:

https://www.fbi.gov/news/stories/sextortion

https://www.fbi.gov/audio-repository/news-podcasts-inside-sextortion-and-the-lucas-chansler-case.mp3/view

Prosecutors: ‘Sextortion’ Cases Targeting Young Women At Alarming Rate

Sextortion

Cyber attacks

It is quite fun to watch cyber attacks in action.

 

I monitor http://map.norsecorp.com/ throughout the day.

It has also prompted an update on the site.

Global access has been closed to non-US IP addresses. This should limit a bunch of the attacks that I see in my logs. China and the former USSR nations seem to the worst offenders so they were the first under the axe.

 

What is Griz into now?

*** as always (since there are some new readers) my employer is to be left out of my posts. You can always email me if you have questions about this policy.

A few months ago, I was promoted to Cyber Security Analyst I.

Along with this promotion came a tremendous amount of studies. I need to come up to speed with the rest of my newly formed team.

There are several certifications I will be seeking.

 

You will also see some oddly geeky posts that I do not expect you to understand. Part of the upcoming posts will be my mental digestion processes. Another part of included will be cautionary tidbits that I discover that may be of use to you. Some of you follow my Twitter feed (@Pissed0ffpirate (with a zero)) so you have already started seeing the new cyber security content.

I hope that some will find it interesting and choose to me interactive with it. If not, that is okay, it is like practicing for a speech and other memory aids.

 

 

 

 

 

Ashley Madison – really?

Since the media is saturated, why not add my two cents worth?

As a cyber security professional I may view things a little differently.

So we have a site (others as well) that caters to cheating. Is it  a shock? It shouldn’t be, there are sites for pretty much everything.

As you probably already have gathered via that media saturation as the world things that this is FAR more important than any other world issue a site that is devoted to aiding people in cheating on those that they love. That site was broken into OR had an insider blow the whistle on the whole shebang.  At this point there are some clues that lead us to believe that the breach revealed far too much to be the result of a break in. That the data is too complete.

so we have:

  • a breech of security

The breach may have been an inside job, so that is an interesting series of bit in my feeds. (@Pissed0ffPirate (that is a zero) if you want to follow me on Twitter)

  • release of confidential material

We get to see a list of people who are not so smart. This list has people who never thought of the worst, are naive, or just plain dumb. We are seeing claims of those who claim that they were set up. I suppose that it is possible that they could have been, only the individual would know the truth.

  • suicides

As of today, I am aware of three suicides being attributed to the release of the data. Is this worth ending one’s life? (I think I have a suicide post around here somewhere) Why not either fix your relationship or move on and try for a new one?

  • lawsuits

We are seeing legal actions already starting. I don’t know how many of these will remain individual actions or if they will be forced into one or a few class action lawsuits.

  • sextortion

For those that made the decision to wander this path, and someone tries to extort or blackmail you… just fess up. Your spouse/significant other is going to find out. No doubt about it. Just step up and work through it. (you may have to end it, but at least you don’t have the stress or financial losses)

  • further relationship issues

At some point down the road, there will be studies and surveys that will show how many relationship and families were affected by this, but right now it is too early to tell.

  • potential FTC action

With Ashley Madison defrauding it’s clients with fake female accounts and poor cyber security practices will the FTC have a field day with their sorry asses?

Since the courts have just given the FTC that authority, I am expecting tremendous scrutiny and fines.

  • issues I have forgotten or did not think of

some of the data is showing 20 million guys checked their Ashley Madison email, but only 1492 women did… those are some really slim odds of getting tail. that tail also has to be really tired and like tossing that hot dog down a hallway. With the site creating a ton of bogus accounts to give the semblance of women to meet, it seems like plain fraud and dirty pool. Remember that I see quite a bit of spam for other sites and the names  and locations change for the women’s images. We know that there have been cases where pictures of women have been harvested from the web/facebook and used by these types of sites.

As a man, I have a pretty strong belief that any near average or better woman that would like to spend some time between the sheets (or on/in  a car, stairwell, rooftop, back yard, wherever) with a man, all they need to do is let it be known and they could even take auditions if they wanted.