The hacker knew every move the unsuspecting victim made. He controlled her computer webcam and microphone. He could see her in her bedroom, hear her conversations, knew every keystroke she made online. And he threatened to expose her secrets unless she bowed to his demands.
It may sound like the plot for a scary teen movie, but it actually happened, and there wasn’t just one victim—there were more than 200, and dozens of them were adolescent girls.
Don't Let It Happen to You
Here are a few precautions that can keep you from being victimized by a social engineering attack:
- Don’t take for granted that your computer’s anti-virus software is a guarantee against intrusions.
- Turn off your computer when you aren’t using it. (The majority of computers involved in the sextortion case were laptops; many of the victims chatted on social networks so much that they never turned off their machines.)
- Cover your webcam when not in use.
- Don’t open attachments without independently verifying that they were sent from someone you know.
- It’s okay to be suspicious. If you receive a message with an attachment from your mother at 3 a.m., maybe the message is not really from your mother. “Most people are too trusting when it comes to their computers,” Agent Kirkpatrick said.
- If your computer has been compromised and you are receiving extortion threats, don’t be afraid to talk to your parents or to call law enforcement.
Unlike many computer intrusions, where a hacker uses malicious software to steal identities or financial information, this case was primarily about spying and extortion—or as our Los Angeles cyber squad more aptly termed it, “sextortion.”
The hacker, a 31-year-old California man who was arrested in June after a two-year investigation, used malicious code to infect and control the computers of his victims. Then he searched for explicit pictures from their computers, downloaded them, and used the images in an attempt to extort more pictures and videos from them.
“What’s so frightening about this case was how easily the victims’ computers were compromised,” said Special Agent Jeff Kirkpatrick, one of our Los Angeles cyber investigators who worked the case.
After the hacker infected one computer, he used a popular social networking site—and a technique called “spear phishing”—to spread the virus. “It was a social engineering attack,” said Special Agent Tanith Rogers, co-investigator on the case. “The victims were tricked. They had no idea what had happened until it was too late.”
In several instances, the hacker posed online as a young woman’s friend or sister and sent messages with attachments asking if the victim wanted to see a scary video. Because the messages appeared to be from a trusted source, the victims usually didn’t think twice about opening the attachment. When they did, the virus secretly installed itself, and the hacker had total control over their computers—including all files and folders, webcams, and microphones.
Using similar spear phishing methods—posing as a friend or a trusted source—the hacker spread the virus through the social network like wildfire. In all, there were 230 victims and more than 100 computers impacted.
“And this guy was no computer genius,” Agent Kirkpatrick said. “Anybody could do what he did just by watching an online video and following the directions.”
Have Information on the Case?
The hacker in the sextortion case used a variety of screen names and e-mail addresses, which are listed below. If you have information regarding the case—there may be other victims—please contact your nearest FBI office or submit a tip online.
Victims—particularly teenage girls—were understandably devastated when they learned their privacy had been so completely violated. Many were afraid to tell their parents about the situation.
“He was smart,” Agent Rogers said of the hacker. “He used their fear to try to control them.”
For example, the hacker attached a pornographic picture of one victim in an e-mail and demanded sexually explicit video of her in return for not telling her parents about the pictures he had downloaded from her computer.
“If he hadn’t attempted to contact the victims,” Agent Rogers said, “he could have done this forever and gone undetected—the victims would never have known he was listening and watching. That,” she added, “is one of the most disturbing things about this case.”
This needs bumped back in focus. Please copy and paste this into a hub. You may save a life! Thanks for the information.
goldenpath thanks for your comment - serious business.
The ability to control another persons computer has been around since,,,,,, computers.
This is how those massive attacks happen. Thousands of computers get infected and are used as "host" to attack a server, website or whatever.
It's an old trick that's been around forever. What this guy did was just a variation of that. Old news but worth repeating since so many don't know how it works.
by theirishobserver.5 years ago
In 2010 almost 8,000 Irish Females travelled to England to have their unborn babies terminated. Some of these females were as young as 11 years old; the majority of terminations were convenience terminations, Doctors...
by Prince Maak7 years ago
Can we live or can we work without Computers? How will be our Life without COMPUTERS.
by WD Curry 1115 years ago
Call to all atheists! I have locked horns with a few of you already. I am brand new to Hub Pages, but you are out of line to call me a newbie. I worked on the first generation of graphic computers. They weren’t...
Copyright © 2016 HubPages Inc. and respective owners.
Other product and company names shown may be trademarks of their respective owners.
HubPages® is a registered Service Mark of HubPages, Inc.