2018 Bitcoin bomb threats

Last updated

On December 13, 2018, thousands [1] of businesses, individuals, schools, news agencies, and other places throughout the United States, Canada, and Australia received emailed bomb threats, warning that a "mercenary" of the sender of the email had placed a bomb in the receiver's workplace and demanding that a ransom of $20,000 be sent to a Bitcoin address to prevent the bomb from being detonated. Six schools in Australia's capital city Canberra were evacuated after threats. [2] The explosive stated to be used in the bomb, along with the Bitcoin address, varied between emails. Police departments in New York City, Oklahoma City, Massachusetts, and Calgary, among other areas of the United States and Canada, stated that the threats were likely not credible and that no explosive devices had been found in any of the threatened areas. [3]

On December 14, Jaeson Schultz of Cisco Talos wrote that the bitcoin addresses associated with the bomb threats received only two transactions, both of which were under $1. He also wrote that the same group was behind an earlier sextortion scheme which was more profitable, and that they started making new threats of throwing acid onto individual recipients. [4]

In January 2019, anti-spam researcher Ronald Guilmette found that a GoDaddy security weakness was exploited to help the spam campaign. [5] [6]

See also

Related Research Articles

A bomb threat or bomb scare is a threat, usually verbal or written, to detonate an explosive or incendiary device to cause property damage, death, injuries, and/or incite fear, whether or not such a device actually exists.

<span class="mw-page-title-main">Extortion</span> Criminal offense of obtaining benefit through coercion

Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, although making unfounded threats in order to obtain an unfair business advantage is also a form of extortion.

<span class="mw-page-title-main">Pump and dump</span> Form of securities fraud

Pump and dump (P&D) is a form of securities fraud that involves artificially inflating the price of an owned stock through false and misleading positive statements (pump), in order to sell the cheaply purchased stock at a higher price (dump). Once the operators of the scheme "dump" (sell) their overvalued shares, the price falls and investors lose their money. This is most common with small-cap cryptocurrencies and very small corporations/companies, i.e. "microcaps".

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

<span class="mw-page-title-main">Bulletproof hosting</span> Internet service for use by cyber-criminals

Bulletproof hosting (BPH) is technical infrastructure service provided by an Internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks. BPH providers allow online gambling, illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.

<span class="mw-page-title-main">Blue Frog</span>

Blue Frog was a freely-licensed anti-spam tool produced by Blue Security Inc. and operated as part of a community-based system which tried to persuade spammers to remove community members' addresses from their mailing lists by automating the complaint process for each user as spam is received. Blue Security maintained these addresses in a hashed form in a Do Not Intrude Registry, and spammers could use free tools to clean their lists. The tool was discontinued in 2006.

On Internet usage, an email bomb is a form of net abuse that sends large volumes of email to an address to overflow the mailbox, overwhelm the server where the email address is hosted in a denial-of-service attack or as a smoke screen to distract the attention from important email messages indicating a security breach.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

<span class="mw-page-title-main">Swatting</span> Criminal harassment tactic

Swatting is a criminal harassment act of deceiving an emergency service into sending a police or emergency service response team to another person's address. This is triggered by false reporting of a serious law enforcement emergency, such as a bomb threat, murder, hostage situation, or a false report of a mental health emergency, such as reporting that a person is allegedly suicidal or homicidal and may be armed, among other things.

<span class="mw-page-title-main">McColo</span> Defunct web hosting provider used for cybercrime

McColo was a US-based web hosting service provider that was, for a long time, the source of the majority of spam-sending activities for the entire world. In late 2008, the company was shut down by two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.

Sextortion employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.

Social spam is unwanted spam content appearing on social networking services, social bookmarking sites, and any website with user-generated content. It can be manifested in many ways, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.

The Kelihos botnet, also known as Hlux, is a botnet mainly involved in spamming and the theft of bitcoins.

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There was no guarantee that payment would release the encrypted content.

<span class="mw-page-title-main">Gameover ZeuS</span> Peer-to-peer botnet

GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.

References

  1. Cleary, Tom (December 13, 2018). "Bitcoin Bomb Threat Emails Spark Evacuations Nationwide". Heavy.com. Retrieved December 13, 2018.
  2. Groch, Dan Jervis-Bardy, Sherryn (December 14, 2018). "Bomb threat forces school evacuations across Canberra". Canberra Times. Retrieved December 15, 2018.{{cite web}}: CS1 maint: multiple names: authors list (link)
  3. Robertson, Adi (December 13, 2018). "Bitcoin scammers send bomb threats across US, causing evacuations". The Verge. Retrieved December 13, 2018.
  4. Cimpanu, Catalin (December 13, 2018). "'Bomb threat' scammers are now threatening to throw acid on victims". ZDNet. Retrieved January 28, 2019.
  5. Krebs, Brian (January 22, 2019). "Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com". Krebs on Security. Retrieved January 28, 2019.
  6. Johnson, Tim (January 23, 2019). "Those bomb hoaxes last month? GoDaddy may have played unwitting role". McClatchy Washington Bureau. Retrieved January 28, 2019.