web analytics

Well, that’s sinister

Remember this attempted extortion email I got in February? No reason why you should, but I thought it was pretty funny at the time. And I’ve gotten six or eight of them since, all in varying degrees of hilarious Google Translate English.

In fact, I’ve started to get them in other languages now, and I’ve had to use Google Translate to work out what they are. Which is pretty meta, come to think of it.

Anyway, the basic premise is that the sender has installed a virus on your computer, used your camera to film you getting it on with a porn site (with a split screen, so you can see the porn, too!) and will send the video to everyone in your contact list if you don’t give them $300 in bitcoin.

This one (see above) is a little different. The English is better (though you can see in the first paragraph that they don’t know how to drive the spam software — they’ve left in two variants of the opening statement), they’re asking for $1,000…and that thing under the black box is my real password.

Well, a real password. It’s the one I use for sites where it doesn’t matter. I’ve used it for years and years on things like technical help forums and the like. No doubt, it was a breach at one of them that caused this leak. Though I thought passwords were stored encrypted. So…leaky browser? I don’t know. Whatever.

Gives you a jolt, though. I can’t imagine how much of a jolt it would be if I’d ever, you know, actually visited a porn site.


Comment from Ric Fan
Time: September 27, 2018, 9:42 pm

Negotiate. Tell him instead you will send him a minature painting of a chicken if he will send you his address.

Comment from Armybrat
Time: September 28, 2018, 12:32 am

Got the same thing with my usual password several months ago. I only use that password on throwaway sites. But I had the same visceral reaction you did. I didn’t worry too much as my important passwords are not even close to the one mentioned. I’m still here 😁 so I’m pretty certain I’m in the clear on this! Not that your site is a throwaway site….

Comment from svs
Time: September 28, 2018, 8:15 am

There is a security researcher called Troy Hunt who has got hold os all the databases of ‘leaked’ passwords and emails that have been made generally available. If you go to https://haveibeenpwned.com/ you can enter your email and it will tell you if it’s amongst those leaked. (I think it might also send an email to the address you entered with details about the breach.)

Certainly a site should store a hash of the password rather that the password itself, but especially with older sites (or cheaper site owners) I wouldn’t bet on it.

Comment from Durnedyankee
Time: September 28, 2018, 10:36 am

Hey! Dammit my Engrish is pretty damned good!

Comment from gebrauchshund
Time: September 28, 2018, 1:06 pm

Just demand a royalty check for every copy of the video they distribute, along with that Interpol warning you get on DVDs.

Comment from Steve Skubinna
Time: September 28, 2018, 5:14 pm

So, uh… how many chicken porn sites are there, anyway?

Asking for a friend.

Comment from Sigivald
Time: September 28, 2018, 5:45 pm

“Though I thought passwords were stored encrypted. ”

Yes, but badly done hashes are trivially broken, and lots of sites, especially old ones and halfassed forums, use bad encryption.

Comment from vex 3
Time: November 1, 2018, 7:03 am

The content of the post is getting a lot of attention. Thank you for providing this information.

Write a comment

(as if I cared)

(yeah. I'm going to write)

(oooo! you have a website?)

Beware: more than one link in a comment is apt to earn you a trip to the spam filter, where you will remain -- cold, frightened and alone -- until I remember to clean the trap. But, hey, without Akismet, we'd be up to our asses in...well, ass porn, mostly.

<< carry me back to ol' virginny