speaking theoretically of course...
If a "hacker" sent me a video of a family member engaging in an act of self pleasure I can't imagine a scenario where I would want to watch it.
Scumbags are trying to extort money from netizens by threatening to leak to friends and family videos of their marks watching X-rated videos. A Reg reader this week shared their story of being contacted by an extortionist who claimed to have obtained, through hacking our reader's PC, compromising webcam footage of them …
I be the hacker with the mad skills. When I sent to you the split screened video of your friend committing that Sin of Onan along side the naughty materials of his selection, little knew of you that I had commandeered your webcam too. If you don't pay me with Bitcoins I shall send a split screen video of your agape-jaw next to his Spilling of the Seed split screen, all back to your friend of the first party. This process shall I follow until one of you pays me, or en lieu of such payment explains the ending of "Inception".
"Sin of Onan"
His "sin" was not masturbation.
Onan's elder brother died leaving a widow and no sons. The father commanded Onan to obey tribal law and to make his brother's widow pregnant. A resultant son would have been considered the dead brother's heir - and would have inherited the family wealth instead of Onan.
Onan therefore made sure he didn't get the widow pregnant - thus committing the sin of disobeying both his father and tribal law.
Thus the same sin in the dogma of the Roman Catholic Church is the use of "coitus interruptus" as a form of contraception - even though it is even less reliable than their approved "rhythm method".
Actually what shows that religion is just a load of old wank, for some values of religion, is that the original Hebrew god was a male fertility god who sprayed his semen on the ground ("mother earth") in the form of rain and thus gave rise to living creatures. A lot of societies have similar creation myths. The Book of Genesis has been tidied up a bit and a lot of awkward questions sidestepped.
Yeah, I got one of those emails. I'm not a millennial, I'm a paranoidial, so my webcam is disabled in BIOS and has a piece of tape over it. They asked to be paid in Bitcoin. I just took it as a scam email & relegated it to my saved-spam folder for future reference.
@ Mongo; Why don't you send the second video to a third person, so that they can watch the video of the second person's agape-jaw as they watch the first person? Then secretly film *them* watching it and send it to a fourth person. And so on, ad infinitum.
I call this "Onanonanonanism".
"this also assumes that their e-mail wouldn't end up somewhere in a spamfilter"
I got a copy today. Apart from not telling me what my password was (or even what fapsite I'd visited) the URL for the video wasn't even intelligible as a URL
Which is probably why it got through - and the fapsite was probably "fapping great steam traction locomotives" or some other entertainment which might be a tad scalding for an onanist to toot his oboe on.
I've had two of these mails in the last 3 days and both told me that my password was 'changeme' which, to the best my knowledge, is not one I've ever used anywhere for anything. I vaguely recall it used to be the default password for some java key store as delivered from Sun/Oracle but it's certainly not one I'd choose to use (much too complicated, mine are all 'password', honest). They can send me as many as they want but since I already know I've never been anywhere near an adult site and most likely never will, I'm not likely to be paying anyone anything.
Nope.. no webcams here. The laptops that had them have all had the software removed and either the camera removed or the lens taped over. On the desktops, if the monitor has built in webcam, same thing plus the cable is never attached. The times we need a webcam we plug in an external cam and then remove when done.
Am I the only one who does this?
I'm the same, I also use the computer wearing a balaclava in case they reverse the polarity of the monitor. You can't be too careful.
I've had a couple of these emails and whilst I know some people won't and will be scared of them I found them hilarious. As I have black electrical tape over the cameras on my tablets and phones it's highly unlikely that someone has any video from them. The tablets have physically disabled microphones so no sound from them either. I've alerted friends and family about this and asked them to spread the word that it's bollocks. If in the highly unlikely event someone had hacked my tablet they would have been confronted by a black screen and silence.
When I mentioned the subject at work to colleagues so they were forewarned, people found it funny too. One of the ladies said that most people did it and would be surprised if someone wasn't rubbing one in/out at some point. She also said that she'd read in the paper that it was healthy for blokes to do it as it may help reduce testicular cancer.
"Am I the only one who does this?"
Well, contrary to popular belief, I'm not completely paranoid - I don't do anything to the cameras in my laptops; they're intact, no dismantling, no tape. But that's largely because I almost never use the laptop's screen etc - most of the time I use them plugged into an external monitor/keyboard/mouse, with the lid closed.
The exceptions tend to be in clients' offices or in public - so if there were any questionable videos of me captured on the built-in camera, I would probably have been arrested already.
Note: I have received a scammy "we have a video of you wanking" email, back in May, though it was clearly less targeted and more random (generic address, didn't have the bonus of an old password, etc). I found it very amusing - so here it is for everyone's enjoyment. I particularly liked the euphemism "burp the monkey" and the fact that the scammer(s) apologised for their poor grammar.
Here a real one I recently received -
Delivery-date: Wed, 27 Jun 2018 10:38:31 -0500
Received: from xxxxxxxx.xxx ([xxx.xxx.xxx.14])
by xxxxxx.xxx with esmtp (some software)
for firstname.lastname@example.org; Wed, 27 Jun 2018 10:38:30 -0500
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=220.127.116.11; helo=toystructor.com; email@example.com; firstname.lastname@example.org
DKIM-Filter: OpenDKIM Filter v2.9.1 xxx.xxx
Authentication-Results: xxx.xxx; dkim=pass
reason="1024-bit key; unprotected key"
header.b=DhMK; dkim-adsp=pass; dkim-atps=neutral
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from toystructor.com (toystructor.com [18.104.22.168])
by xxx.xxx (Postfix) with ESMTP id xxx
for <email@example.com>; Wed, 27 Jun 2018 10:37:51 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1; d=toystructor.com;
Date: Wed, 27 Jun 2018 16:37:19 +0200
From: "=?utf-8?Q?Brathwaite_Vien?=" <firstname.lastname@example.org>
Reply-To: "=?utf-8?Q?Brathwaite_Vien?=" <email@example.com>
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=utf-8
X-spam-status: No, score=4.7 required=6.0 tests=RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL,DKIM_ADSP_ALL,DKIM_SIGNED,T_DKIM_INVALID,FREEMAIL_FORGED_REPLYTO
X-PMFLAGS: xxx xxx xxx.CNM
Hopefully you do not really mind my english language grammar, considering=
that im from Denmark. I infected your device with a malware and now have=
all your private info from your os.=20
It previously was established on an adult page and after that you have pi=
cked the video and it, my program instantly got into your computer.=20
Afterward, your web-cam documented you going manual, furthermore i caught=
a video that you have looked at.=20
After some time it also picked up all of your social contacts. If u wish =
me to get rid of your everything i have - send me 860 us in bitcoin it is=
a cryptocurrency. This is my account transfer address : 123HqT7HboCdbxkD=
At this point you will have 25hrs. to make a decision Immediately after i=
will receive the transaction i'll wipe out this footage and everything c=
ompletely. Or else, you should be certain that this footage will be submi=
tted to your contacts.
your web browser began operating as a RDP (Remote control Desktop) that has a key logger which gave me accessibility to your screen and also webcam
Seems that our h4ckz0r doesn't know that browsers couldn't "opearte as" a proprietary Microsoft protocol, or that RDP doesn't stand for "Remote control Desktop", nor that a keylogger can give "accessibility" to a "screen" and "webcam", or that it's called "access", not "accessibility".
Wonder how he's got his spelling and grammar correctly though.
This scam (sans the new, "possibly real" password twist reported here) has been ongoing for almost a year. The perps are continually morphing the language slightly, presumably to bypass content filtering, hence it is quite possible that all those silly errors were not present in the original form using these elements. Also, whether correct or not, how many of the likely targets will recognize these claims as "errors" and see them as likely indicators of a scam? Very, very few I suspect.
To work, these sextortion scam messages certainly depend on potential victims being aware of actual sextortion incidents, or at least believing in the possibility. One would hope no-one was gullible enough to be moved to suicide by these scammy threats, but there are certainly quite a few apparently genuine "is this real?" type questions about these scam messages on various online fora, so these scam messages at least work well enough to concern some of their recipients.
Since there is mention on this thread of public masturbation, the obvious advice is not to do it.
A bloke who was previously on ITV Breakfast, Dan Lob, managed to get conned into doing that and ended up searching for the perp who made him do it.
Channel 4 in the UK made a program about it, "Celebrity Sextortion" :
...they can send me my audition footage! :)
Got one of these yesterday in my junk folder though it made no mention of any passwords - just that they'd recorded me after infecting my devices with a virus.
To be fair I did find it fairly cleverly worded to maximise impact. and I can see how it might actually catch someone out and worry them.
I just got the below email appearing to be sent from my own email address! It was in my junk folder, the from email address appeared to be my own even with my actual microsoft account picture! and the 'To' was my old password. I briefly panicked at seeing my actual old password, but i knew that i have a webcam sticker so wasn't too worried and started googling. I've just changed the password on the few accounts that I remembered still had this old one mentioned in this spam email. And now will delete. Just wanted to post in case anyone else gets an email with similar wording that they then google - hope it helps.
My nickname in darknet is clair37.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from (my email address was entered here) is (my old password - that was still used on some sites was entered here)
Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $843 is quite a fair price to destroy the dirt I created.
Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
I just discovered this email quoted in the article recently in my spam mail and first i was shocked, as the xxx site was correct and also the password was one that i frequently use. Also i used a couple of times a laptop with a webcam that was not covered. The only strange thing was, that the email came to a different adress than which i used on the xxx site. I wonder how he got that one...
So in the future i will use a cover for the webcam if it's not used and will wait what will happen next...
I get several of these mails A DAY! As does my wife. They quote a password I've not used for ages, and I suspect this was collected when pipex/tiscali/talktalk/ was hacked some years ago.
The letter starts like this:
I know the xxxxxxx, this is your password.
As you can see, I logged in with your account. And I wrote you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
He wanted $510.
Another one from a few days ago was boasting about what a genius he us:
I'm is very good programmer, known in darkweb as yorker06.
I hacked this mailbox more than 3 months ago,
through it I infected your operating system with a virus (trojan) created by me and have been spying for you a very long time.
I understand it is hard to believe, but I have full access to your account:
You can check it yourself, I'm wrote you from yours account!
He wanted $614 -
This post has been deleted by its author
Biting the hand that feeds IT © 1998–2020