back to article Black-hat sextortionists required: Competitive salary and dental plan

Extortionists are promising salaries of more than a quarter of a million pounds to skilled infosec folk willing to put on a black hat, according to research outfit Digital Shadows. Those salaries are on offer to people willing to blackmail and extort money out of "high net worth individuals" – and at the upper end of the scale …

  1. Anonymous Coward
    Anonymous Coward

    I've received a few of those emails. Unfortunately for the senders I knew it was a scam instantly - you can't have video footage of me watching porn because I've never owned a webcam.

    Also I fail to see how a 10+ year old password from an eBay breach proves they have access to anything other than a public website - HaveIBeenPwned.

    As always, epic fail scammers!

    1. Bronek Kozicki

      I receive those every day. Actually few every day, if I bother to look into spam folder - and if not, they help my email hosting to improve spam filters.

      Not an anon because there is nothing to be ashamed of since the "facts stated" are obviously entirely made up. Sometimes I am tempted to try to hack these back (tracing bitcoin wallet activity is plausible, there might be also interesting traces in email header) but can't be bothered. Someone will, eventually.

      1. ElReg!comments!Pierre

        there might be also interesting traces in email header) but can't be bothered. Someone will, eventually.

        The last series I received were sent from a -most probably miconfigured- server at a foodstuff manufacturing company in Italy. I notified the abuse@ addy as I always do, and I'm not holding my breath as I always don't.

    2. Arthur the cat Silver badge

      Unfortunately for the senders I knew it was a scam instantly - you can't have video footage of me watching porn because I've never owned a webcam.

      Ditto. I also use an OS they've probably never heard of, never mind have the ability to hack, and as for "I have an exclusive pixel in this e-mail, and at the moment I know that you've read this email", well as you sent me a text/plain email, I really don't think so.

      I just wish there was some way to do to their Bitcoin wallets what superglue does to door locks.

  2. Chris Gray 1

    Similar here - I've been getting the "you've been hacked" ones for a month or more. Sometimes several a day. The one that made me take notice used my old LinkedIn password. But, since LinkedIn told everyone about that breach, that password changed years ago.

    What I'm getting much more of is stuff all in what I believe is Chinese. The subject and body are all in glyphs, not standard letters. I've no idea what they are about. Isn't one in my inbox right now, else I'd try copy/paste to here.

    1. Alistair


      At a guess what you got was googlexlate from english to other language and reads along the lines of :

      Chopped lamb mail found!

      funding bunnies run back bitcoin sender target to:

  3. Chris Gray 1


    Humph - too late to edit. Here's the body of one that just came in:





    1. DiViDeD Silver badge

      Re: Translation?

      Here you go:

      Never Satisfied>00<Drawing Difficulty>More <Entertaining Gradually Flowing>A Kind of Electricity <Small Hall Deep>Child Tour <Curtain West Wind> Play Back Water<

      Also Mo>>3.0

      Get clear Move the zither to the jade column>the cup, every day <no hate> limit

      All part of the service!

      1. Chris Gray 1

        Re: Translation?

        Ok, thanks for that.

        Textually like the filler that many SPAM emails have in them. I guess it could be a buggy spamming system - I've seen the results of those several times, like %name% in the body, etc.

        1. ElReg!comments!Pierre

          Re: Translation?

          like %name% in the body

          I guess you read your emails as plaintext, like a sensible person would. This %name% thing is the hallmark of an email tool that relies on client-side code execution. In my previous job I received quite a lot of -legit- emails ending with "<signature>". Silly MS.

  4. StargateSg7 Bronze badge

    Those specific spam emails are coming from the UK, Portugal, Russia and Brazil so I am reasonably sure based on the time stamping it's from some Spaniards and/or Portuguese speaking hackers who have some relation to people in Kislovodsk and Stravropol which of course if it's THOSE TOWNS, it means theDarkOverlord group is PROBABLY related to GRU (Glavnoye Razvedyvatel'noye Upravleniye aka Main Intelligence Directorate), although I wouldn't be too surprised to find out they are EX-GRU and NOT currently active members!

    It sounds like someone saw all the GRU's CPU/GPU horsepower in the office AND AFTER looking at their meagre monthly paycheck, he (99% a he!) decided "To Go Rogue" after seeing the local "Dark Data Lord" scamming dumb-A$$$$ westerners Chillin' within his gold-plated T-98 Kombat SUV around the local nightclubs picking up SMOKIN' HOT 20 year olds for his nightly sex parties!


    1. Anonymous Coward
      Anonymous Coward

      Errado! Não temos nada que ver com os russos!

      1. StargateSg7 Bronze badge

        Sorry, but the message timestamps and other information I see in the emails "they" (You?) send me indicates Portugal, Spain, Brazil and Russia. I am guessing at least a few of "them" speak Portuguese and that at least one of "them" is from Barcelona, Spain. And another is from St. Petersburg, RU and that proxy server "they" use is literally three blocks from GRU bureau offices.

        The BIG problem is that I have EIGHT different state-level agencies watching my Vancouver office via ONLINE means and in person. Which means whenever I get any emails or other realtime data exchange, be it SPAM or other more normal business messages, they've been through SO MANY Man-in-The-Middle servers, that I am finding it fairly difficult to figure out which agency is which. (Not impossible! Just Difficult). Maybe the spammers AREN'T Russian but at least I know the group is made of Portuguese, Spaniards, one Russian at least, a German who lives in Barcelona and probably a Brazilian financier!

        I would be careful though! I've got THREE U.S. and Canadian agencies WHO DO NOT KNOW about each other's surveillance, the Chinese, The Russians, the French, UK and the Israeli girl (I notice she's pretty damn cute too!) all watching what the heck I'm doing in my programmer's abode! (i.e. trying to steal my 65,000 Objects per second Autonomous Machine Vision/Recognition/Targeting software which work at up to 10,000 fps and 160,000 KMH, an in-atmosphere and space-rated autonomous flight control system, my fancy super-scale-up-and-scale-out grid-processing library that EMULATES an organic neural net ON ANY aggregated networked multi-platform hardware, my 128-bit massively parallel combined CPU/GPU/DSP design and finally my 75,000 LBS of thrust turbojet engine design which reduces thermal signature by dumping volatiles into the exhaust stream and other excess heat into a multi-cubic metre ceramic heat sink for at least 12 hours!) I would say THOSE are ABSOLUTELY interesting to various state level agencies....

        AND STUPIDLY, they don't even have to goto all that trouble. A simple HoneyPot operation and LOTSA Benjamins would do wonders for my ego....KEEP IT SIMPLE SPIES !!!! The spycraft basics work REALLY WELL on me !!! Please note it absolutely WILL BE YOU who's paying for ALL the Porterhouse Steaks, Wine and Appertifs for a few months (or years as the case may be!) ...AND... I need a --NEW--- F-450 Dually Limited Edition Truck AND a Ford F-150 Raptor Crew Cab AND a Corvette ZR-1 ... ALL deep RED in colour of course! OH! And a 3000 square foot rancher house on 10 Acres in a rural place of my choosing in coastal British Columbia!

        Do your magic Babeeeeees! Think .B.B.B.! -- I'm quite confident you know what THAT means!



        1. Anonymous Coward
          Anonymous Coward

          is this john mcafee

  5. Gonzo_the_Geek

    Those salaries look nice, but collecting them may be somewhat problematic.

  6. Wibble

    Bored, bored, bored


    I hacked your device, because I sent you this message from your account.

    If you have already changed your password, my malware will be intercepts it every time.

    You may not know me, and you are most likely wondering why you are receiving this email, right?

    In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy

    (you know what I mean).

    While you were watching video clips,

    my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

    Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

    What I've done?

    I made a double screen video.

    The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people),

    and the second part shows the recording of your webcam.

    What should you do?

    Well, I think $622 (USD dollars) is a fair price for our little secret.

    You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

    BTC Address: 1ELgYTbMLmw9vaHADfZmMcKVMWCNmRH8S2

    (This is CASE sensitive, please copy and paste it)


    You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

    If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.

    However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

    If you want to get proof, answer "Yes!" and resend this letter to youself.

    And I will definitely send your video to your any 19 contacts.

    This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.


  7. Temmokan

    Obviously a canard

    Apart from poor grammar, the scammers are complete idiots - even if someone can believe that placing their own email address in From/Reply-To can mean the mail account has been compromised, it really makes no sense sending the same pathetic junk to the same addresses over and over again. Especially several times a day. "What?! Three hackers have hacked into my system and placed their own malware?!"

    The geography of senders is various; I suppose there are several spammers networks/botnets used - I see Brazil, Japan, China, Germany... etc etc etc. No country-specific influx, and I have over 12 email addresses being targeted.

    If anyone wishes to have that collection of sextortion senders IPs and/or Bitcoin addresses they include, just let me know.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021