Cyber-crooks turn to Bitcoin extortion

Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims.

People who follow online crime will already be familiar with denial-of-service extortion (pay us or we'll take your server down and keep it down), and Cryptolocker blackmail (we've encrypted your harddrive with malware -- pay up or lose your files forever). But what's new are the "Notices of Extortion" sent to pizza joints demanding payoffs ("tribute") to avert denial-of-service attacks, fake orders, spurious health-code violation reports, vandalism, bad online reviews, and trumped-up mercury poisoning reports.

“What the heck is a BitCoin?” wrote the proprietors of New Hampshire-based 900 Degrees Neapolitan Pizzeria, which posted a copy of the letter (above) on their Facebook page.

Sandra Alhilo, general manager of Pizza Pirates in Pomona, Calif., received the extortion demand on June 16.

“At first, I was laughing because I thought it had to be a joke,” Alhilo said in a phone interview. “It was funny until I went and posted it on our Facebook page, and then people put it on Reddit and the Internet got me all paranoid.”

Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University California, Berkeley, said these extortion attempts cost virtually nothing and promise a handsome payoff for the perpetrators.

“From the fraudster’s perspective, the cost of these attacks is a stamp and an envelope,” Weaver said. “This type of attack could be fairly effective. Some businesses — particularly restaurant establishments — are very concerned about negative publicity and reviews. Bad Yelp reviews, tip-offs to the health inspector..that stuff works and isn’t hard to do.”

2014: The Year Extortion Went Mainstream [Brian Krebs/Krebs on Security]

Notable Replies

  1. BoingBoing, I did hacked @newliminted's acount to send you a extortion letter. If you do not deposit 1BTC into @Boundegar's account by Monday I will do a bunch of stuff to masacre your reputation and cuase ireprable harm to your buisness. Snicerely,
    Not @newliminted or @Boundegar

    (@Boundegar we split it, kk?)

  2. Print the extortion note in the local paper. The more people who know about the threat, the greater the probability for doing even more brisk business.

  3. Yeah, but I read on Yelp that the local paper is full of shit.

  4. Ah, now here's something that Bitcoin is ideal for.

Continue the discussion

15 more replies