Tuesday, December 30, 2003

Cyber Blackmailing Reported

As reported by Reuters, the incidence of "cyber-blackmailing" is going up and the targets aren't just the upper echelons of the corporate world. Random employees get threatening e-mails demanding a relatively small payment or, the author says, the employee's computer will get its files wiped. Sometimes the threat goes that the attacker will put pornographic images on the targeted employee's computer, thereby threatening their jobs. People who don't know any better actually pay up only to have more e-mails come in later demanding more money.

Information systems are my chosen field, so let me offer some professional advice: don't pay. Ever. If you get these e-mails at the office or at your University, and most of them are hitting those 2 places, your files are likely backed up by the corporate LAN structure. The attacker still has to get at those files, in any case, and that means they have to penetrate the company's security systems or introduce a virus. Not impossible, but not trivial anymore, either. As for the pornographic threat...

When you get an e-mail like this, stop what you are doing immediately and notify 1) Human Resources and 2) your IS/IT department. Both of them will likely want you to forward the e-mail to them but do not do so until they ask! The IS/IT department in particular will want to examine the electronic "paper trail" but they may want to start with your e-mail box as it was when you got the mail. If HR knows you got an e-mail like this and somehow porn shows up on your system a couple of days later, they're not going to show you the door like they would if you hadn't told them.

No, honest! That 6.5 gigs of porn wasn't there last Friday! I got this e-mail, see, and they said they'd do this if I didn't....

HR will be far less likely to buy that one but if they knew about it in advance, that'd be a different story. In the final analysis most of these threats are simply that: threats and bluffs. If you pay this time, they will be back and they'll want more. Don't give them the opening they want.