Sextortion Should Be A Capital Offense

Recently someone came to me and asked for help after being a victim of sextortion. What is sextortion? Simply put, it is when someone coerces you into sending naked pictures of yourself and then tries to get you to pay money to keep from sending those pictures to your friends and family. Often times a bad actor will pose as a teenage girl and offer to exchange nude pictures with teenage boys. About the best advice I can give is just don't do it. That is often easier said than done though.

The unfortunate thing and why I think it should be a capital offense is that a large number of teenage boys have ended up committing suicide over sextortion schemes. Parents involved in these tragedies from different states have lobbied their legislatures to make the crime a felony, which it is as of today in Utah. Personally I don't think it is enough of a deterrent. Due to all of the lives that have been lost, I think we should be able to up the punishment so that a criminal that has caused a suicide should suffer the same punishment, death.

Now I know I am a bit harsh and many will point out that death-row inmates cost more than someone doing life in prison. I understand that. I also know that others will be upset at me for being so willing to take the life of another person. I only wish the criminals extorting money from teenage boys worried as much about the effects of their actions.

Unfortunately the reality is that with the ubiquity of the Internet, most bad actors dabbling in sextortion don't reside in the United States. When I wrote about this same subject half a decade ago, the e-mail started in Panama. I know there are other documented cases with criminals in various African countries. That means bad actors have some level of protection from prosecution in the United States.

So what can we do about sextortion? The first thing you can do is report it to the authorities. This includes local police and the FBI. The FBI's website where you can file a complaint is www.ic3.gov. You can also go to StopNCII.org to see about removing those images so they don't continue to propagate. Be forewarned that they have a 90% success rate. That is nowhere near the 100% we all hope for. Finally be prepared for all your friends and family to receive those embarrassing pictures. About the best you can do is respond with an apology when someone tells you they have been on the receiving end of those images.

To finish the story I started this post with, I advised the person not to pay the extortion fee. Once someone realizes you will pay, it only opens you up to more sextortion attempts later. A day later a number of friends and family received those compromising images. Everyone that received them reached out to the victim, showed support, and expressed concern. Nobody judged. We all have things in our lives we would like to keep private and don't want shared with the world which is why I never answer my phone in the bathroom. Friends and family understand that and won't rake you over the coals for a mistake you have made. 

Don't Hack a Hacker

This morning I got done skiing and had to work from my home office. I sat down at my desk and got an e-mail that began with the following:

   Hello!
   My nickname in darknet is HckD4*.

The poor grammar indicates that the person does not speak English as his/her native language. Already I am preparing for a SPAM e-mail, however I am intrigued. It goes on:

   I hacked this mailbox more than six 
   months ago, through it I infected your 
   operating system with a virus (trojan) 
   created by me and have been monitoring 
   you for a long time.

Interesting. I wonder if HckD4* is as tired of all the SPAM I get or if he/she thinks I get a lot of important e-mails? The message goes on:

   If you don't belive me please check 
  'from address' in your header, you will 
   see that I sent you an email from your 
   mailbox.

Well that's not that hard to do. If you know anything about Simple Mail Transport Protocol or SMTP, then you know that is a fairly simple task. Any hacker with about an hour of experience can fake a message to look like it came from your own server. The trick is to look at the headers for the e-mail to see if that is actually the case. In my e-mail client, I selected the box to show all of the header information and see that the message came from a server named z3.hck7.pro, which is located in the country of Panama. Needless to say that is not even remotely close to where my e-mail server is located. My original hunch is correct and this is just a SPAM e-mail.

For your enjoyment and mine, the message continues:

   I have access to all your accounts, 
   social networks, email, browsing 
   history. Accordingly, I have the data 
   of all your contacts, files from your 
   computer, photos and videos.

Even if I believed this person, there is nothing of value there. I don't do a lot of social networking. I don't visit questionable or incriminating websites. All of my photos on my computer are tasteful and probably boring to most people besides me. So at this point, there is nothing compelling me to be to afraid. Now we get to the point of the message:

   I was most struck by the intimate 
   content sites that you occasionally 
   visit. You have a very wild imagination, 
   I tell you!

Wow! If I didn't know this was a fake before now, I do now. Sure I visit a lot of video game sites but that shouldn't be embarrassing. What else would make me embarrassed?

   During your pastime and entertainment 
   there, I took screenshot through the 
   camera of your device, synchronizing 
   with what you are watching. Oh my god! 
   You are so funny and excited!

Oh if this was real, he/she must have a picture of me picking my nose or something. That really isn't that embarrassing. Furthermore my e-mail computer doesn't have a camera connected. My laptop does, but it is from work and so locked down with security software, there is not a chance in the world that someone has hacked into it. Trust me, our IT department takes a lot of crap because we have so much anti-virus software. For once I am glad it is there. Oh, my laptop is also a Mac and there are significantly fewer virus programs written for the Mac.

Finally, the hacker tells me what he/she is really after:

   I think that you do not want all your 
   contacts to get these files, right? If 
   you are of the same opinion, then I 
   think that $1000 is quite a fair price 
   to destroy the dirt I created.

The message then goes on to give me a bitcoin wallet and where to send the money.

Messages like this really make me angry. I have been using computers for a long time and know how to verify if the message is real or not. What about other people that don't? Hopefully you don't fall for such an obvious fake. How can you tell if it is a fake message? Well think about legitimate e-mails from people like your credit card company. An extortion e-mail should include some of the following:

1. Your actual name - This e-mail did not contain my name at all. It had my e-mail but that is necessary to contact me in the first place. If the hacker had really been spying on me, he/she would at least know my real name.
2. Some other information about you - Credit card companies always tell you the message is from your account ending in 4 specific digits. If those digits don't match any of your credit cards, you know it is a fake, unless someone has opened a credit card in your name without you knowing about it (but that is a topic for another time). This e-mail had nothing like that.
3. Some sort of proof - If you are going to try and extort $1000 from me, you better have some sort of proof that I have done something worth hiding from all of my contacts. How hard is it to send an image with proof? If you have the images claimed in the e-mail, it isn't. If you don't, it is impossible.

The more I thought about this e-mail, the more I realized how fake it actually is. Let's assume I have spent some of my computer time doing something I want to hide from my wife or contacts. Is it actually worth $1000 to keep hidden? Most of the people I know that cruise the Internet for pornography don't try to hide it. They may not brag about it in mixed company, but they are also not ashamed of it. Sure some people will be embarrassed but it might start a conversation that needed to take place anyways.

Hopefully none of you fall for such a scam. If you would like another source talking about this same e-mail in more detail, here is a good article.