Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime Security Spam IT

Inside a Ransomware Money Machine 158

tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."
This discussion has been archived. No new comments can be posted.

Inside a Ransomware Money Machine

Comments Filter:
  • Scams (Score:1, Troll)

    Scams are only effective if they appear to be true. Would it surprise anyone for the FBI to essentially take bribes (fines) over fake criminal charges?

    • Re:Scams (Score:4, Informative)

      by h4rr4r ( 612664 ) on Wednesday August 15, 2012 @09:19AM (#40996455)

      Yes, me. I got one of these emails, but since I know that is not how the FBI operates I deleted it.

      • Re:Scams (Score:5, Insightful)

        by CheshireDragon ( 1183095 ) on Wednesday August 15, 2012 @11:04AM (#40997781) Homepage
        Exactly. If they suspect you have kiddie pr0n they are not going to take a bribe and say 'pay up to keep us quiet.' The first time you will even hear from them they will be kicking in your front door, seize you and all your electronics.
        • Re:Scams (Score:5, Funny)

          by firewrought ( 36952 ) on Wednesday August 15, 2012 @11:15AM (#40997921)

          The first time you will even hear from them they will be kicking in your front door, seize you and all your electronics.

          And it's that sort of personalized attention that makes American law enforcement the best! :O

          • Given the feelings of most Americans, somebody with Kiddie porn is 'more deserving' of an early morning SWAT raid than most drug dealers.

            Personally, I'm more the type of 'station a camera; visit the house when you go to work' type, if there's concern about possible violence. Then I pick you up at work.

            SWAT style invasions will be saved for drug houses* that are effectively never unoccupied, and even then I'd probably wait until it's at 'minimum manning'. SWAT raids on fully occupied dwellings shall be sav

    • by Anonymous Coward

      Yes, it would surprise anyone with a brain. Basically that eliminates a huge swath of tin foilers such as yourself.

      • Re:Scams (Score:4, Insightful)

        by Deep Esophagus ( 686515 ) on Wednesday August 15, 2012 @11:19AM (#40997981)
        That's why the thought that 1 to 3 percent of the targets are falling for this makes me weep for the collective intelligence of the human race.
      • Re:Scams (Score:5, Insightful)

        by ideonexus ( 1257332 ) on Wednesday August 15, 2012 @12:35PM (#40999005) Homepage Journal

        It's easy to laugh and feel superior that a small percentage of people fall for these scams, but what isn't funny is that the people falling for it are mostly senior citizens. Just yesterday my mother-in-law brought me the phone and told me, "It's somebody from Microsoft! They say our computer is infected with a virus!"

        I answered the phone and somebody with an Indian accent told me his name was "Todd Moody" and that our computer was sending error messages to Microsoft. Curious about the scam, I let him walk me through opening the application error log and trying to delete some errors from it, to which he exlaimed, "Oh no sir! You cannot delete the errors! This is very very bad! You have a very dangerous trojan virus on your computer!"

        If I hadn't been there, my mother-in-law would have handed over her credit card information no questions asked. In fact, my father-in-law had done this in the past. One day I'm going to be a senior citizen and my bullshit detector is going to stop working like it does for everyone else. The Federal Government should be putting a stop to this predatory scumbaggery with extreme prejudice.

        When you see this crap, do your civic duty and report it [ic3.gov].

        • One day I'm going to be a senior citizen and my bullshit detector is going to stop working like it does for everyone else

          Its not that it stops working, its just that its misaligned. You know MS would not call you directly, but Grandma doesn't. The rules we know to protect ourselves are completely alien to someone not immersed in the culture.

        • When you see this crap, do your civic duty and report it.

          Why bother? These guys are usually working from countries where the FBI can't touch them. I prefer to play along, doing my best "cheerfully clueless tech-support caller" impersonation. I got the best results by using Win98 and a 101-key keyboard: it took them half an hour to figure out why their directions weren't working, which I'm sure did more damage to their bottom line than any number of complaints to the feds.

    • by Trepidity ( 597 )

      I'd at least be surprised by the FBI emailing me the offer...

    • by Anonymous Coward

      Hell yes. Unlike some third-world countries, the justice system in this country is not corrupt. They don't just take money with no cause, despite Republican/libertarian protests that the government is running amok.

      I feel the same way about the folks trying to convince me my WOW account is banned, or that I'm somehow in violation of the Mattress Tag law.

      • by RobertLTux ( 260313 ) <robert@laurenceE ... g minus math_god> on Wednesday August 15, 2012 @09:40AM (#40996699)

        once you have the mattress home it is legal for you to remove the tag but after that you can't resell the mattress.

        • by h4rr4r ( 612664 )

          You can't sell it as a new mattress, I don't believe those tags are required for sales of used mattresses. However some jurisdictions forbid the sales of used mattresses all together.

          • and they are strictly enforced by craigslist sting operations. there just aren't enough real criminals to go after. i mean, what?
          • However some jurisdictions forbid the sales of used mattresses all together.

            Wow...that's quite interesting, I'd never heard of such a thing.

            I wonder why some areas would ban sales of used mattresses?

            • I wonder why some areas would ban sales of used mattresses?

              probably old laws that were meant to reduce the spread of lice and mites

              • by Fuzzums ( 250400 )

                More likely a law invented my mattress salesmen.

                • I saw a special on this once. A group went around collecting any old mattress they could find, 'sanitized' it, sowed on a new cover, and resold it.

                  The problem was that their 'sanitization'* wasn't enough to stop bedbugs, and their cover wasn't impermeable to them. Most of the beds picked up were infested, and what ones weren't were often infested by contact with the other mattresses.

                  I can see a jurisdiction taking a look at the process and banning the business to try to stop the spread of lice/mites/bedbu

            • You mean beyond that fact that it's absolutely disgusting?

              • You mean beyond that fact that it's absolutely disgusting?

                What's so disgusting about it? I've sold some of my old mattresses before....hell, when I was a broke college student, that's how you GOT a 'new' bed.....

                I mean, you *do* look them over first, make sure it isn't dirty and stained, etc...but if it looks clean, what's the problem?

                • Think about what "broke college students" DO on those things.

                  That's why.

                • but if it looks clean, what's the problem?

                  An absolutely clean 'looking' bed could be completely infested with fleas/mites/bedbugs.

                  They probably aren't trying to stop individual sellers who are selling their lightly used mattress because they're moving/bought another. They're after the professional sellers who sow new covers on random unknown mattresses they picked up(sometimes out of dumpsters) while engaging in sanitization/sterilization measures that could optimistically be called 'ineffective'.

                • by Inda ( 580031 )
                  No, no and thrice no.

                  Even in hotels I carry my mattress in a second suitcase. And that mattress is then incinerated after each sleep. You can never be too careful. ...and that's a load of bollocks.

                  You're correct, there is no problem. Why even entertain the thoughts?
            • Re: (Score:2, Insightful)

              by Anonymous Coward

              "I wonder why some areas would ban sales of used mattresses?"

              Health concerns. There was a major issue with it (or at least a heavily reported issue) in the 80/90s. Not so much with personal sales but with less reputable companies which would take the most rancid, stained, mold/parasite infested and disgusting mattresses and resell them. What idiot would buy a nasty stained mattress you say? Lots of people as the companies in question would replace/sew over the old mattress with a new cover which made it

      • Re: (Score:2, Insightful)

        by moeinvt ( 851793 )

        "Unlike some third-world countries, the justice system in this country is not corrupt."

        I don't think they would take a bribe to make an arrest, but that doesn't mean they aren't corrupt as hell. How many well-connected elites in the financial sector have been prosecuted for fraud, forgery and perjury? The FBI issued a report in 2003 warning of an "epidemic of fraud" in the home mortgage market, yet no arrests and prosecutions? How many Bush admin officials have been prosecuted for violations of the FISA

        • How many Bush admin officials have been prosecuted for violations of the FISA law, torture, war crimes, etc.?

          Same thing could be asked of the current Obama administration's officials.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            Shhhhh.... You can't tell anyone that Obama's terrorism policies are the exact same as Bush's.

      • by PPH ( 736903 )

        Unlike some third-world countries, the justice system in this country is not corrupt.

        Its called prosecutorial or enforcement discretion [wikipedia.org]. Both sides make use of it, whether to overlook immigration violations or DoD contractor fraud.

  • Hah! (Score:5, Informative)

    by Anonymous Coward on Wednesday August 15, 2012 @09:20AM (#40996479)

    My buddy got one of those from watching waaaaayy too much porn, and actually called the FBI who told him it was a virus.

    What it does is lock your screen with an FBI logo and official-looking message, even displaying the output from the webcam if there is one, saying that unless the mark pays $200 or so using a Bitcoin-like form of payment one can get at convenient stores, the user will be arrested for downloading CP and/or "copyrighted material." Certain keys are locked, obviously, so you can't do the 3-finger salute and kill it with the task manager.

    A boot into safe mode and a little MsConfig was enough to fix, though not remove, the malware.

    -- Ethanol-fueled

    • Re:Hah! (Score:5, Funny)

      by dmomo ( 256005 ) on Wednesday August 15, 2012 @10:08AM (#40997047)

      "my buddy"

      So, did you end up paying?

    • Re: (Score:3, Informative)

      Here's how to get totally rid of it http://goo.gl/Av1Pm [goo.gl] Short answer is, keep your anti-virus up to date!
    • Re: (Score:3, Informative)

      by Anonymous Coward

      My buddy got one of those from watching waaaaayy too much porn

      No, your buddy got it from downloading and executing malware. You can look at an unlimited amount of porn, but if your policy is that you don't run code that you have reason to trust, then you can't get infections. Porn is still as safe as it has always been.

      • by Anonymous Coward

        Porn-delivered Malware is about on the same level as, while looking for a hooker, being shown a rancid taco and being told it's a vagina, then sticking your dick in it.

      • Re:Hah! (Score:4, Insightful)

        by Opportunist ( 166417 ) on Wednesday August 15, 2012 @10:57AM (#40997699)

        It all depends on how well patched your browser and its plugins are...

  • by Nyder ( 754090 ) on Wednesday August 15, 2012 @09:22AM (#40996491) Journal

    It should all be considered a scam when someone says pay up or I'll take you to court/press charges/sue/threatens you.

    • The difference between blackmail and settlement is that blackmail requires the threat of doing something ILLEGAL if the demands are not met. Whereas, a settlement offer is the forbearance of a LEGAL right if the demands are met. If someone didn't pay me for my work, for instance, I can send a demand letter asking that he pay me or I will sue him for the money, which is a legal right I have. If I demand money or I will shoot him, that's blackmail.

      The boundary is close when it comes to porno cases. What if the right to sue is clear cut (the Copyright Laws clearly prohibit downloading the material) but the real damage is the damage to reputation? That becomes closer to the situation of, "Give me money or I'll release this sex tape you made" or "Give me money or I'll tell the world about our love baby."

      • by HungryHobo ( 1314109 ) on Wednesday August 15, 2012 @10:45AM (#40997547)

        " If I demand money or I will shoot him, that's blackmail."

        No, that's extortion.

        Blackmail would be threatening to tell your wife about your mistress. Blackmail can include things you would otherwise be perfectly legally allowed to do.

        You may have every legal right to expose the trips made to a bathhouse by a homophobic republican senator but if you demand money from him in exchange for *not* revealing that secret, that's illegal.

      • I don't know about your country, but in mine, suing someone despite knowing very well that your chances of winning are zero with the intent of browbeating the person sued into submission due to him not knowing the legal system and not being able to afford adequate legal representation IS actually illegal.

        It's called a frivolous lawsuit and if you are a lawyer and tend to do such things too often, I hope you have a plan B for your time after being disbarred.

        • by jonadab ( 583620 )
          Yes, it's illegal, on paper. However, in order to do anything meaningful about it, the victim would need to be able to take you to court. Among other things, that effectively means he'd have to be able to afford a lawyer. Additionally, it can be rather difficult to demonstrate to the court that the offender _knew_ he wouldn't win the suit and _intended_ to nonetheless force a settlement to which he was not entitled.

          To actually provide the populace at large with effective protection against this kind of a
      • by sjames ( 1099 )

        The last two examples you made are otherwise legal actions. It is perfectly legal for a woman to name the father of her child. It is not legal to demand money not to.

        It could be argued that a settlement is a payment of actual damages to make the would be plaintiff whole without need for court whereas blackmail is simply for unjust enrichment. However, at some point (such as the RIAA suits) the merits of the case against the defendant fall so low that it becomes indistinguishable from an extortion racket. Fu

  • by operagost ( 62405 ) on Wednesday August 15, 2012 @09:23AM (#40996503) Homepage Journal

    The best defenses against scams are still the same:
    1. Knowing your right to due process, and
    2. Knowing proper spelling and grammar in your native language.

    I'm continually dismayed that large numbers of people (possessing enough intelligence to use a web browser) don't realize that the FBI using email or popups to demand summary payment of "fines" without due process is implausible and illegal.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      You'd be surprised at how ignorant folks are. Particularly older users tend to take real
      appearing emails at face value. I've told my parents to treat ALL commercial emails
      as fake, even if they are from some organization they actually do business with. Call
      the organization 800 number, go to the web page directly (not via "links" in the email). Yes,
      it is a pain/loss of functionality, but so is getting taken, and ignoring them all ends up being the safer
      approach... The above policy started after they got

    • by dkleinsc ( 563838 ) on Wednesday August 15, 2012 @09:43AM (#40996729) Homepage

      There's a couple more rules of thumb that help:
      1. It's much harder to cheat an honest person. For example, if you don't download kiddie porn, it's very hard to get you to pay a fine to avoid trials for doing so. The Nigerian prince scam worked only on people who were willing to help somebody commit money laundering.
      2. If it seems fishy, it's a scam. Anyone saying "money for nothing" (who's not a member of Dire Straits) should be suspect.

      • I suspect Dire Straits, to be sure this whole thing wreaks of them.
      • by Hatta ( 162192 ) on Wednesday August 15, 2012 @12:31PM (#40998955) Journal

        The Nigerian prince scam worked only on people who were willing to help somebody commit money laundering.

        I think the Nigerian prince scam works only on people who are too stupid to understand what money laundering is.

        • by CastrTroy ( 595695 ) on Wednesday August 15, 2012 @01:35PM (#40999659)
          I've heard the Nigerian prince scam is designed to be quite unbelievable because they don't want to waste their time with people who have any kind of common sense. It's too hard to get money from people with common sense. I think the same goes for this type of scam. Target enough people and you'll eventually fall upon somebody who watches kiddie porn. And that person will be easy to get money out of, because they'd rather pay money than face the other consequences.
        • Had to look it up in the dictionary! That was almost as embarrassing as when I got the decimal point in the wrong place. I always miss mundane details.
      • by sjames ( 1099 )

        It is much harder, but not impossible. For example, it's all too believable that a police department would pursue charges on bad evidence against an innocent person. Poor grammar and spelling is also quite believable, but not as bad as the scam mails. The big giveaway though is knowing that the FBI would never use a Chinese mail server for official communication.

      • by sowth ( 748135 )

        Your post reeks of self-righteousness. Most anyone being accused of child porn would pay for charges to go away, whether they downloaded any or not. That is an extremely bad charge that could ruin a person's life even if they win the case.

        There are also plenty of Nigerian scams which are not caused by fraud on the part of the victim. For example, one where the fraudster buys something from a victim and sends a fake check for more than the amount, and asks them to deposit it and send the difference back. M

    • by sl4shd0rk ( 755837 ) on Wednesday August 15, 2012 @09:55AM (#40996897)

      I'm continually dismayed that large numbers of people--

      Oh, so many ways to finish that sentence.

    • by asdf7890 ( 1518587 ) on Wednesday August 15, 2012 @10:10AM (#40997063)
      2. Knowing proper spelling and grammar in your native language.

      There have been suggestions that some of the scammers use this as a mark filter: people put off by the spelling/grammar would be unlilkely to follow through to the end anyway so put them off early so you can concentrate on the others. People who fall for the scam despite the presentation are better quality marks and more more likely to pay out (either because they have done something wrong and are feeling guilty, or because they don't speak the language well enough to spot the telltail problems, or simply because they are just plain thick).

      Though I think it more likely that the simpler explanation (most of the scammers simply fail to create a good presentation in the target language) is more likely at least in most cases.

    • The spelling and grammar mistakes in there are intentional. They want intelligent people to immediately dismiss the scam for what it is and move on. They don't want them to follow up and call the FBI to find out what it is about.

      Someone who is fooled by poor spelling and grammar will likely also fall for the scam itself.

    • by Zontar_Thing_From_Ve ( 949321 ) on Wednesday August 15, 2012 @12:14PM (#40998727)

      The best defenses against scams are still the same: 1. Knowing your right to due process, and 2. Knowing proper spelling and grammar in your native language.

      I'm continually dismayed that large numbers of people (possessing enough intelligence to use a web browser) don't realize that the FBI using email or popups to demand summary payment of "fines" without due process is implausible and illegal.

      As an American, I will shamefully explain why this kind of thing would work here. First of all, I have noticed a big uptick in the number of people with conservative political affiliations who have an irrational distrust and hatred for governments in general and the US government in particular. Such people do not know anything about due process and they believe every negative story they hear about "big government". They'll easily believe that the FBI would contact people this way.

      Second, just from reading Slashdot it's become clear to me to that the educational system in every English speaking country, yes every one of them, has completely failed its students and nobody anywhere in the English speaking world learns spelling and grammar any more. People think that "prolly" is a real word. People now think that anytime something puzzles you, you just need to add a question mark to it (ie. "I have no idea why the soap was on sale in the store for 25 cents?"). If anything I'm actually a little encouraged that only 3% or so of "victims" are falling for this. I would probably have guessed it would be at least 10%.

  • by delta98 ( 619010 ) on Wednesday August 15, 2012 @09:33AM (#40996631)
    Poor Hoover must be spinning in his bustier.
  • by gstoddart ( 321705 ) on Wednesday August 15, 2012 @09:36AM (#40996663) Homepage

    it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while

    Isn't this about the same percentage as any spam campaign? That's pretty much why it's still profitable.

    Though, you'd think that most people would realize that law enforcement doesn't simply send you an email demanding you pay a fine or face criminal charges -- there really isn't that option as far as I know. Well, at least not in all countries.

    • by EdIII ( 1114411 ) on Wednesday August 15, 2012 @11:04AM (#40997783)

      Depends on the ransomware. I have run across the FBI thing twice now and the real problem is that the machine had business data. Paying to get access to your business data was the main reason why they were willing to pay.

      These particular variants were making it difficult to locate data since they had silently redirected the My Documents folder. If you could get out of it and back into safe mode you would see your data missing unless the ransomware program was actually running.

      Even more problematic is that some of these programs encrypt the data. Then you really have a problem.

      It's a hard lesson of why you need to keep business machines and fapping stations separate .

    • by Lehk228 ( 705449 )
      difference is, a typical spam campaign will be for a $30 pack of make your penis huge pills. these are $500 or $1000 "fines" AND the victims are scared, thus less likely to report it or talk about it. Imagine your reaction if a non-technical co worker mentioned at lunch how they bought in to an email real estate offer vs. your reaction if he mentioned "so... the other day i was looking at child porn and the FBI put this message on my computer....."
      • vs. your reaction if he mentioned "so... the other day i was looking at child porn and the FBI put this message on my computer....."

        Except for the fact that a tiny fraction of people getting this (if any) would have done so, and would be damned sure they hadn't.

        It's not like they had to target people actually doing this for it to be effective.

        I know if I got an email like that I would immediately know it to be fake. I stumbled on some almost a decade ago when usenet was the wild west -- and I hope to never

  • by sageres ( 561626 ) on Wednesday August 15, 2012 @09:43AM (#40996727)

    Just a horrible observation: this has seriously gotten out of hand and it is getting worse. Back twenty years ago, there were only a limited number of known viruses, that identity definitions / checksums of all of them could have fitted on a single database file big enough for a single floppy disk. Nowdays the combination complicated operating systems with weak security, security bugs on internet software and abundance of poor programmers in the 3rd world countries willing to sell their code of ethics, morals and their mother for two thousand dollars per exploit make it virtually impossible for anti-virus companies to maintain a product and database to keep these off.
    In my experience, my customers in most cases were duped in downloading these pieces of thiefware. My personal thought back than was "I wish I could lock this computer in read-only state so that they can not do absolutely anything stupid except turn it on, browse and turn in back off."

    In light of this there must be a new way of conducting Internet browsing and software management on local computers. My personal thought was a full read-only operating environment periodically verified with full checksum for its integrity, on which any software updates or new software installs are simply impossible / or new installs are allowed based on reputation scores of such software.

    But seriously, are there any schemes or research out there that has been working on the topic of creating a managed secure environment for average consumers?

    • by viking099 ( 70446 ) on Wednesday August 15, 2012 @09:50AM (#40996821)

      Back when I was working the computer labs at my university, we used a product by Centurion [centuriontech.com] to secure our workstations.

      We would build an image, then lock down this little device installed in the case.

      The computer user never even notices it, and they can write to temp folders and change settings, and everything.

      When the computer is then rebooted, this device just reloads the OS from the "locked" partition, and it's just like it ever was.

      Day to day it was great, but applying updates was a pain because you had to visit each system and unlock it manually. This was 15 years or so ago, so I'm sure they have a better system in place now, but it worked pretty well for our group and the hundreds of computers we maintained.

    • by Anonymous Coward

      Since the act of browsing requires downloading information to your client, how in the world do you think you can make it "read only"?

      Yes, I know, you'll say, "but the OS is read only, no changes to any system files allowed, and the content is only stored in this one partition that gets wiped when the browser is closed." Sure, that might work, for bare bones content browsing. But think about all the things people expect when they get content from the internet; text, photos, music, video, and you know, actu

      • by Anguirel ( 58085 )

        Linux Live CDs using RAM Disks have been around for quite some time. No permanent storage required.

        http://en.wikipedia.org/wiki/Live_CD

      • This is what Virtual Machines are great at. Have a specific VM that you only use for your banking and other high security sites. Have another VM that you use for browsing dodgy sites that have a high likelyhood of carrying viruses, and have a third one that you use for everyday browsing. Wipe the "bank" VM and start over from a known good state every time if you want. Sure there's probably ways to break out of the VM, but I don't think most hackers have gotten that sophisticated yet, as there are too ma
        • most of the VMs I have used in the last 3 years have checkpointing.

          1 ) Install the OS, patch it and install relevant apps and other immutable components.
          1a) Checkpoint VM image
          2 ) Import Work In Progress from Host environment
          3 ) do your work, browsing, what-have-you...
          4 ) export work products to Host environment
          5 ) suspend VM
          6 ) Restore Checkpoint

          If for some reason your VM doesn't support checkpoints... you could just over-write from a locked copy of the immutable VM image, but then starting up is slower si

    • It sounds like you may like Deep Freeze. http://www.faronics.com/enterprise/deep-freeze/ [faronics.com]

      It costs a bit, but pretty much on every restart it will revert any "frozen" drives to their previous state, this is usually done in unison with a second partition that is "unfrozen" so people can save files... And if you want to update your system, you can turn Deep Freeze off temporarily. It also has a user permission system so some people can save files.

      Fantastic for management, and as someone who was on the user end

    • by Anguirel ( 58085 )

      Linux Live CDs using RAM Disks have been around for quite some time. No permanent storage required. I'm sure you could manage something similar, but allow for some local storage of documents, or allow USB drives for users.

      http://en.wikipedia.org/wiki/Live_CD

  • by JDG1980 ( 2438906 ) on Wednesday August 15, 2012 @10:01AM (#40996955)

    Several commenters have asked why anyone would fall for this – after all, US law enforcement agencies generally don't just shake people down for cash. But there are two real-world situations the average person might have dealt with that are somewhat analogous to this.

    One is traffic tickets: In most cases, drivers are given the option to simply pay the fine without having to go to court. You can have a full hearing if you want, but most people just pay the fine.

    The other is the legal threats against BitTorrent users, the ones where the MAFIAA sends out letters demanding that the person whose account the activity was conducted from either must pay $1000 or some similar amount immediately, or face a lawsuit for significantly more.

    Now, there are definitely some legal differences there: a traffic infraction is a "summary offense" that doesn't carry the threat of jail time, and the MAFIAA lawsuits are civil cases, not criminal. But most people don't understand these subtleties: to many of them, any scary-sounding authority figure saying "Pay up" is the same thing. Heck, the Milgram experiment showed that you could have regular people deliver "fatal" electric shocks just by having a guy in a white lab coat tell them they had to.

    • by swb ( 14022 )

      Ha, we don't know how often LEO does or doesn't shake people down for cash/drugs/sex. My guess is it happens much more than anyone is willing to admit.

      And there's the percentage of people with non-US life experiences where getting shaken down for bribes is part of the system.

    • Many unscrupulous debt collectors pull a similar scam demanding payment on debts they claim to hold. In some cases they buy debts that have suffered serious data-rot and try and pin them on any person with some matching particulars. They get away with claiming that the mark owes them money because some of the particulars match. They are very aggressive, and often call as well as send demand letters that look like legal instruments, or rather vague utility bills worded like final-notice-to-pay.

      If the mar

  • I'm surprised there isn't more ransomware that turns your webcam on, perhaps catching you in something you'd rather not have on the interwebs, and blackmails you with that.

    • by Anonymous Coward

      I bet you could even automate it to look for certain body parts using computer vision software.

    • by Anonymous Coward

      I fear that some ransomware will actually put some kiddie porn or something on the victim's PC and show it to them, before demanding payment to avoid being reported to the FBI. Even if they know they didn't put it there, they won't know how it got there, and they won't be sure of being able to get rid of it or prevent it being replaced, so they will probably be scared enough to pay up in a lot of cases.

      • To work that would need to be a fairly targeted attack: picking a few marks and working on them. A scatter-gun attack as usually used by scammers will simply alert the world to the problem and make all marks take the "no one will believe you" line, and the more targeted approach would take a lot more time and effort (and ability): while the payout could be more than worth it long term, I doubt any scammer will take the risk of waiting for as long as the scheme could take to "pay out".

        The only case where
    • I'm surprised there isn't more ransomware that turns your webcam on, perhaps catching you in something you'd rather not have on the interwebs, and blackmails you with that.

      For this reason, I am still amazed that no (well, not many) webcams out there come with a physical shutter that the user can slide closed / open. Why leave it 'looking' at you when you're not using it?

      It's not like people don't know this is possible, it's been used as a premise in enough tv shows...

      Ah well, a sticker works about the same for me...low tech to the rescue! :)

      • by Lehk228 ( 705449 )
        I just leave my wank sock over it, since the cam is just for chatroulette anyways and i need both for that.......
      • why not unplug the webcam when not being used?
        • why not unplug the webcam when not being used?

          Fair question. I suppose I should have said "laptop webcams" instead of the more generic term "webcams".

          Indeed, if I need a webcam for my desktop, it isn't plugged in until I use it, and is unplugged right after I'm done. You can't do that with an integrated webcam, and it's getting harder to find laptops or netbooks without integrated webcams these days...

  • ...and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while

    You mean to say that if I demand that a hundred people each send me a lot of money, and one to three of them do... those one to three people are going to... send me a lot of money?? (Is this that "math" thing I've heard so much about?! :p)

    • by Anonymous Coward

      1-3% of one million people = 10,000 - 30,000 people paying up. If you charge say $500 per person then you end up with $5,000,000 to $15,000,000.Granted it's unlikely that you will get even one million people, your scam would probably be caught on to by then. But if you even a few hundred thousand then your still going to make about one million dollars. Not that I would encourage anyone doing this but there are obvious reasons why someone would be motivated to do this.

  • If the people watching kiddie porn end up scammed, I say it's cool!

  • http://it.slashdot.org/story/12/06/20/0424242/why-nigerian-scammers-say-theyre-from-nigeria [slashdot.org]

    "According to research by Cormac Herley at Microsoft, scammers are looking for the most gullible people, and their crazy emails can help weed out people who are savvy enough to know better. "

    Everyone above this line was either troll or trolled except "tsu doh nimh" which I'm pretty sure is this vietnamese gentleman's real name.

You know you've landed gear-up when it takes full power to taxi.

Working...