A new scam is targeting porn viewers, supposedly remotely activating webcams whilst users watch porn and after, attempting to blackmail them with the footage in exchange for bitcoin.

Here's a new form of cryptoblackmail. A friend received this out of the blue. Presumably, it's getting sent to everyone on the haveibeenpwnd list. Be careful out there, never pay, never negotiate. pic.twitter.com/VFl5s1duCe — Emin Gün Sirer (@el33th4xor) July 11, 2018

It’s that nightmare scenario. Or that Black Mirror episode. You’ve literally been caught with your pants down. You hope you’re dreaming.

This is the reality for a number of individuals in recent days as a new scam makes the rounds. Essentially malware allows a remote user to control your webcam, filming you as you satisfy your primal urges. Then, footage in hand they fire off an email to you informing you it can be yours for just $1,900 in bitcoin! Bargain! Or they can just send it to all your contacts for free.

This has been a standard method of blackmailers for years. This particular scam starts their blackmail message by revealing the user’s password, which was presumably obtained in a company’s data breach, in order to let the recipient know this is genuine. They then go on to say that the user’s computer has been hacked by an RDP (Remote Desktop Program) which allowed them to make the video without the user being aware, before asking for $1,900 in bitcoin to be sent to the specified address within 24 hours.

However, the message remains vague and mentions no names of any specific porn sites, nor does it show any sample of the footage. The victim can request proof by having the footage emailed to 9 recipients rather than all contacts, however because of this vagueness it is expected that the scam is a fake and that the footage does not actually exist.

“cryptobalckmail” as this practice has been referred to is a fairly standard practice by scammers online. Bitcoin, whilst theoretically traceable, is easy to convert into more anonymous cryptos like monero or zcash.

Professor Emin Gün Sirer at Cornell University has spoken on the subject and advises anyone who has received such emails not to pay or attempt to negotiate with the scammers. Due to the flimsy detail provided in the email he believes there has been a blanket send to everyone on the haveibeenpwned list, an online service which allows users to check if their email has been compromised by hackers.

Scams like this, as well as ransomware attacks are more and more commonplace in contemporary times. Hackers are finding increasingly more sophisticated ways to install malware on victims’ devices which is increasingly hard to detect. The notion that your device’s camera may be working without your knowledge is not new however. In the wake of the Snowden leak, it became clear that the NSA was engaged in large-scale surveillance using covert practices involving device cameras. This has led to many people employing analogue prevention methods, including simply placing a sticker over device cameras when they are not in use.

Image Source: “Flickr”