Thursday, November 08, 2018

and the end point of the data breaches is this

Here and there, emails are squeaking through my spam filter. A basic scam comes in auto-translated wonkspeak, an email address and password combination that feels like it came from the dawn of time, but that was probably only 5-6 years ago. Threats, an amusing spamster name (Tiphanie Hatch is my favourite so far) and a demand for money.

I reported it (like you should - I always do) and was told that most people thought that the password belonged to a site I didn't even remember being breached. Which just goes to show, your data is out there. Old, out-of-date, inaccurate, clumsy. But someone has crammed it into a half-working database that is now algorhythmically churning out threats in your general direction with what you fervently hope is minimal human intervention (though it is a sad truth that there are still a lot of content-related areas of work where humanskill copy-across can get through the job faster than writing programmes enough to automate it, so possibly there's a sad barn full of data-monkeys following a how-to script somewhere).

This scam is designed to ensnare moderately prosperous and easily embarrassed workers with no technical skills whatsover who have surfed porn sites at their workplace. I can't imagine that this is a heavily populated marketing persona, but this is a long way from my area of expertise, so maybe I'm wrong.

The threats are all delivered in chummy wink-wink speak:
I am in shock of your fantasies! I've never seen anything like this! I did not even know that SUCH content could be so exciting! So, when you had fun on piquant sites (you know what I mean!) I made screenshot! First part shows the video you were watching (you've got a nice taste ; )
The message is peppered with random techspeak, like someone vomiting up an aside from a tech thriller novella:
My Trojan have auto alert Antiviruses do not help against modern malicious code I installed a rat software i have a special pixel in this mail your internet browser started functioning as a RDP having a keylogger
The threats are filleted into incomprehensibility, and they follow the carpark-beggar pattern of asking for weirdly precise amounts of money. In bitcoin, of course, that bastion of respectability.
if i don't receive the BitCoins, i definitely will send out your video to all of your contacts including members of your family, colleagues, and many others ... if you need evidence, reply Yes! and i definitely will send your video to your 6 contacts. 
I'm tickled, but I also know about the dark side of all this. The people who have become ensnared, have tumbled into blackmail, debt and despair, who have killed themslves rather than face the embarrassment of seeking help, often the more vulnerable people, but not always. Sometimes they're highly functioning people who responded for a laugh and got caught up in layers and layers of bullshit that go all they way down to the dark, the desperate, the endebted and the enslaved and realised that it's not funny, after all. Not funny at all.