Webmail 'extortion attack' underwhelms

Dec 11 cyber extortion alert sparked by only a single user, not a widespread attack

An alarming "new form" of cyber-extortion uncovered by security vendor Websense in recent days now looks as if it could be nothing more than an elaborate practical joke.

An alert put out by the company on Dec. 11 described a new type of cyber extortion attack whereby a webmail account could be compromised in such a way that the affected user would have to pay to have their inbox contents returned to them. Composed in bad Spanish, the attackers left an unwanted message, translated by Websense:

"If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"

If true, the attack would have been the first of its kind, a disturbing extension of previous cyber-extortion attacks from 2006 which focused on encrypting files and demanding a ransom to have them unlocked.

To quote the description of the attack from the Websense Security Labs website:

"Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users' online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts."

It now looks as if only a single user was affected by the scam, and that the attack happened after they had visited an Internet cafe. "This is not a widespread attack," admitted a source on behalf of Websense.

The technical details of such an attack are critical to judging its seriousness. By what means was the attack launched? How did the attackers gain access to the user's webmail account? Given that the affected user is now said by Websense not to be responding to requests for information, it is possible that the criminals gained access to his or her account simply because the victim forgot to log out of a cyber-cafe-owned PC.

That ranks the threat as little more than an elaborate practical joke and hardly a "new form" of cyber-extortion. The only interest here for security researchers would be that it demonstrates the hypothetical potential of webmail to be abused using extortion-based malware, if such malevolent software existed.

A Websense source was able to confirm some further details. "There was no encryption involved here. The data was removed rather than encrypted. The channel used was email. The customer did not respond to the email so we do not know what the drop request was but our guess would be eGold."

Previous Websense cyber-extortion reports have been altogether more serious -- and significant. In May, came news of a sophisticated cryptographic attack, while more recently came the predictable follow-up. Both were originally uncovered by Kaspersky Labs. Encryption extortion is being touted as one of the malware trends of 2007.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Techworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?