[conspire] (forw) josh at unixmercenary.net:[redacted password]

Rick Moen rick at linuxmafia.com
Wed Aug 8 21:32:19 PDT 2018 

I mentioned a week or so ago an automatically generated blackmail e-mail
with an interesting feature, if you remember, right?  But I hadn't saved
a copy?  Well, here's one 95% identical.  

The interesting feature is the (probably sniffed somewhere) password I
use, that I've replaced below with [redacted password].  This is the
'hook' in the scam, the part intended to frighten the target.

That's the new bit.

But wait, you say:  They're trying to threaten josh at unixmercenary.net,
not you.  This is because the late Josh Neal's unixmercenary.net domain
now maps to my IP address (something I didn't explain last time -
sorry), and I deliberately still intercept any mail to his
josh at unixmercenary.net mailbox just in case a friend or colleague is
unaware of his tragic early death, about a decade ago.  _So_, my guess
is, a scammer script intecepted login traffic for some low-security
purpose, determined that the query came from IP 198.144.195.186 (my
machine), and then separately tried to guess what user/domain had
originated the query and (incorrectly) guessed josh at unixmercenary.net.
A bot then cobbled together a blackmail threat from template material.

The sadly _plausible_ theory underlying this threat is that if
josh at unixmercenary.net was using [redacted password] in one place where
security didn't matter, he was likely also using it in places that do,
maybe even sexual habits embarrassing enough to pay blackmail money
over.

These threats don't _need_ to be able to stand up to logical analysis.
To work on enough targets to make money, they need only hold up long
enough to put a tiny percentage of targets into an overly hasty state of
panic.  A tiny bit of attention finds lots of howlers, of which my
personal favourite is the 'I have a unique pixel within this e-mail'
bit, not really credible in an all-ASCII e-mail.

----- Forwarded message from Helena <info> -----

Return-path: <info at ednawest.com>
Envelope-to: josh at unixmercenary.net
Delivery-date: Wed, 08 Aug 2018 19:40:03 -0700
Received: from mail.ednawest.com ([46.161.42.79])
	by linuxmafia.com with esmtp (Exim 4.72)
	(envelope-from <info at ednawest.com>)
	id 1fnarm-00023y-Mb
	for josh at unixmercenary.net; Wed, 08 Aug 2018 19:40:03 -0700
To: josh at unixmercenary.net
From: Helena <info>
Date: Wed, 8 Aug 2018 19:39:58 -0700
Importance: normal
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=UTF-8
Message-ID: <rtn5t0k-nbbz81-5F@>
X-SA-Exim-Connect-IP: 46.161.42.79
X-SA-Exim-Mail-From: info at ednawest.com
Subject:  josh at unixmercenary.net:[redacted password]

It appears that, ([redacted password]), 's your password. May very well not know me and you are probably wondering why you're getting this e-mail, right?
 
in fact, I put in place a viruses on the adult videos (porno) web-site and you know what, you visited this web site to have fun (you know what I mean). Whilst you were watching videos, your internet browser began operating like a RDP (Remote Access) which gave me accessibility to your screen and web camera. after that, my software programs obtained your complete contacts out of your Messenger, Microsoft outlook, FB, as well as emails.
 
What did I actually do?
 
I created a double-screen video. 1st part shows the recording you are seeing (you've got a good taste haha . . .), and Second part shows the recording of your webcam.
 
exactly what should you do?
 
Well, in my opinion, $1500 is really a reasonable price for our little secret. You will make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).
 
Bitcoin Address: 1Cs4eNWdYALSqxkQZ4HAR9ycYAUnWkB8f3
(It is case sensitive, so copy and paste it)
 
Important:
You've got 3 days to make the payment. (I have a unique pixel within this e-mail, and at this moment I am aware that you've read through this email message). If I don't get the BitCoins, I will certainly send your videos to all of your contacts including family, coworkers, and so forth. Having said that, if I receive the payment, I'll destroy the video immidiately. If you want evidence, reply with "Yes!" and I will definitely send out your videos to your 6 contacts. It is a non-negotiable offer, that being said don't waste my personal time and yours by answering this message.


----- End forwarded message -----

More information about the conspire mailing list