by Ondrej Krehel
Being a woman in the digital world makes you a target.
In two separate cases earlier this month, hackers targeted young women. First they sought compromising images and video of the victims, then extorted them, threatening to release the images to their friends and family and on the web.
In one case, a 23-year-old California man hacked roughly 3,200 email accounts belonging to young women, guessing at their password reset questions on Gmail, Yahoo Mail, Hotmail and other web services. He combed their Sent Mail folders and found compromising images of more than 170 women. The hacker then used the webmail password information to hack his victims’ Facebook pages. From there he targeted their friends, posted graphic photos on their profiles and tried to extort more pornographic images from them in exchange for not releasing other photos.
A Los Angeles man was arrested in a similar—and perhaps even scarier—case. In a series of “spear fishing” attacks, he would send victims a video link from a friend’s or sister’s hacked social networking account. When the victim clicked on the link, it downloaded a virus that gave the hacker control over her computer, including the webcam and microphone functions. Soon he had captured more than 100 computers and spied on 230 people, watching them through their computers, without them knowing about it.
“Wha's so frightening about this case was how easily the victims’ computers were compromised,” FBI Special Agent Jeff Kirkpatrick, a Los Angeles cyberinvestigator who worked the case, said in an interview posted on the FBI’s website.
Most of the victims were teenage girls, and the hacker demanded more pornographic images from at least one of them. If she didn’t comply, he threatened to send what he found on the girl’s computer to her parents.
“If he hadn’t attempted to contact the victims,” FBI Special Agent Tanith Rogers said, “he could have done this forever and gone undetected—the victims would never have known he was listening and watching. That is one of the most disturbing things about this case.”
This is just one more graphic reason to use strong passwords and to make sure your passwords are different for email, social networking, and financial and other frequently used sites. Be wary of video and image links—even those sent by friends—and always make sure you have a strong antivirus, anti-malware and firewall package up and running.
Being suspicious and having a keen eye for detail are always the best protection.
Ondrej Krehel, Chief Information Security Officer, Identity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.