Sextortion and Cybercrime

Sommaire

Sextortion and Cybercrime: It was 2019 and a wave of panic swept across France as millions of citizens received threatening messages in their email boxes, orchestrated by two young hackers, Jordan R. and Augustin I., who were then 20 years old. These individuals appeared before the court on September 24, 2023, accused of a series of cybercrimes, including extortion and money laundering in organized gangs.

A lire aussi sur DPO PARTAGE

Privacy by Design: A Complex but Essential Implementation

The Power of GAFAM on Our Privacy: A Bewildering Experience Through Requesting Our Data from TikTok and Instagram.

TikTok: Installing the App Can Give Access to All Our Data, Warns Social Media Specialist Fabrice Epelboin

The Modus Operandi

The messages sent by the accused were filled with threats of releasing compromising videos, allegedly obtained by hacking the victims’ webcams. The recipients were demanded to pay 500 euros in bitcoins to prevent the disclosure of these videos to their contacts. This tactic, known as “sextortion,” spread terror and led several dozen people to give in to the blackmail.

Special DPO – Our AI helps you implement GDPR compliance, answering all your GDPR-related questions and issues, including IT security… A specially programmed AI.

An In-depth Investigation

Although sextortion is generally based on bluff, the scale of this campaign quickly caught the attention of the authorities. The investigation revealed an extremely effective system for sending threatening emails, although clumsy in attempting to escalate the blackmail. The two accused individuals shift blame onto each other, each claiming to have been influenced by the other due to a desire for financial gain.

Technical Revelations

The investigation led to the identification of Jordan R., residing in Ukraine, and Augustin I., who was already known for creating the malicious software, TinyNuke, which had targeted Société Générale’s clients in 2018. Investigators discovered another malware, Varenyky, which played a central role in the sextortion campaign. This malware enlisted over 1,300 computers in a network of “bots” used to massively send threatening messages.

Gray Areas

The financial gains of this operation remain unclear, with estimates ranging from 20,000 to 200,000 euros. Furthermore, the exact extent of the accused crimes remains uncertain, as other sextortion campaigns have been carried out by different individuals. Since the arrest of the two accused, this type of blackmail has not ceased, with an increase in emails impersonating police or gendarmerie officials since 2020.

Exclusive from DPO PARTAGE