Sextortion and Cybercrime: It was 2019 and a wave of panic swept across France as millions of citizens received threatening messages in their email boxes, orchestrated by two young hackers, Jordan R. and Augustin I., who were then 20 years old. These individuals appeared before the court on September 24, 2023, accused of a series of cybercrimes, including extortion and money laundering in organized gangs.
The Modus Operandi
The messages sent by the accused were filled with threats of releasing compromising videos, allegedly obtained by hacking the victims’ webcams. The recipients were demanded to pay 500 euros in bitcoins to prevent the disclosure of these videos to their contacts. This tactic, known as “sextortion,” spread terror and led several dozen people to give in to the blackmail.
An In-depth Investigation
Although sextortion is generally based on bluff, the scale of this campaign quickly caught the attention of the authorities. The investigation revealed an extremely effective system for sending threatening emails, although clumsy in attempting to escalate the blackmail. The two accused individuals shift blame onto each other, each claiming to have been influenced by the other due to a desire for financial gain.
Exclusivité DPO PARTAGE
Trouver le DPO d'une société
Nouveau service pour trouver le DPO d'une société et lui ecrire pour rectifier vos données.Annuaiare des DPO
The investigation led to the identification of Jordan R., residing in Ukraine, and Augustin I., who was already known for creating the malicious software, TinyNuke, which had targeted Société Générale’s clients in 2018. Investigators discovered another malware, Varenyky, which played a central role in the sextortion campaign. This malware enlisted over 1,300 computers in a network of “bots” used to massively send threatening messages.
The financial gains of this operation remain unclear, with estimates ranging from 20,000 to 200,000 euros. Furthermore, the exact extent of the accused crimes remains uncertain, as other sextortion campaigns have been carried out by different individuals. Since the arrest of the two accused, this type of blackmail has not ceased, with an increase in emails impersonating police or gendarmerie officials since 2020.
Exclusive from DPO PARTAGE
Your Questions about GDPR
Get your questions about GDPR compliance answered for free.
A response to your concern will be provided within the day.