Aug 18 – Earlier this year, the CEO of a small, well-known cyber security company received a disturbing message from cyber criminals stating that the company’s data would be leaked, unless a ransom payment were made.
The CEO refused to negotiate. In a never-before-seen move, the hackers dug up an electronic copy of the CEO’s son’s passport, the name of his school and his telephone number. The message was unmistakable; pay or your family is in danger.
Online threats turn real
In recent months, a number of Western cyber security professionals have revealed that online threats were taking on a physical dimension. In other words, cyber security professionals are becoming a target.
The cyber criminal group that threatened the aforementioned CEO is known for its use of “swatting.” This is a practice that involves a threat actor calling the local authorities while pretending to be the victim of an armed attack. In turn, the authorities send a SWAT team to a target’s home.
“Basically, they’re trying to get someone killed,” said the CEO, who was told by local police that the best option in that kind of situation is to lie down on the floor.
More real-world threats
The threats are often unexpected and highly inventive in the worst of ways. One hacker mailed a gram of an illegal substance to the home of Brian Krebs, a highly regarded cyber security analyst. The hacker then followed-up by having a florist deliver, to Kreb’s door, a giant floral bouquet in the shape of a cross.
In another case, a cyber security researcher in Eastern Europe came home to find that his living space had been “expertly rifled through” by thugs who disabled his home security, but missed a new nanny-cam that his wife had recently installed. After the home invasion, the researcher’s bank account was hacked, his company’s tax documents were doctored and released, and his family’s photos were traded as trophies on hacker forums.
Another researcher reported that he was followed while on a vacation, that he received threatening phone calls, and that his wife received unsolicited photos.
Billions from victims
The fact that cyber criminals based in nation-states and other foreign countries can target industry professionals based in Western Europe or the U.S. shows how grossly determined hackers are to harass, exploit and extort victims in exchange for financial reward.