Determining the total revenue of a blackmailer: Bitcoin is offering new possiblities

Reading harsh spam emails

Last weekend I was kind of bored and every time I am bored I take a look into my spam folder to amuse myself. As I scrolled through the list I suddenly was shocked for half of a second because the subject of this one email was my email address and my default password, which I used for several services.

Since I was aware of the fact, that this password was leaked several times in the past, this shocking moment disappeared quite fast. To check if your passwords got leaked, visit this page. My credentials were leaked 7 times.

However, I was excited to read the content of the email. Not surprisingly, it was a very harsh blackmail where the sender accused me of watching porn. Further on, he had hacked my webcam and now has some videos of me watching porn. He also kindly mentioned that I have a good taste, which I think was nice.

Here is the mail:

I am aware <my_default_password> is one of your passwords. Lets get directly to the purpose. Nobody has paid me to check you. You do not know me and you're probably wondering why you are getting this e mail?

actually, i actually installed a software on the 18+ streaming (sexually graphic) web-site and do you know what, you visited this web site to have fun (you know what i mean). While you were watching videos, your web browser started out operating as a Remote Desktop having a keylogger which provided me access to your display as well as webcam. after that, my software gathered all your contacts from your Messenger, Facebook, and e-mail . and then i made a double-screen video. First part shows the video you were watching (you have a good taste rofl), and 2nd part shows the recording of your cam, yea it is u.

You have got two different solutions. Lets take a look at each one of these options in aspects:

Very first alternative is to neglect this email. Then, i will send out your actual video to all of your personal contacts and also think about about the humiliation you can get. and definitely should you be in an intimate relationship, just how it will certainly affect?

other alternative would be to pay me $989. We are going to describe it as a donation. in this scenario, i will straight away discard your video. You could continue on with everyday life like this never took place and you will not hear back again from me.

You will make the payment through Bi‌tco‌in (if you do not know this, search for 'how to buy b‌itcoi‌n' in Google search engine).

B‌T‌C‌ ad‌dre‌ss to send to: 1DG8pnwK9vdevHjB1nfDQRUmyYVJyPQNf9

[CaSe sensitive so copy & paste it]

if you may be thinking about going to the law, surely, this email message can not be traced back to me. I have taken care of my moves. i am also not looking to charge a fee a whole lot, i just want to be paid for. right now if i do not receive the ‌bi‌tco‌in‌, i definitely will send out your video recording to all of your contacts including relatives, co-workers, and so on. Having said that, if i receive the payment, i'll destroy the video right away. If you need proof, reply with Yea! then i will certainly send your video recording to your 15 friends. it is a non:negotiable offer so do not waste my time & yours by responding to this email message. 

However, I hope all of my readers know that this kind of emails are bullshit. And by the way: I do not even have a webcam. Hacking a webcam through the internet is quite hard, but hacking a non-existing webcam is nearly impossible!

Bitcoin offers new possibilities

I remembered, that you can publicly see all activities from a particular web page. This is a big disadvantage in terms of privacy, but in this case it is more an advantage, I guess.

I searched for a service to view bitcoin data, and I have found https://www.blockchain.com. So to check the total revenue of this blackmailer, just open https://www.blockchain.com/en/btc/address/1DG8pnwK9vdevHjB1nfDQRUmyYVJyPQNf9.

At the time of writing this post, the blackmailer has gotten 17 payments and earned 2.77 bitcoins, which is 9277.15 Euro. I think this is not a bad revenue for tapping a leaked data set with user credentials and send a few mails with a nasty text through a hacked email server. If the blackmailer gets lucky, the bitcoin exchange rate even goes up again.

I am not quite sure but i guess the downside for the hacker also is, that he can not easily change the bitcoins to any real currency. Maybe it is easy, I am not so familiar with this shady businesses.

Comparison with the state of the art

I was curious about how other spammers perform and as a scrolled through my spam folder again, I have found another blackmail. That one had a similar text and also a bitcoin address. The only difference I noticed, was the missing leaked password. The bitcoin address had no transactions and was empty.

So my conclusion for this is, that the leaked password approach is way more efficient in terms of profit. However, to prove this hypothesis more evidence in this field of research is needed.