The Human Stories Behind Cybercrime

You are currently viewing The Human Stories Behind Cybercrime

At SaferNet, we report daily on global cybercrimes, from governments to corporations, to small businesses, and to smartphone malware affecting thousands of individuals and families. Today, we’re going to look at the individual stories of people receiving end of cybercrime – the human stories behind a hack.

These stories were collected from around the web, including Heimdall Security, Telegraph UK, NY Times, Reddit, Buzzfeed, Medium, The Atlantic, Reader’s Digest, and various blogs.

A thanksgiving ransomware attack:

“Two days before Thanksgiving, Alina’s mother got hit by a ransomware attack. 5,726 files got locked by CryptoWall, an encryption malware so powerful it is almost impossible to recover the information. Alina’s mom contacted the attacker through the ransomware’s communication feature. As all ransomware creators, he told her she can either pay to get her files back or lose them forever. Despite backing up her files 6 months ago, she decided that losing half a year’s worth of photos, documents and other files was too much, and so decided to pay the ransom.

The price to unlock her files was 500$ in the first week and 1000$ in the second one, after which the files would be deleted. Payment was to be done in Bitcoin, a complicated process which she had to learn on the fly. Because of a major snowstorm that closed down the banks, Alina’s mom couldn’t pay the ransom in the first week, and ended up having to plead with her attacker to not increase the price to 1,000$. Surprisingly, he accepted and gave her the key to unlock her files. However, no one should ever pay a ransom, the risks far outweigh the benefits.”

Eric, who fell victim to a social engineering trick:

Cybercrime

“An impersonator once found out some of Eric’s fake information he used to register a website by looking into a public WHOIS registry for website owners. The impersonator then used Eric’s fake information in a conversation with an Amazon customer support representative and found out his real address and phone number. Using Eric’s real information, the impersonator got in touch with various services and even managed to issue a new credit card in Eric’s name. Eric got wind of his impersonator’s efforts by reading the customer support transcripts, and also found out his real purpose: to get the last 4 digits of his credit card. Amazon didn’t do anything to protect Eric’s account, even though he repeatedly signaled the problem, so he finally decides to switch from Amazon to Google. As a parting note, he gets an email from Amazon implying they have provided the impersonator with the last 4 digits of his credit card. This story about this guy’s tumultuous experience with Amazon will make you think twice about storing confidential information in your online accounts. The fact that Amazon failed to protect his account and look into the matter shows how a lack of cyber security education can endanger users”

A shorter story from the Buzzfeed community:

“About six months after my dad passed away, someone in China hacked his account and started posting weird adverts. It really distressed my mum to see his account posting stuff. We had to get Facebook to memorialize his page because his email account had been closed.”

An Atlantic reader shares his story on being hacked:

“Have I ever been hacked? Sure, lots of times. I had my identity stolen several times when I lived in California, even before the internet was a thing. One of those thieves opened credit accounts and went bankrupt, which made for a real mess when I tried to get my first credit card. About once a year, I have to close a credit account because of fraud. Usually, I am notified by the issuing card company of suspicious activity.

My father lost his life savings in several accounts when thieves stole his debit card and checks. One of my email accounts has been hacked. My Facebook page has been hacked. So yeah, I’ve had experience with this.”

A dutch journalist experiments with coffee-shop hacking:

“Maurits Martijn, a Dutch journalist at De Correspondent, entered a busy Amsterdam café with Wouter Slotboom, an ethical hacker. Within a few minutes, Slotboom had set up his gear, consisting of a laptop and a small black device and connected to the coffeehouses Wi-Fi. Soon enough, his laptop started to display what other people in the café were doing on their devices: what games they were playing, what apps they had installed, Google searches, password and email accounts and more.

According to Slotboom, it wasn’t even that difficult. All you needed was around $80-90 worth of software and equipment, an average intelligence and that was it, a few minutes was all it took to get a hold of a few dozen users personal information. Slotboom’s small, black device could fool a phone into connecting to his own Wi-Fi network, giving him control over the entire traffic coming and going from a device. If Slotboom wanted to, he could wait until one user wrote in his email address and password and then take it over. With it, he could control most of the services registered on that email. While you don’t need to be paranoid every time you connect to a public Wi-Fi, it’s best if you know the risks of doing so.”

A cybersecurity blogger on recovering from Ransomware:

“I’m a recent ransomware survivor. My laptop was infected when I clicked on a link to download a whitepaper that turned out to be hosted on a compromised Ad-Server. Ironically, the whitepaper ad was from a well-known security solutions company with the title ‘Preventing Ransomware’!

I later learned that the Ad-Server Brent Media’s domain had just expired, and was picked up immediately by the individuals behind this particular Ransomware attack.

After clicking the link, it was clear to me that something unusual was happening as a small window opened and closed in the blink of an eye and the ransomware went to work on my files. Amazingly, of all the security controls I had on my computer, none of them worked – no data loss prevention alert, no ‘active defense’, nothing.

In my case, on attempting to access my files, I was met with a message explaining that they were encrypted and required a specific code to unlock. You read many stories about the levels of “customer service” offered to victims by cybercriminals behind ransomware, but here the level of “service” offered wasn’t detailed, and would have been difficult for a non-technical person to follow; showing that this perhaps wasn’t a cutting edge scam.

Other clues that this wasn’t the latest in ransomware were to follow. Although I backup regularly, I chose to attempt to restore some original files. Running widely available software from BitDefender, I was able to recover a number of my files relatively easily. I was also able to run some code developed by White Hats to further restore some folders – it turns out that the majority of the encryption key code was poorly hidden within the ransomware itself.

By viewing details of the Bitcoin Vault in which it was suggested I pay my ransom, I also worked out that the ransomware strain at work here was a derivative of Locky – a well-known version of ransomware.

So, it seems that I was lucky, and the fact that I wasn’t worse off has a lot to do with my knowledge of cybersecurity. I was able to mitigate the effect of the virus by immediately isolating my laptop from any networks, confining the ransomware to a single device. I was also lucky in that I knew I had backups, and didn’t feel the need to pay the ransom – a surefire way of opening yourself to further attacks from criminals who are likely to leave an easy backdoor once they “release” your files.”

Laura, who fell for SMS-phishing:

“Laura was at work when she received a text alert from her bank confirming a $700 transfer request.

She immediately panicked because she hadn’t made the request. When she tried to log into her bank account to cancel the transfer, her password was rejected. She tried the “reset my password” option but found that she couldn’t log into her email to access the reset link from her bank.

That’s when Laura knew she’d been hacked—and it was because she’d used the same password on both accounts, and maybe not the most secure one, at that—her pet’s name.

Though Laura was able to cancel the transfer with a phone call to the bank, the email hack was trickier to fix. She ended up being locked out of her account for days. The hackers also had gotten into her online shopping account using the same password and ordered $500 in gift cards, which were sent to a different email address.

All told, it was about a week before things were back to normal with her accounts. Even after Laura regained access, she was haunted by what the hackers could’ve accessed through her email account. She spent many sleepless nights thinking about the social security number listed on tax document attachments and her home address that appeared in numerous emails.”

A blogger writes about his website being hacked:

“First, I started receiving messages from followers on Twitter about virus alerts on my site. I try to personally respond to every message I receive, but at that time I had nearly 15,000 Twitter followers and was getting a ton of spam! Most of it is about some video they found of me on Facebook or how someone is writing terrible things about me. (It may have worked to trick me to click through if I didn’t have 20 different people all sending me the exact word-for-word message.) After checking my site and not seeing anything wrong or getting any virus alerts when I visited it, I assumed these were more virus spam.

I have thousands of great followers, some of whom have alerted me when there were problems with my site which I have taken very seriously, but I could’t find anything wrong this time.

Finally, someone sent me a screenshot of a warning message from Chrome. I checked it once again, and bam! There it was in my face. Google had blacklisted me as a potentially malicious website.

Frantically, I searched the code on my site, but I couldn’t find anything wrong. Google Webmaster Tools will even tell you exactly what code on your website is getting you blacklisted, but I couldn’t find that code, even when doing a full search of my site.

I immediately changed all of my passwords including FTP, WordPress, and MySQL.

After much cursing of Google for telling me what the code was but not where to find it, I found how hackers often use base64 code to obfuscate what they are doing, and then I shifted tactics.

Like Sherlock Holmes checking under the fingernails of the dead victim, I found an online base64 decoder, and pasted the code into it. What I discovered was more base64 code. Again, I copied that in and voila! There was the javascript code that Google Webmaster tools had been telling me all day was my problem.
This time I made copies of these files and added the file extension .hacked.txt to render them useless, downloaded them to my computer, and deleted both the copy and the original, then uploaded a fresh version of any file that needed it from my computer.

All done and good now, right? Not quite. How did my site get hacked in the first place? All I did was clean up the mess, but the door was still open somewhere, and likely, I knew, they had added their own backdoor.”

A story on identity theft:

“Several years ago I had my identity stolen and apparently sold to a variety of thieves, who attempted to open about a dozen credit-card accounts with my info. I filed numerous federal and local reports, retained services of an Identity Theft consultant for a year (paid for by my insurance company), spent dozens of hours on the phone, and created voluminous files and records of the entire situation to share with law enforcement, credit bureaus (all three), bank credit card fraud prevention managers, etc..

Our local sheriff’s department detective was very sympathetic but basically told me they accepted reports but didn’t investigate these (frequent) crimes because they didn’t have resources, even though we provided the addresses of phony drop boxes in our state where the thieves were obviously picking up the mailed credit cards had they been successful open obtaining any.

The three credit bureaus are totally unhelpful in helping to resolve these crimes. They apparently see them as a chance to sell you more fraud-detection software and will only place a mandated long-term (seven-year) block on your credit records (rather than the year or less they grudgingly offer) if you can provide copies of local reports to law enforcement plus the Federal Trade Commission ID Theft report. In other words, they are more interested in converting your problem into a revenue source for themselves. Federal legislation around the credit bureaus is as full of loopholes as Swiss cheese, due no doubt to their extensive lobbying efforts to our elected representatives who are supposed to be protecting citizens’ interest.

Then, to add even more grief to the experience, one friendly bank-fraud-prevention manager was kind enough to tell me that, based on his lengthy experience with these activities, once we got the fraudulent requests stopped, we could look forward to having it all start up again in about six months—which is apparently the maximum amount of time most people are able to get the credit bureaus to flag their accounts. And sure enough, after just about six months to the day, we had more fraudulent credit-card requests start hitting again—fewer this time, probably because the crooks figured out pretty quickly we had placed the seven-year-block flags in place, rather than the usual short-term blocks most victims end up with at the bureaus.

This is a big, serious problem that is not getting the attention from our elected officials it deserves. These slime balls can reach out from anywhere in the world to ruin your life, mostly with impunity, and it’s obviously getting much worse, since we’re seeing hackers now being accused of breaking into government systems and influencing our elections. This is totally a federal issue because of the state (and national) border lines crossed in the activity. Our national security and military tech specialists probably already have the capability to catch these criminals, they just need the motivation and direction from our political leaders paying attention to the number of honest taxpayers who are being preyed upon.”

John and his Ransomware attack:

“One morning in 2016, John turned on his computer. A message on the screen said he had 14 days to pay a ransom in Bitcoin, or all his files would be deleted forever.

“My first reaction was panic. My second reaction was to get on another computer and figure out exactly how much 1.71 Bitcoin was worth in US dollars.”

A lawyer with his own practice in Chicago, John was terrified at the thought of losing all the client files stored on the computer, almost none of which were backed up anywhere else.

It would cost around $600, at the 2016 rate. That’s when he says anger set in. John felt his privacy was being violated in the same way as when his home had been burgled years earlier.

“I decided I was not going to give them a penny, and was going to find some way around this.” He consulted several local computer security companies, but found only one that would help.

The price would be $7,000 if they were able to crack the ransomware, and $0 if they couldn’t. It was more than 10 times the ransom, but John decided to say yes.
He was angry, and didn’t trust the criminals hiding behind the message on his computer screen. “I thought, what’s to stop them from asking me for more money?” he says.

“If it had been my personal computer I probably wouldn’t have paid, but this was absolutely necessary for my business and my clients.”

Three days later, his computer came back from the security firm with all files intact, but he kept noticing suspicious emails in his inbox urging him to click on unnamed documents.

Feeling paranoid, he bought a new computer, and now stores files from the old computer on a separate hard drive that isn’t connected to the Internet.
“I think I always understood the risk, but just ignored it. Now, I’m much more cautious about security and software updates and always make sure that I do regular backups. I also use a cloud-based software with the highest security protections for all my client files.”

John never reported the crime to the police, but he did contact his insurance company and was lucky to speak to a representative who was willing to help.
They classified it internally as “cyber-terrorism,” he says. And they paid the $7,000.”

A Reddit user on how he was hacked via social engineering:

“Messed up by giving a hacker pretending to be my friend some email info. Guy hacked every single account I have, recovered compromising info from my iCloud, blackmailed me and threatened to expose me unless I did inappropriate things for him. I refused. He uploaded. I spent the rest of the month scrambling to fix it. This stuff does happen IRL [in real life]. Stay safe.”

A suburban Chicago mom whose Facebook was locked, stealing years of memories:

““There was a notification from Facebook on my phone … that said your account might have been compromised,” Heather Mack said. “They said that it was permanently disabled. I will never be able to access it again.”

Mack assumed the worst; her family photos and posts, her page for her small clothing business, even a 30,000-member Elvis fan group she founded, all out of reach for her after Facebook locked her out for violating community standards.

“I’m really sad,” she said.

On top of that, scammers used Mack’s account to buy stuff on Facebook – like ads in Spanish – to the tune of $1,000.

“It’s so frustrating that I am not able to speak with anybody at all in regards to what happened, or why it happened,” she said.”

Protection From Cybercrime

As you’ve read, cybercrime has a very real human element at the end of it. Every day, thousands of new victims are made. It is important that business owners and families have the best tools for the job when it comes to protecting their devices. One of these tools is SaferNet.

SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories

Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.

Leave a Reply