Interpol has dismantled a sextortion ring based mainly in Hong Kong that tricked people into installing a malicious mobile app that stole their contact list, allowing the criminals to blackmail them with threats of releasing private, sensitive photos and videos.
The word “sextortion” usually brings to mind those annoying, implausible emails that tell us hackers compromised our devices, then demand Bitcoin to delete videos they claim to have taken of us through our webcams. But the sextortion ring Interpol dismantled took it all to another level.
“The cybercriminals contacted their victims, based mainly in Hong Kong (China) and Singapore, through online sex and dating platforms before asking them to download a malicious mobile application via a hyperlink to engage in ‘naked chats,’” explained Interpol.
Unfortunately, criminals designed the app to steal the contact list. The victims would then be blackmailed with the release of the videos and photos to the contact list. By using this method, criminals managed to extort at least $47,000.
”We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which – along with the joint efforts by our counterparts – allowed us to identify and locate individuals linked to the criminal syndicate,” said Raymond Lam Cheuk Ho, acting head of the Hong Kong Police’s Cyber Security and Technology Crime Bureau.
In two months, 12 suspects have been apprehended. The Hong Kong police said it wouldn’t have been possible without collaboration from multiple countries.
Interpol also warned of this new type of crime and said that sextortion attempts are on the rise, exacerbated by the COVID-19 pandemic. The agency also launched an awareness campaign on cyberthreats a few months ago. Its focus is to inform as many people as possible that a single click on the wrong link or a photo sent to someone can lead to a negative outcome.
The campaigns recommend that victims of sextortion or other cybercrimes observe the following steps:
· Cease all contact with the suspected cybercriminals
· Don’t pay or provide further images or information to the suspected cybercriminals
· Keep or assemble any evidence of the crime
· Report the crime to police