Friday, September 4, 2015

Research: Ashley Madison Bitcoin Blackmail is Cheap and Profitable

How much have Ashley Madison customers been blackmailed for since their personal data was leaked last month? One cybersecurity firm thinks it might have the answer.

In a 1st September blog post from network security firm CloudMark, software engineer and research analyst Toshiro Nishimura suggested that as much as $6,400 may have been extracted from those seeking to buy the silence of the blackmailer.

Bitcoin News reported last month that customers Ashley Madison, a website that advertised itself as a platform for infidelity, were receiving blackmail threats by email that contained personal information derived from the cache of released information.

Nishimura said the team tracked bitcoin payments around the time the blackmail threats emerged using blockchain analysis. The process looked for payments with bitcoin amounts consistent with the demands they reviewed – for 1.05 BTC – and showed little transaction history prior to the period.

Nishimura wrote of the findings:

"We found 67 suspicious transactions totaling 70.35 BTC or approximately $15,814 USD within the extortion time frame of approximately four days paying 1.05 BTC to addresses, with no previous activity, and with two or fewer transaction outputs.... (We conservatively restricted ourselves to ordinary transactions with two or less outputs, thus excluding those which were less likely to be simple one-to-one payments.)”

Nishimura – who tempered his post by saying that the results are not as yet conclusive – went on to say that those conducting the blackmail attempts stand to benefit given the free cost of exploitable information and the cheap resources – an email and a bitcoin address – required.

He also speculated that, in the future, blackmailers may seek to further obfuscate their efforts in order to avoid identification, which he suggested could be achieved by tracing the addresses used in the blackmail emails.

“Since this search would not have been possible without the consistent extortion amount, we suspect that future attempts at Bitcoin-based blackmail will randomize the amount they demand,” he wrote.

Image via Shutterstock

Ashley MadisonCrimeSecurity

No comments:

Post a Comment