Credit: Keith Hall/modified
Cybercriminals are maddeningly adaptable.
If a Dark Web illicit marketplace gets shut down, others spring up almost immediately to take its place. If credit cards get tougher to hack, there is always spear phishing, poorly protected electronic health records or the unending variety of devices that make up the Internet of Things (IoT), most of which have little to no security built in.
All of which offer opportunities for blackmail.
Not that the concept is new. But criminal threats demanding ransoms have tended to lean more toward extortion than blackmail. As in: “Your computer is locked, and if you ever want access to your files again, here’s where to send $1,000 in Bitcoin.” Or: “We have penetrated your network, and unless you pay us, or do what we want you to do (a la the Sony hack, where the demand was to cancel the release of a movie deemed derogatory to North Korea’s Supreme Leader), we will expose not only business information, but the personal information of your employees.”
More recently, with the hack of Ashley Madison, the adultery website, which led to exposure of everything from personal information to nude pictures and sexual fantasies of 37 million users, some of the fallout has included offers to scrub the information – for a fee, of course. Or, threats to expose it, unless a “ransom” is paid.
In other words, it’s less about your business and more about you – information that could be embarrassing, socially damaging and/or cause major trouble in the most important relationships in your life.
Even if a marriage is already on the rocks, it could cause somebody trouble in divorce or custody battles. As J.J. Thompson, founder and chief executive of Rook Security put it to CNBC recently, “everything is leveragable by the right person who is looking for the right thing.”
Most security experts don’t see the Ashley Madison fallout as signaling a major trend toward personal blackmail. “Big, sweeping trends take time to develop,” said Eva Velasquez, CEO and president of the Identity Theft Resource Center.
But it is a crime of opportunity that they say is growing, because those opportunities are expanding.
“With the rise of Internet of Things, more personal data will be collected in devices ranging from wearables like Apple watches and Fitbits, to personal medical devices,” said Yo Delmar, vice president of GRC Solutions at MetricStream.
Carl Herberger, vice president of Security Solutions at Radware, agrees. “The Internet has the unique ability to record deep secrets of nearly everyone, and nefarious actors need not look far before they stumble upon some data that one might pay to keep from being revealed,” he said.
Sign up for Computerworld eNewsletters.