Skip to Content

Cyber Saturday—A Creepy Sextortion Scam, Facebook Fights Disinformation, Maersk vs. NotPetya

Good morning, Cyber Saturday readers.

Several friends and professional contacts phoned me in a state of panic this summer. They said they had received emails from a shady entity claiming to have hacked their computer webcams while they were viewing adult websites. The interlopers threatened to send video clips of these folks doing—well, you can guess—to all of their contacts unless they paid a ransom.

Should they pay? Should they torch their electronics? How does one acquire $1,900 in Bitcoin?

Normally, one might ignore the demands of a random stranger making outrageous claims on the Internet. But these messages bore a troubling bit of information, something that instantly set their targets on edge. “I am aware, [redacted], is your pass word,” the notes began, accurately.

Imagine finding this in your inbox. Subject line: “[your name] – [one of your passwords].” Try not to snap to attention.

Here’s what I advised everyone to do. First, calm down; breathe. Second, check to see whether any accounts tied to that password appear in Have I Been Pwned, a searchable database that identifies what personal information of yours may have leaked as a result of various online breaches. If any accounts that once used that password pop up, then the extortionist likely scraped all of the information from one of these data dumps. Translation: The crook has not been monitoring your every keyboard touch, screenshot, and webcam image. Rather, the delinquent is bluffing—frightening unsuspecting victims into forking over cryptocurrency.

In every case, Have I Been Pwned showed the passwords to have spilled as part of a leaked dataset originating in a 2012 breach of LinkedIn—a relief. So I advised my confidantes to take a few steps. Change the password for any account still using the exposed password. Download a secure password manager to keep track of the new (stronger, I hope) passwords. Apply two-factor authentication, an extra security measure, wherever possible—preferably using apps that serve up one-time codes versus SMS texting. While you’re at it, go ahead and cover up that webcam. (Brian Krebs, another journalist who investigated the scam, has more tips here.)

Ryan Kalember, senior vice president at Proofpoint, a cybersecurity firm, shared my instincts. When I emailed him for his opinion, he recommended, as a first course of action, checking Have I Been Pwned. “If it shows up there, you’re probably fine—this campaign seems highly automated, with just enough tweaking to get through most spam filters and email gateways,” Kalember said. But: “If the password doesn’t show up there, that’s more worrisome, and you should definitely investigate whether you’ve recently clicked on a phishing link for the account where you used that password, or have your computer compromised with credential-stealing malware.”

None of the people who sought my counsel ended up paying the ransom, as far as I know. And none of them, I’m happy to report, suffered any consequences as a result, as far as I know. I certainly have not received any salacious materials featuring their private acts. Thank goodness.

If ever someone tries to scare or intimidate you into performing some action, like paying a ransom, always give the threat extra scrutiny. Criminals are generally not an honest bunch.

Stay safe out there and have a great weekend.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Tech’s Russia-Iran takedown. Microsoft kicked things off Tuesday by reporting that it had recently squashed a Russian espionage scheme likely to target Senators and conservative think tanks. Facebook soon followed suit, revealing that it had removed more than 650 pages linked to Iranian and Russian political disinformation campaigns. Twitter and Google’s YouTube soon joined in, booting more profiles. FireEye, a cybersecurity firm, originally tipped off Facebook about the Iranians. Here’s an essay in Harvard Business Review about what the news means for business.

Studying for midterms. The tech giants, many mentioned above, convened a closed-door, cybersecurity-themed meeting on Friday to discuss ways to prepare for the upcoming midterm elections in the U.S., a time when bad actors will surely be abusing their platforms to spread misinformation and wage attacks. Meanwhile, America’s spies are apparently in the dark about Russia’s intentions for the next election. Alex Stamos, Facebook’s former chief security officer, wrote up a 4-point plan for securing the 2020 election, arguing that it’s already too late for 2018. Ah, well.

Don’t feed the trolls. Earlier this year, Facebook CEO Mark Zuckerberg invited social media academics over to his house for a series of off-the-record dinners where they discussed content moderation—the root of many of the social network’s woes. It’s a hard problem, and one that experts say may have no tidy solution. Vice Motherboard has a solidly reported deep-dive on this here.

Press released. The Verge has a detailed feature that brings you inside a lucrative insider trading crime ring that involved hacking online repositories of corporate information. The hackers wormed their way inside press release clearinghouses, like Business Wire, PR Newswire and Marketwired, where they gleaned non-yet-public information they could exploit in stock markets. As The Verge writes, “In all, the case would later be described by the FBI as the largest known computer hacking and securities fraud in the world.”

Breach round-up. T-Mobile disclosed late Thursday that hackers made off with data on 2 million customers, including names, email addresses, billing information, and hashed passwords. A voter profiling firm left a database containing information on 18 million Texans unsecured and open to the Internet. And the Democratic National Committee—on high alert after its last email-pilfering fiasco—thought it was under attack again, but that turned out to be a false alarm.

Bang! Bang! Armie Hammer came down upon her head.

Also, hacking isn’t child’s play.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

When ship hits the fan. Last year Maersk, a Danish shipping giant, barely recovered from the world’s most devastating cyberattack, NotPetya. Wired’s latest cover story features a tick-tock account of how the computer-wiping worm crippled Maersk’s operations and cost the company about $300 million. Amazingly, Maersk found the key to its survival—the ability to reboot all its IT systems—in a single, remote office in Ghana, which had retained an unaffected copy of an all-important server system map. The office had been knocked offline thanks to an unplanned power outage, thereby shielding it from the NotPetya infection.

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind.

All across Maersk headquarters, the full scale of the crisis was starting to become clear. Within half an hour, Maersk employees were running down hallways, yelling to their colleagues to turn off computers or disconnect them from Maersk’s network before the malicious software could infect them, as it dawned on them that every minute could mean dozens or hundreds more corrupted PCs. Tech workers ran into conference rooms and unplugged machines in the middle of meetings. Soon staffers were hurdling over locked key-card gates, which had been paralyzed by the still-mysterious malware, to spread the warning to other sections of the building.

FORTUNE RECON

Apple Boots Facebook’s Onavo Protect From Its App Store Over Data Collection Fears by Lucas Laursen

Massive Study Finds Facebook Linked to Higher Rate of Hate Crimes in Germany by David Z. Morris

Russian Meddling? Kremlin Says It Doesn’t Understand What Facebook and Microsoft Are Talking About by Robert Hackett

Facebook Is Rating How Trustworthy You Are by Chris Morris

Google Faces Legal Woes After Location Tracking Revelations by Hallie Detrick

Police Nab Alleged Boss Behind Bitcoin Pyramid Scheme Bitconnect by Robert Hackett

Microsoft Adds End-to-End Encrypted Chat to Skype Using Signal by Glenn Fleishman

The Technology Schools Are Using to Keep Students Safe from Shootings by Carson Kessler

ONE MORE THING

My brother’s keeper. Here is a remarkable story of a woman who used Facebook to track down her brother’s killer 37 years after the murder took place. The suspect, an American man named Silas Boston, was believed to have murdered the young man and his girlfriend during a boat trip off the coast of Guatemala. If you’re interested in reading more about the case, Penny Farmer, the woman who cracked it, recounts her journey in a recently published book, Dead in the Water.