Sextortion Victim Fights Back
We don’t seem to get a lot of good news when it comes to cybersecurity. Here is one good story.
Katie Yates received some nude photos of a friend, Natalie Claus (normally we don’t use names, but these women are working hard to make a point that there is nothing to be ashamed of and that you can fight back). In her case, she knew exactly what to do.
Claus had become a victim of a sextortion attack when both women were college students in New York.
The reason Yates knew what to do was that months earlier she had been a victim of sexual assault. After reporting it, she started receiving abusive messages on social media. Not getting any support from the people in charge at her college, she went off on her own to find the criminal.
Claus’s hacker posed as Snapchat security to con his victims (note: do not assume people are who they say they are).
The problem started when a friend of Claus’s asked her for her snapchat password under a flimsy disguise of seeing if someone was blocking the friend (note: do not do that!).
Then the con artist posed as Snapchat security and asked her for the password to her “my eyes only” folder where her nude pictures were. (note: don’t ever do this). The excuse for this was even weaker; something about verifying the victim’s account had been legitimately accessed.
Then the hacker rinses and repeats with a new victim. And there were many.
Yates decided to fight back and sent Claus a (fake) message that she had nude pictures to share with a link to a webpage.
In this case the stalker was stupid and accessed the web page without any anonymization software, so they were able to capture his real IP and location (Manhattan) at the time.
With this information, she went to campus police who went to the New York State Police who went to the FBI. Really, pretty convoluted but it worked.
The tip led to the hacker’s arrest and jail time. Not a lot – 6 months – but still a small win.
The fundamental problem here was that she trusted people. While we want people to trust, that can be very dangerous on the Internet when you have no idea who you are trusting. In this case, she could have contacted these people by voice or met with them IRL (in real life) to validate what was going on.
A learning lesson for all involved and by the fact that she was willing to go public (Google her name and you will see a number of articles about this) hopefully will stop other people from being victimized. Credit: Malwarebytes
If you need help dealing with a situation like this, please contact us.