Meh

Meh (/mɛ/) is an interjection used as an expression of indifference or boredom. It is often regarded as a verbal equivalent of a shrug of the shoulders. The use of the term "meh" shows that the speaker is apathetic, uninterested, or indifferent to the question or subject at hand. It is occasionally used as an adjective, meaning something is mediocre or unremarkable.[1]

OUI

An organizationally unique identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization.

OUIs are purchased from the Institute of Electrical and Electronics Engineers (IEEE) Registration Authority by the assignee (IEEE term for the vendor, manufacturer, or other organization). They are used to uniquely identify a particular piece of equipment through derived identifiers such as MAC addresses,[1][2] Subnetwork Access Protocol protocol identifiers, World Wide Names for Fibre Channel devices.[3]

In MAC addresses, the OUI is combined with a 24-bit number (assigned by the assignee of the OUI) to form the address. The first three octets of the address are the OUI.

http://standards-oui.ieee.org/oui.txt

sextortion

sextortion.jpg

https://www.bitcoin-spam.com/abuse/bitcoin/

https://www.bitcoinabuse.com

Sextortion Bitcoin scam makes unwelcome return

Posted: February 11, 2019 by Christopher Boyd

Heads up: a particularly nasty sextortion Bitcoin scam from at least the middle of 2018 is making the rounds once again.

The scam involves making use of old breach dumps, then emailing someone from the list and reminding them of their old password.

When something lands in your mailbox with “Hey, remember this?” it’s a surefire way to focus the reader’s attention. Pressure is then applied to start sending over some Bitcoin…or else.

What is the threat being made?

The generally accepted theory is that the scammer digs up personally identifiable information from old data breaches, including email addresses and passwords, plugs it into some sort of automated script, and then fires out thousands of emails.

Those mails reach people from said breach, and they then see talk of somebody “knowing” their login details. That’s then used as leverage to claim the attacker has access to their PC, files, folders, webcams, browsing history—in a nutshell, anything personal and sensitive. The scarier they can make it sound, the better. In fact, one of the more eye-popping claims is that the scammer has video of the user viewing adult websites, and they will share this video with all the user’s contacts unless they pony up and pay a Bitcoin ransom.

And in classic ransomware fashion, there’s typically a ticking clock. Giving users a short time limit to deliver the payment is social engineering at its finest.

What next?

The recipient may well have a panic attack, that’s what. To be suddenly confronted with an ancient (but potentially still active) password is certainly going to give a bit of a shock to the system. It’s at this point the confusion sets in, as they start to wonder what on Earth the attacker has. Did they really see what they claimed to see? Do they actually have video footage? What other potentially embarrassing (or worse) content could they use to extort and blackmail?

What do they really have?

A large throne of lies, is what.

Yes, they have your password from a long time ago.

No, they do not have access to your computer. And no, even if you were checking out adult sites, they don’t have video of you doing so.

What they might have is access to your email account associated with the breach, if you haven’t changed the password since it took place. They could also potentially start trying to log into other accounts you have with the same password. If this is the case, you should fire up a password manager and get to work changing things.

In fact, you should do that if you share passwords across accounts in any case.

Okay, back to the scam.

What does the email say?

It’s a fairly standard template, and hunting for portions of the below mail will throw up any number of hits in Google and other search engines.

Click to enlarge

The email reads as follows:

I am well aware [REDACTED] is your pass words. Lets get right to point. Neither anyone has paid me to investigate you. You may not know me and you are probably thinking why you’re getting this e-mail? 

actually, i installed a software on the adult videos (pornographic material) web-site and do you know what, you visited this website to have fun (you know what i mean). While you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as email . after that i created a double video. 1st part displays the video you were viewing (you’ve got a nice taste haha), and next part shows the recording of your cam, yeah its you. 

You have not one but two choices. Shall we read up on these options in aspects: 

First alternative is to just ignore this message. in such a case, i am going to send out your actual video to every single one of your personal contacts and think regarding the awkwardness you will definitely get. and definitely if you happen to be in a loving relationship, how it would affect? 

Number 2 solution is to pay me $889. Lets name it as a donation. in this situation, i most certainly will asap remove your video footage. You could carry on daily life like this never occurred and you surely will never hear back again from me.

You’ll make the payment through Bi‌tco‌in (if you don’t know this, search for ‘how to buy b‌itcoi‌n’ in Google). 

B‌T‌C‌ ad‌dre‌ss to send to: [REDACTED]

[CaSe sensitive, copy & paste it] 

if you are wondering about going to the law enforcement officials, well, this message can not be traced back to me. I have dealt with my actions. i am also not attempting to demand a huge amount, i would like to be compensated. within this%} emaiQUNdkpeC [SIC] if i do not receive the ‌bi‌tco‌in‌, i will send your video recording to all of your contacts including family members, coworkers, and so forth. Having said that, if i receive the payment, i will erase the recording immediately. If you really want proof, reply Yup then i will send out your video to your 9 friends. This is a non-negotiable offer, so don’t waste mine time and yours by replying to this e mail.

That’s pretty sneaky

It is, and I’d be surprised if there aren’t many others waking up to emails identical to the above. Should you receive one yourself, do the following:

  1. Don’t panic. They absolutely do not have the keys to your computer.

  2. See if the email in question pops up over on Haveibeenpwned.

  3. See if your password does the same thing.

  4. At this point, you may have a fairly good idea which breach they grabbed your old login from, which is always useful information to have.

  5. Delete the email you were sent, and under no circumstances pay them a penny/dime/insert currency of choice here.

Scare tactics: an evil practice

The anonymous sender of these mails doesn’t care about the trauma they could cause at the other end. These missives would be particularly traumatic for anyone involved in (say) a revenge porn case previously. And make no mistake, generic Internet blackmail threats can kill.

If you’re able to report these mails for spam/abuse before deleting, do so. There’s a remote chance you could actually save someone’s life while making the Internet a little safer into the bargain.

ARD

Apple_Remote_Desktop_Logo.png

Apple Remote Desktop (ARD) is a Macintosh application produced by Apple Inc., first released on March 14, 2002, that replaced a similar product called Apple Network Assistant.  Aimed at computer administrators responsible for large numbers of computers and teachers who need to assist individuals or perform group demonstrations, Apple Remote Desktop allows users to remotely control or monitor other computers over a network.

Apple Remote Desktop

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually or quarterly, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor (ISA) that creates a Report on Compliance for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

File Transfer Protocol

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.

FTP is built on a client-server model architecture using separate control and data connections between the client and the server.[1] FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

The first FTP client applications were command-line programs developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems.[2][3] Many FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into productivity applications, such as HTML editors.