Blackmailing Ashley Madison users for Bitcoin may be on the rise after a report last week noted that more users are starting to pay up on the demands.
Network security firm Cloudmark, Inc. Software Engineer and Research Analyst Toshiro Nishimura said that thousands may have been extracted from those seeking to buy the silence of only one particular blackmailer he had traced online.
Reports of Ashley Madison cheaters being blackmailed first emerged August 23, when it was reported that blackmailers are sending emails to users of the site saying that they will not expose their membership of the extra-marital affairs site in return for a specific Bitcoin payment, usually 1 Bitcoin plus a fraction of a Bitcoin, with the fraction acting as the identifier as to who was paying to not be exposed by the particular blackmailer.
The tracking of the particular blackmailer noted that the Bitcoin addresses were all different and freshly generated, meaning the user had no previous activity on the Bitcoin Blockchain that could be traced. However, unlike earlier reports, the emails consistently demanded “exactly 1.05” Bitcoins from their targets, allowing a search of the Bitcoin Blockchain to see how common payments of that exact amount were.
According to Nishimura, Cloudmark found 67 suspicious transactions totalling 70.35 BTC or approximately $15,814 within the extortion time frame of approximately four days paying 1.05 BTC to addresses, with no previous activity, and with two or fewer transaction outputs; the latter is important as it indicates the people making the payments were either new to Bitcoin, or as a good as new, a more likely profile for the victim of the extortion.
Of particular note, transactions matching the above pattern usually came in at a rate of approximately 5.3 per 100,000 transactions, versus 8.9 during the extortion period.
“For a spammer with pre-existing infrastructure and tools, this extortion campaign could have yielded a worthwhile sum for very little effort.,” Nishimura noted. “All the blackmailer had to do was download the Ashley Madison data, extract the email addresses, generate a Bitcoin address for each victim and send out the emails.”
Although it’s unlikely that many victims of this blackmail for Bitcoin scheme are likely to come forward and make formal complaints with law enforcement, if they do there may be hope in tracking down exactly who the blackmailer or blackmailers are.
“In order to go deeper into this analysis, the next step would be to follow the trail of Bitcoins leading to each suspicious address to see if they are connected on the Blockchain to each other or any other known suspicious addresses, Nishimura added. “Such analysis could potentially help law enforcement to deanonymize and pursue the perpetrators.”
If you’re an Ashley Madison user targeted by these sorts of extortion attempts our advice is simple: don’t pay up because it’s not as if the person targeting you can stop someone else exposing your cheating or attempted cheating via the site given the information is publicly available.