It sounds scary, but it’s just another hoax, according to federal government officials.
A new scam that’s making the rounds on tech media today was only discovered yesterday by U.S. government agencies.
The U.S. National Cybersecurity and Communications Integration Center, an arm of the Department of Homeland Security, is sending out public awareness information, asking victims to inform the FBI instead of sending coins.
The actual message, which has been posted in its totality by Krebs on Security, shows an amateurish design and a strange predilection for the word ‘mercenary:’
“My mercenary keeps the building under the (sic) control. If he notices any unusual behavior or emergency, he will blow up the bomb – I can withdraw my mercenary if you pay. You pay me 20,000 in bitcoin and the bomb will not explode, but don’t try to cheat – I warrant you that I will withdraw my mercenary only after three confirmations in blockchain network.”
Reports at The Verge show that the U.S. is not the only place that this type of fraud is taking place. Other targets include parties in Canada, New Zealand and elsewhere. Hilariously, (notwithstanding the seriousness of this kind of criminal threat) Adi Robertson documents some of an anonymous scammer’s CYA behavior this way:
“Nothing personal, this is just a business …If the explosive device detonates and the authorities see this letter: We are not terrorists and dont [sic] assume any liability for explosions in other places.”
As for U.S. law enforcement offices, departments in Cedar Rapids, Iowa, Oklahoma City and other places have responded on Twitter, including this response by a Suffolk County Police Department:
“The Suffolk County Police Department has responded to at least 11 bomb threat incidents during which businesses, one school and one medical facility received an email demanding money. The threats are being investigated, but are deemed to be non-credible at this time.”
It’s not unusual for scammers to favor Bitcoin – many types of ransomware criminals are accepting their ransom payments in Bitcoin partially in order to shield themselves from exposure. Classically, it’s been thought that cryptocurrency provides the perfect cover for cybercriminals. However, this article by Neeraj Agrawal in CoinCenter last year shows why there is an Achilles’ heel in this type of master plan.
“There is an inherent problem with the choice to use cryptocurrency in this attack,” he writes. “The open, transparent, nature of bitcoin blockchain transactions means that the global community is closely watching the ransom money. This is going to make converting it into fiat currency pretty difficult to get away with.”
So there are barriers to scamming people through the Internet – but the blockchain is still being used in this ominous way.
As for threats of violence and other scary warnings that you see online, government agencies can provide advice, but in the end, that element of risk persists in the anonymous digital world. You can never know if every claim is a scam – but you know that 99% of them will be.