Users around the world have been receiving bitcoin extortion emails for a long time, one of the most notorious being a “sextortion” threat to show a computer-eye view of you watching adult videos to the world. The latest threat is more alarming: the sender claims to have a bomb planted at the recipient’s business. Financial institutions in New York began receiving bomb threat emails demanding payment of $20,000 in Bitcoin in early December.
New York City Police warned via Twitter that they were monitoring multiple bomb threats on December 13 and reports soon came in of threats emailed to Philadelphia, Las Vegas, Huntsville, Alabama, and Columbus, Ohio.
The subject line of most of these bitcoin scam emails is: “I advise you not to call the police.” Some emails received in Canada came with a subject line of “Think Twice.”
One copy of the email, which has been sent to multiple recipients, reads:
“My man carried a bomb (Hexogen) into the building where your company is located. …. I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat – I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.”
KrebsOnSecurity describes the emails as extremely disruptive spam. The emails have been received by thousands of governmental organizations, businesses, educational, and health care institutions around the world.
Hexogen is a chemical term for RDX, the explosive component in the military plastic explosive C-4.
The National Cybersecurity and Communications Integration Center (NCCIC) released a bulletin about the emails on December 13. NCCIC recommends that if you receive the email:
Bitcoin bomb threat emails are an obvious extortion scam. No bombs have gone off in any location where the threats have been received.
The scammers aren’t completely unsophisticated, although the threats are poorly-worded and no hacking is involved. Each email security experts have examined uses a different Bitcoin address to send the demanded payment. This is not quite as convincing as the “sextortion” emails, which included a real password that targets had used at some point in the past.
Paul Bischoff, a privacy advocate with Comparitech.com, said: “even though bomb threats are scary, this is amateur scamming.”
After multiple evacuations, the FBI and local police have failed to find any explosive devices. Most law enforcement officials termed the threats “not credible.”
The likelihood of a bomb being present in any building receiving the threat is low.
Scams like the “sextortion” emails and the rash of Bitcoin bomb threats threaten to dull awareness to concrete security threats. They also demand attention and safety precautions even though they are nearly 100% certain to be fake.
Multiple threats received in Toronto brought police out around the city and shut down the King subway station. Schools and colleges in New York and several other U.S. cities shut down early after receiving the threats.
The Bitcoin bomb threat extortion likely yielded no cryptocurrency for the scammers. Costs in law enforcement investigative time, lost instructional time at closed schools, and lost business at commercial locations which were forced to shut down add up to far more than what the scammers could hope to obtain from recipients who don’t follow NCCIC’s instructions.
Unlike the “sextortion” scams which were alarming but personal, Bitcoin bomb threat emails to organizations have to be taken seriously enough to confirm that employees and customers — or students, faculty and hospital staff and patients — are safe from harm.
The identical, amateurish emails are sent to thousands of targets, so in one sense, there’s safety in numbers. It’s highly unlikely any email scammer could plant C-4 explosives in thousands of locations around the world.
Bitcoin email bomb threats are very unlikely to be serious, real bomb threats, yet no organization can afford to take a bomb threat lightly. As long as they continue, they will remain a costly and aggravating nuisance.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.