There’s nothing like a US Presidential election to bring out the crazies. Case in point: an imaginative blackmail attempt against candidate Mitt Romney, requesting a million dollars to prevent his tax returns from being released to the public. However, this attack is no run of the mill blackmail scam, and even if it’s a hoax (which is likely), it’s not even an ordinary hoax. The perpetrator’s imaginative use of technology combined with social engineering puts a new twist on the old con. Call this Cyberblackmail.
What makes this story interesting from the techie’s perspective is its novel use of various technology components to mount an attack that may succeed, even if it’s a hoax. Encryption keys, flash drives, and a request for Bitcoin all indicate the perpetrator is conversant with the tools of the hacker trade. The demand for money from both people who want to keep Romney’s returns hidden as well as from others who want them to be made public shows an unusual level of chutzpah—as does the publication of the threat. After all, blackmailers usually keep their threats a secret between them and their mark.
And yet, the specifics of the blackmail strain our credulity. True, the perp has some suspiciously detailed information about where Romney stored his returns, but that information is likely nothing more than a product of an overactive imagination. And yet, we’re tempted to contribute to the blackmailer’s cause nevertheless.
And there’s the important lesson here: Cyberattacks are more about people than technology. This perp’s story is just good enough that he (or she?) might actually make some money. Then again, the Secret Service is after him, so he may end up the loser in the end. But if all anyone needs to mount a lucrative Cyberattack is a bit of hard-to-find information, a couple flash drives, and plenty of chutzpah, then all the technical countermeasures in the world won’t protect us.