Are Bitcoin Bomb Threats A Serious Security Threat?
Users around the world have been receiving bitcoin extortion emails for a long time, one of the most notorious being a “sextortion” threat to show a computer-eye view of you watching adult videos to the world. The latest threat is more alarming: the sender claims to have a bomb planted at the recipient’s business. Financial institutions in New York began receiving bomb threat emails demanding payment of $20,000 in Bitcoin in early December.
New York City Police warned via Twitter that they were monitoring multiple bomb threats on December 13 and reports soon came in of threats emailed to Philadelphia, Las Vegas, Huntsville, Alabama, and Columbus, Ohio.
The subject line of most of these bitcoin scam emails is: “I advise you not to call the police.” Some emails received in Canada came with a subject line of “Think Twice.”
One copy of the email, which has been sent to multiple recipients, reads:
“My man carried a bomb (Hexogen) into the building where your company is located. …. I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat – I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.”
KrebsOnSecurity describes the emails as extremely disruptive spam. The emails have been received by thousands of governmental organizations, businesses, educational, and health care institutions around the world.
Hexogen is a chemical term for RDX, the explosive component in the military plastic explosive C-4.
What To Do If You Receive A Bitcoin Bomb Threat Email?
The National Cybersecurity and Communications Integration Center (NCCIC) released a bulletin about the emails on December 13. NCCIC recommends that if you receive the email:
Do not respond or try to contact the sender.
Do not pay the ransom.
Report the email to the FBI Internet Crime Complaint Center or the local FBI Field Office.
What Are The Risks With Bitcoin Bomb Threat Emails?
Bitcoin bomb threat emails are an obvious extortion scam. No bombs have gone off in any location where the threats have been received.
The scammers aren’t completely unsophisticated, although the threats are poorly-worded and no hacking is involved. Each email security experts have examined uses a different Bitcoin address to send the demanded payment. This is not quite as convincing as the “sextortion” emails, which included a real password that targets had used at some point in the past.
Paul Bischoff, a privacy advocate with Comparitech.com, said: “even though bomb threats are scary, this is amateur scamming.”
After multiple evacuations, the FBI and local police have failed to find any explosive devices. Most law enforcement officials termed the threats “not credible.”
The likelihood of a bomb being present in any building receiving the threat is low.
What Are The Real Costs Of The Bitcoin Bomb Threat Emails?
Scams like the “sextortion” emails and the rash of Bitcoin bomb threats threaten to dull awareness to concrete security threats. They also demand attention and safety precautions even though they are nearly 100% certain to be fake.
Multiple threats received in Toronto brought police out around the city and shut down the King subway station. Schools and colleges in New York and several other U.S. cities shut down early after receiving the threats.
The Bitcoin bomb threat extortion likely yielded no cryptocurrency for the scammers. Costs in law enforcement investigative time, lost instructional time at closed schools, and lost business at commercial locations which were forced to shut down add up to far more than what the scammers could hope to obtain from recipients who don’t follow NCCIC’s instructions.
Unlike the “sextortion” scams which were alarming but personal, Bitcoin bomb threat emails to organizations have to be taken seriously enough to confirm that employees and customers — or students, faculty and hospital staff and patients — are safe from harm.
The identical, amateurish emails are sent to thousands of targets, so in one sense, there’s safety in numbers. It’s highly unlikely any email scammer could plant C-4 explosives in thousands of locations around the world.
Bitcoin email bomb threats are very unlikely to be serious, real bomb threats, yet no organization can afford to take a bomb threat lightly. As long as they continue, they will remain a costly and aggravating nuisance.
“My passion for quality IT service is at the forefront of my career.”
Lance Skipper Client Engineer
“A day without laughter is a day wasted.”– Charlie Chaplin
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“Enabling IT to become an effective and valuable partner by delivering premier customer service and quality IT solutions achieving business goals.”
Jake Parrott Business Development Manager
“Striving to provide friendly and quality service to our customers”
Ted Rorabaugh Client Engineer
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“Striving to be your trusted adviser and IT teammate in accomplishing all your business goals”
Brandan Bishop Client Account Manager
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Helping customers get the most out of their IT Infrastructure.”
Marc Gillet Project Engineer
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Your satisfaction is our #1 priority.”
Heather Moore Project Manager
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.