Some blackmail attempts against victims of the ongoing Ashley Madison saga resulted in several – albeit modest – pay outs, according to new research.
Extortionists seized on the data dump of the cheaters’ website database last month with demands to pay up, or risk having their friends and family told about their dalliances, as previously reported.
An unknown group or individuals (probably unrelated to the self-styled Impact Team who pulled off the hack) sent extortion emails demanding Bitcoin for silence.
Toshiro Nishimura, research analyst at spam filtering firm Cloudmark, began investigating whether any payments had actually been made by looking at signs on the Bitcoin blockchain.
He first determined that a sample of Bitcoin addresses used to send extortionate demands were all freshly minted. This is an unsurprising discovery by itself but it did mean that some potential avenues of further inquiry were blocked off.
All the scam emails consistently demanded “exactly 1.05” BTC from their victims, so Nishimura searched the blockchain for transactions paying exactly that amount to infer if such extortion demands were being paid.
He found 67 suspicious transactions totalling 70.35 BTC or approximately $15,814 within the extortion time frame of approximately four days. Each transaction involved a payment of 1.05 BTC to addresses with no previous activity, and with two or fewer transaction outputs.
The latter restriction was designed to weed out simple one-to-one payments.
In the three months prior to start of the AshMad-related extortionate emails on 22 August, Cloudmark saw transactions matching the above pattern at a rate of approximately 5.3 per 100,000 transactions, versus 8.9 during the extortion period. This is more than a statistical glitch, according to Nishimura.
“We can strongly reject the null hypothesis that the incidence of matching transactions during the extortion period followed a Poisson distribution at the historical rate, thus allowing us to infer that perhaps the 40 per cent of the 67 transactions totalling approximately $6,400 may be attributable to victims paying the blackmail,” Nishimura concludes in a blog post.
Nishimura adds a caveat that his findings are far from conclusive and, in any case, incomplete. Future work could involve following the trail of Bitcoins leading to each suspicious address to see if they are connected on the blockchain to each other, or any other known suspicious addresses. “Such analysis could potentially help law enforcement to de-anonymise and pursue the perpetrators,” according to Nishimura.
The Cloudmark security expert theorises that the whole Ashley Madison email extortion scam may be the brainchild of an opportunistic professional spammer or spammers(s).
“For a spammer with pre-existing infrastructure and tools, this extortion campaign could have yielded a worthwhile sum for very little effort,” Nishimura argues.
“All the blackmailer had to do was download the Ashley Madison data, extract the email addresses, generate a Bitcoin address for each victim and send out the emails,” he added. ®