US bitcoin bomb threat ransom scam looks like a hoax say FBI, cops

Extortion scheme gets national attention but not much in the way of funds

Police departments around the US say they've been apprised of emailed bomb threats seeking payment in cryptocurrency or else explosions will ensue.

On Thursday morning, the New York Police Department issued an advisory about an email message being circulated that threatens to detonate a bomb in the recipient's workplace unless a bitcoin payment is made.

"While this email has been sent to numerous locations, searches have been conducted and NO DEVICES have been found," the NYPD said via Twitter.

Two hours later, the NYPD said that, while it intends to respond to reports from individuals who have received this message, the threats do not appear to be credible.

Police in Chicago, Illinois, Montgomery County, Maryland, San Francisco, California, Los Angeles, California and Washington, DC, among others, have issued similar statements indicating the emailed threat has been distributed nationwide.

Though it looks to be highly unlikely that any explosives have been planted in conjunction with this bulk bomb mailing, the messages have nonetheless caused widespread disruption because some targeted organizations took precautionary actions such as evacuations or lockdowns.

On Thursday afternoon, the FBI issued a statement: "We are aware of recent bomb threats made in cities around the country, and we remain in touch with our law enforcement partners to provide assistance."

The federal law enforcement agency urged the public to remain vigilant and report suspicious activities that could threaten public safety. Given the mass distribution of these bomb threats, that's likely to mean a lot of incoming calls and messages.

George Duke-Cohan. Pic: National Crime Agency

Brit bomb hoax teen who fantasised about being a notorious hacker cops 3 years in jail


Screenshots of different threat message variants have been posted to Twitter and they include different bitcoin addresses where those targeted have been directed to send $20,000 in bitcoin.

The bomb threat notes we've reviewed begin with the sort of incorrect use of English common to online extortion and spam schemes: "There is an explosive device (Tetryl) in the building where your company is conducted."

Other messages posted online are similar but not identical, suggesting an attempt at A/B testing to figure out the most lucrative way to phrase the apparently empty threat.

Ironically, the campaign itself appears to have bombed: No transactions have been recorded yet, at least at the bitcoin addresses we checked.

The notes conclude with a disclaimer: "If an explosion occurred and the authorities notice this message: We arent [sic] a terrorist organization and dont [sic] take any responsibility for explosions in other buildings."

Investigators may not take the extortionists at their word, given that anti-terror laws are likely to make identifying and extraditing the culprits a bit easier. ®

Broader topics

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Europol arrests nine suspected of stealing 'several million' euros via phishing
    Victims lured into handing over online banking logins, police say

    Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.

    The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation.

    On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros.

    Continue reading

Biting the hand that feeds IT © 1998–2022