How much have Ashley Madison customers been blackmailed for since their personal data was leaked last month? One cybersecurity firm thinks it might have the answer.
In a 1st September blog post from network security firm CloudMark, software engineer and research analyst Toshiro Nishimura suggested that as much as $6,400 may have been extracted from those seeking to buy the silence of the blackmailer.
CoinDesk reported last month that customers Ashley Madison, a website that advertised itself as a platform for infidelity, were receiving blackmail threats by email that contained personal information derived from the cache of released information.
Nishimura said the team tracked bitcoin payments around the time the blackmail threats emerged using blockchain analysis. The process looked for payments with bitcoin amounts consistent with the demands they reviewed – for 1.05 BTC – and showed little transaction history prior to the period.
Nishimura wrote of the findings:
“We found 67 suspicious transactions totaling 70.35 BTC or approximately $15,814 USD within the extortion time frame of approximately four days paying 1.05 BTC to addresses, with no previous activity, and with two or fewer transaction outputs…. (We conservatively restricted ourselves to ordinary transactions with two or less outputs, thus excluding those which were less likely to be simple one-to-one payments.)”
Nishimura – who tempered his post by saying that the results are not as yet conclusive – went on to say that those conducting the blackmail attempts stand to benefit given the free cost of exploitable information and the cheap resources – an email and a bitcoin address – required.
He also speculated that, in the future, blackmailers may seek to further obfuscate their efforts in order to avoid identification, which he suggested could be achieved by tracing the addresses used in the blackmail emails.
“Since this search would not have been possible without the consistent extortion amount, we suspect that future attempts at Bitcoin-based blackmail will randomize the amount they demand,” he wrote.
MILLIONS OF ASHLEY Madison customers had their personal information leaked in a hack of the site, and now blackmailers are making big money using the data.
The Register reports that researchers have been able to track payments online that were sent using the virtual currency bitcoin.
Cloudmark analyst Toshiro Nishimura looked into bitcoin addresses that were included in emails sent to victims of the Ashley Madison hack. Blackmailers have been contacting users of the site promising to remove their data from the internet, or threatening to send it to their relatives or colleagues.