The following report was originally posted online on the document-sharing website Scribd.
AFOSI SPECIAL PRODUCT
- 5 pages
- For Official Use Only
- February 11, 2013
(U) This Special Product was produced in response to reports of Department of Defense (DoD) personnel becoming victims of internet-based extortion scams known as sextortion. Its purpose is to inform United States Air Force (USAF) personnel of this new online scam and offer mitigating steps that can reduce the chances of becoming a victim.
(U) INTRODUCTION
(U) Cyber criminals are continually developing new online scams to take advantage of the unsuspecting public. One of the most recent is cyber sextortion. Cyber sextortion generally refers to an act of using sexual images (obtained either through enticement or malicious code) in order to extort money from unsuspecting victims.
(U) Reporting across Military Services indicates that DoD personnel have been subjected mainly to webcam sextortion scams. DoD personnel were enticed to engage in online sexual activities which were secretly recorded; money was then extorted from the victims in order to prevent the release of compromising video material. Reported instances of sextortion involving DoD personnel suggests that many of the perpetrators originate from the Philippines. It is currently unclear whether perpetrators are specifically targeting US military members or whether DoD and USAF personnel are merely victims of a scam directed at the general public. Nonetheless, USAF personnel should be vigilant about protecting their personal information online and refrain from engaging in sexual activities through the internet that may potentially make them vulnerable to extortion.
(U) MECHANICS OF SEXTORTION SCAMS
(U) Cyber criminals involved in sextortion scams generally pose as attractive females seeking friendly conversation. They approach potential victims in chat rooms, popular dating websites, and social networking sites by initiating written/text communication in an attempt to befriend them. To convince an unsuspecting individual the person they are about to befriend is real, the perpetrator posts fictitious information about themselves (usually age, location, and multiple photos of the same person) to help establish legitimacy.
(U) Once the victim has accepted the perpetrator’s friendship invitation, the “online relationship” commences and perpetrators quickly change the nature of the conversation from friendly to sexual. At this point victims are invited to participate in live video communication and are lured into cybersex activities.
(U) In many cases perpetrators enact sexually explicit poses or engage in masturbation to entice the victim to reciprocate. Perpetrators then inform unsuspecting victims that their online sexual activities have been recorded. The perpetrator subsequently threatens to upload the contents on various websites (YouTube, Facebook, heterosexual and homosexual porn sites, etc.) or distribute it to the victims’ family, friends, or coworkers unless financial payment is made. In some instances victims were forced to purchase a subscription to pornographic websites. Those websites provide financial incentives similar to “referral fees” for perpetrators who coerce victims to sign up for the service.
(U) Monetary demands placed on the victims have averaged around several hundred dollars (US$) per person. In one case, however, law enforcement authorities in Singapore broke up a sextortion ring responsible for extorting upward of US$90,000 from a single victim over a 9-month time period. The authorities suspected the same group deprived another individual of nearly US$100,000 by threating to make victim’s cybersex activities public.
(U) SEXTORTION CASES INVOLVING DOD MEMBERS
(U) Currently it is not known how many DoD personnel have been victimized by this type of online sextortion scam. In November 2012, Facebook’s security team—the world’s largest social networking site—identified a major sextortion ring operating out of Naga City, Philippines. The ring, involving 21 employees of the Philippine-based company MoneyMaker Portal Web Solutions, reportedly targeted hundreds of US Army and Navy members for a period over one year. It is unknown how many DoD members were actually victimized by this ring. Less dramatic examples of cyber criminals targeting DoD members through these types of scams have been observed by all Military Criminal Investigative Organizations.
(U//FOUO) A recent Naval Criminal Investigative Service (NCIS) report focusing on this type of online scam identified four cases (two on Guam, one in Japan, and one in Bahrain) involving Navy members between August 2012 and November 2012. In all instances, Department of the Navy personnel were lured into online sexual activity that was secretly recorded, and were subsequently threatened with exposure if payment was not made. The United States Army Criminal Investigation Command (USACIDC) also reported a total of three cases from South Korea, Germany, and Texas, of Army members who were recently victimized. In all cases, victims engaged in consensual cybersex activities that were secretly recorded and subsequently used to extort money from them.6 AFOSI has also received multiple reports indicating that USAF personnel have been subjected to sextortion scams. Multiple incidents of sextortion involving USAF members were reported in Japan, South Korea and Alaska, one in Portugal, and one on Guam.