A new sextortion email campaign has started over the weekend that pretends to be from the CIA and states that you are involved in an investigation into the distribution and storage or child pornography. The scammers then demand $10,000 in bitcoin or you will be arrested on April 8th, 2019 as part of an international law enforcement operation.
The emails that are being sent have a email subject of “Central Intelligence Agency – Case #49237856”, where the number is different for each email. Attached to the emails may be numerous images of the CIA seal.
The sender pretends to be a CIA technical collection offer who found your details listed in a case number that is associated with an international operation targeting 2,000 individuals dealing in child pornography. The email goes on to say that the sender will amend and remove the recipient’s details if they send $10,000 in bitcoin to a listed bitcoin address.
You can read the full text of these emails below:
Case #49237856 Distribution and storage of pornographic electronic materials involving underage children. My name is Devon Babin and I am a technical collection officer working for Central Intelligence Agency. It has come to my attention that your personal details including your email address (email@example.com) are listed in case #49237856. The following details are listed in the document's attachment: • Your personal details, • Home address, • Work address, • List of relatives and their contact information. Case #49237856 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries. The data which could be used to acquire your personal information: • Your ISP web browsing history, • DNS queries history and connection logs, • Deep web .onion browsing and/or connection sharing, • Online chat-room logs, • Social media activity log. The first arrests are scheduled for April 8, 2019. Why am I contacting you ? I read the documentation and I know you are a wealthy person who may be concerned about reputation. I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition. Transfer exactly $10,000 USD (ten thousand dollars - about 2.5 BTC) through Bitcoin network to this special bitcoin address: 3DAEVKMXxAXH5njM2CZoV4U7QdK7Sf6ZZZ You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files). Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you. Please do not contact me. I will contact you and confirm only when I see the valid transfer. Regards, Devon Babin Technical Collection Officer Directorate of Science and Technology Central Intelligence Agency
These emails are coming from addresses that contain the text ‘cia’, ‘gov’, and ‘ml’ to make them appear as if they come from a government domain. Some example names, email addresses, and associated bitcoin addresses that BleepingComputer has seen being used by this scam include:
|Sender Name||Sender Email||Bitcoin address|
MyOnlineSecurity.com, who told BleepingComputer about this new variant, also saw emails being sent using five other email addresses.
While past sextortion campaigns have generated a lot of revenue, it does not appear that anyone has made any payments associated with this new CIA sextortion campaign. This could be due to the very high price being asked for and that most people realize that the CIA would not be contacting them in this way.
It is important to stress that these emails are scams, numerous people have reported receiving them, the CIA is not investigating you (at least I hope not), and that you should not make any payments to the listed bitcoin addresses.
If you receive an email like this, just delete them. As scary as they sound, they are nothing more than a scam.