"Hello, here is the message I found yesterday on my main messaging.There is indeed one of my passwords that I often use.Are there any risk of hacking my account?As I am a real quiche in the Internet and in computer science, I did not sleep at night ".On the Cnet forum.Fr, Petrus 33 worries.He received an email that at first sight looks like spam, but which has one of his passwords, and who tries to make him sing.

Concretely, here is the message in question: "I know xxx is your password.You don't know me and you are probably wondering why you receive this email, right?In fact, I placed malware on a website (pornographic) of adult videos and you know what, I know you have visited this website to have fun (you see what I mean).While you watch these videos, your internet browser started to operate like a RDP (remote PC) with a keylogger that allowed me to access your screen and your webcam.Then, my software obtained all your contacts From your Facebook Messenger, as well as the associated emails.What exactly did I do?I made a double-screen video.The first poster the video you watched (you have a good taste), and the second displays the recording From your webcam.What should you do ?Well, I think $ 2900 is a reasonable price for our little secret ".The author of the Email then provides a Bitcoin address, allowing to receive payments.And tells his recipient that it is not useful to answer him.

Hacking bogus but disturbing baratin

It almost feels like the nightmare episode "Shut Up and Dance!"de Black Mirror, who shows (attention, spoilers), among others, a hacker making a 20 -year -old Briton singed he filmed (pirating his webcam) masturbating in Front of porn.As Motherboard noted at the time, in 2017, hackers had already been inspired by this series to practice "sextrition".In England, according to the National Crime Agency, hackers would have made internet users sing by threatening to disclose videos of them ... not hacked, but obtained by pretending to be a woman, on a cochon dating site.Something quite basic, in short, having nothing to do with piracy.

But in the case that interests us, this time, Internet users who could be you and I received a message speaking to them of hacked webcam - which we all know is a real obsession for many, as it is easy indeedhack an integrated camera in a computer, or even in a smartphone.But rest assured: this whole story is entirely bogus.It is indeed a phishing scam (phishing), which consists in using the real passwords of people to make them sing, hoping that they have actually looked at porn, and in fine, that theywill believe their baratin.The facts told by Petrus 33 on our forum is not at all isolated: since early July, hundreds of Internet users, American, English and French (including a Friend of the author of these lines), have thus received the same email(translated into French, or in English), which we would immediately throw into the basket ... if it did not contain a real password.

Passwords and data leaks

How did these passwords find themselves in the hands of these scammers - apparently based in Russia (new eldorado of cybercriminals), if we believe the cross -checks of the blog "My Online Security"?According to computer security specialist Brian Krebs, these are often old passwords (sometimes, 10 years old), linked to forgotten accounts (although in the case of Petrus 33, it wasan “often used password”).A priori, little risks, therefore, to see all his hacked accounts by Domino effect ... unless the user uses this same password for other accounts, like the American journalist Mat Honan, all the accounts of whichhave been hacked for this reason.

The most likely reason is not that the recipients of these emails of “sextrusions” have been hacked ... but that their passwords are in databases, shared on the internet between Hackers on Sunday (especially on thefamous “dark web” that everyone talks about with terror), following massive data leaks.It is thus very possible that these passwords come From 4.6 million identifiers From the Snapchat messaging service, 453,427 Yahoo user accounts! Or even 167 million user passwords From LinkedIn, whichhave found themselves in nature in recent years, following the hacks of these sites (a blind hacking, therefore, and not targeting someone in particular), often poorly secure."The websites are not supposed to store the passwords in clear, but unfortunately, some do it again and ten years ago, it was even more common.Even when the sites store your passwords securely, cybercriminals with a list of chopped passwords can launch a dictionary attack on the stolen list, trying millions of the most likely passwords, foreach user ”, writes Sophos France, on his site.

The faults, the data leaks, the compromised accounts are legion, and that is why a site such as “have i been pwned” (“pwned”, which means “to be had” in English), has a baseof data made up of many of these millions of email addresses intercepted since 2012.To check if your email address and passwords are not one of those intercepted in the past, just enter it in the form, and also consult the list of compromise sites.Obviously, it is also possible that the people who have received these emails were really hacked personally - and in this case, the most obvious reason is that they used a too simple password, for example without figures, without capital letters,Or easy to guess.Keep in particular in mind that 123456 is the most used password in the world, alongside Qwerty/Azerty and ABC123…

Blindez (imperatively) your passwords

Sextrusion emails based mainly on the hope that people contacted will never have seen Black Mirror or are a little too naive, are ultimately, most likely, sent in automatic, or semi-automatic mode, via an easy-to-use scriptby “script kiddies”, in other words, beginner computer hackers, who use “kits” and programs developed by others.Now how to protect yourself From this kind of scam?And what to do, if you receive such an email?

First, obviously, do not panic, do not respond to the message received, do not pay the ransom, and do not open the potential attached attached pieces.Then, as the CNIL SUIRSA PAGE advises "React in the event of blackmail at the webcam", to make screenshots of the message in question, and to report the scam on Internet-Signalement.gouv.Fr.You will then have to change your passwords.All your passwords (from a computer other than yours, in case it is infected).Because two precautions are better than a.

Please note: you must obviously choose passwords that are difficult to pierce for hackers.To do this, here are some timeless tips to secure them.First of all, favor the passage by two factors authentication (confirmation of a password by another password received by SMS, for example), in order to arm things.Then create a different password by account, as far as possible. Ces mots de passe doivent être longs (12 caractères en moyenne), avec des caractères spéciaux, des majuscules, des minuscules et des chifFres.If you dry, Secure Passwords will generate unique and complex passwords for you.Other software allows you to automatically generate passwords, such as Random Password Generator.

You can also use “pass sentences”, even more difficult to “crack”, and easier to remember. Il suffit en fait de sélectionner quatre mots, sans rapport, qui forment ensemble une phrase n’ayant aucun sens - par exemple, “chevaux, batterie, trombone, ventilateur”, qui seront plus difficiles à déchifFrer qu’un mot de passe compliqué comme “xzv?75#b”. Vous prendrez évidemment soin de les entourer de chifFres et de symboles, ce qui donne dans notre exemple, "--13/chevaux/BATTERIE/trombone/VENTILATEUR/37--".

Si vous avez peur d’oublier un mot de passe (car en choisir un par compte peut s’avérer fatiguant pour votre mémoire), passez par un cofFre-fort de mots de passe, comme Keepass ou Dashlane, qui permettent en outre de générer des codes compliqués et uniques, et de les conserver.The only sine qua none condition to use such a service will obviously not forget the "master" password that allows access to all the others.If you have a doubt, you can still take a look at How Secure Is My Password, which allows you to test the solidity of your password.

Finally, last tips, common sense: update, regularly, your operating system;Use antivirus software (as well as a firewall, such as Comodo Firewall) on your computer;And ... cover your webcam as much as possible when you don't use it.Because it remains indeed piratable.And, one day or another, the bogus threats of which we are talking about above may well become real.You can always deactivate your webcam, by taking a look in the configuration panel, "peripheral and printers" section;But the most effective remains in fact the D system, which consists in covering "the eye" of the camera with a sticker.Thus, even the strongest IT pirate in the world or the most baratineur crook ever seen can run to have you.

Scotch the camera of his webcam: a false good idea?