New Sextortion Email – Uses Central Intelligence Agency (CIA) seal to steal money in bitcoin

Sex email

A new sextortion email campaign began over the weekend, claiming to be from the CIA and saying that you are involved in a distribution and storage investigation or pornography of children. The scammers then claim $10,000 in bitcoin or you are arrested in an international legal enforcement operation on 8 April 2019.

E-mails sent have an e-mail subject “Central Intelligence Agency – Case # 49237856” where the number for each e – mail is different.

The sender claims to be a technical collection offering from the CIA that found your details in a case number associated with an international transaction targeting 2,000 people involved in child pornography. The email then tells the sender to modify and delete the details of the recipient if $10,000 Bitcoin is sent to a listed Bitcoin address.

Case #49237856

Distribution and storage of pornographic electronic materials involving underage children.

My name is Devon Babin and I am a technical collection officer working for Central Intelligence Agency.

It has come to my attention that your personal details including your email address (person@xxx.com) are listed in case #49237856.

The following details are listed in the document’s attachment:

• Your personal details,
• Home address,
• Work address,
• List of relatives and their contact information.

Case #49237856 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.

The data which could be used to acquire your personal information:

• Your ISP web browsing history,
• DNS queries history and connection logs,
• Deep web .onion browsing and/or connection sharing,
• Online chat-room logs,
• Social media activity log.

The first arrests are scheduled for April 8, 2019.

Why am I contacting you ?

I read the documentation and I know you are a wealthy person who may be concerned about reputation.

I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition.

Transfer exactly $10,000 USD (ten thousand dollars – about 2.5 BTC) through Bitcoin network to this special bitcoin address:

3DAEVKMXxAXH5njM2CZoV4U7QdK7Sf6ZZZ

You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files).

Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you.

Please do not contact me. I will contact you and confirm only when I see the valid transfer.

Regards,
Devon Babin
Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency


Some of the other email that I have seen include:

carissa_howe@wpho.cia-gov-int.tk
yasmin.luther@mraf.cia-gov-int.gq
harmonycreighton@gfme.cia-gov-int.ga
carlynblaine@qcbu.cia-gov.tk
evalyn-vetter@hdic.cia-gov.cf

Other Bitcoin addresses in the emails include:

34TieKvg9Lpf5pSSWGaNvj1FbxY232aFAW
3Hu6RfvmeW1WM4yNisWmJhXzSjAbeaWK7n
33KEtZ8drCJTzh7z5yNLhK9s8bApRvsZS9
3JcBBN2bR9g5uW69ADWsjF8d7dKnZeW55x
3Gpte8gnfZV3qWgQgRWDqZLkUQZa4ToxQS

This is the new variant, as defined by MyOnlineSecurity.com, when emails are sent with five other email addresses.
Although past sextortion campaigns generated a lot of income, it seems no one made payments for this new CIA sextortion campaign. This could be because of the very high price that is being requested and because most people realize that CIA does not contact them in this way.

It is important to emphasize that these email messages are scams, many people have notified them, that CIA doesn’t investigate (I hope not at least), and that you shouldn’t pay for the listed Bitcoin addresses.

If you receive such an email, just remove it. As frightening as it sounds, it’s nothing more than a scam.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.