Online criminal traps female student of a higher education institute, gets her to secretly video nude pics of other students  Think before posting personal photographs on publicly accessible social media sites; experts warn of online ‘sextortion’ rackets    A young female student’s online texting and sharing of images with her boyfriend turned out to be [...]


I’ve got your nude picture

If ever you become a victim of cyber predators, immediately inform police

  • Online criminal traps female student of a higher education institute, gets her to secretly video nude pics of other students
  •  Think before posting personal photographs on publicly accessible social media sites; experts warn of online ‘sextortion’ rackets   
A young female student’s online texting and sharing of images with her boyfriend turned out to be a nightmare, when a hacker sent her a ransom demand, threatening that he would upload compromising content featuring her on to publicly accessible websites, if she did not comply.

The girl, a student of a higher education training institute, had exchanged nude images and videos with her boyfriend, unaware that a third party had gained access to her Facebook account. The hacker had demanded USD 10,000 and given her a deadline of several days to come up with the money.

The horrified student had appealed to the hacker that there was no way she could pay such a staggering amount. He had then offered her an alternative: she was a student of a training institute where hundreds of other girls also trained and studied. If she could send him nude images and videos of some of these other girls, there would be no need to pay, and her images would not be uploaded, he had told her. Feeling helpless, the student had used a hidden camera to record images and videos of her fellow students while they were in changing rooms and washrooms, sending a series of images and videos to the hacker, but he had kept on demanding more.

Realising that the hacker was not about to stop, the student and her boyfriend had gone to the police.

The complaint ended up with the Criminal Investigation Department’s Cyber Crime Unit (CCU). Detectives there had been able to eventually track down the hacker before he trapped more victims.

A senior detective said the hacker, after obtaining the images and visuals sent by the student, had contacted some of the girls featured in them and demanded money.

He added that if the student had contacted the police immediately, things would not have gone to the point where images of many other girls also fell into the hacker’s hands.

The case is one among an increasing number of social media complaints the special unit has to deal with. The unit received 1,300 social media complaints last year, while this year, there have been 829 complaints up until August. Most social media cybercrime victims are between the ages of 18 and 22, according to the police.

Experts say cyber criminals are able to easily execute their crimes because most victims unwittingly share personal details that allow criminals easy access to their accounts.

Two recent incidents of hackers taking over accounts of individuals using the social messaging app IMO and using them to sexually harass females, illustrate this point. In both instances, hackers had been able to gain access to the victims’ accounts by tricking them into disclosing their IMO registration code. Once the hacker has the code, he can take control of the user’s account, which would also give him access to their contact list. In one case, the hacker had even compromised accounts of actors, actresses, singers and even several ministers, using the accounts to target unsuspecting women and tricking them into sending nude pictures.

The CCU was eventually able to track down and arrest the hacker. He was a middle-aged businessman who sold electronic goods.

The CID's Cyber Crime Unit (CCU) detectives attending an inhouse workshop. Inset: Detectives on a cyber-crime busting operation.

At the time of his arrest, police said he had control of more than 150 IMO accounts and over 30 Facebook accounts.

The suspect wanted in connection with the other incident had targeted female university students, tricking them into sending nude photographs by impersonating their friends, and then blackmailing them with the images.

The Sri Lanka Computer Emergency Readiness Team Co-ordination Centre, commonly known as CERT, is another institution that deals with complaints related to cyber security.

“More than 80 percent of the social media complaints we receive are regarding fake FB accounts,” revealed Roshan Chandraguptha, Principal Information Security Engineer at CERT.

Some victims complain to CERT and some to the CID. There are also those who lodge complaints with both. For example, if a victim who wants to remove the fake account and also wants to track down those who had set them up, would complain to both CERT and the CID.

While there has been an increase in social media complaints over the years, the CERT official said it did not necessarily mean there was a sharp rise in cybercrime on social media. “We must remember that the number of active users goes up every day. Users are also becoming more knowledgeable of complaint mechanisms.”

CERT provides technical support to victims to recover their hacked Facebook account, if they had managed their security settings in a proper manner. Mr. Chandragupta said that according to the Computer Crime Act, logging into another person’s account is considered a crime, and as such, victims are also urged to lodge a police complaint if their accounts have fallen prey to a hacker.

The Sunday Times spoke to a female university student who had turned to CERT for help after a fake profile of hers appeared on Facebook. Pictures of hers that were publicly available had been used to set up the fake account. She had reported the profile to Facebook but it was still visible, the student said. CERT officials briefed her about alternative ways to report the fake profile to Facebook administrators.

Mr. Chandragupta cautioned that removing one fake account might not solve the problem entirely. “There is always the possibility that whoever created the fake account may set up another one.”

While fake Facebook accounts are generally used to harass individuals, cyber criminals also use various schemes to trick people into sharing personal information to carry out financial fraud. For example, a video might be shared on social media where those who click on the link are asked for sensitive information, such as their Facebook or Email passwords, in order to view the video. Or it may ask the user to instal a plugin (a software component to an existing computer programme) to view it. The plugin may turn out to be a ransomware or a keylogger. A ransomware is a type of malware that prevents users from accessing their system or personal files and demands a ransom to regain access. A keylogger, meanwhile, covertly records keywords the victims type on their computers, enabling those who created the keylogger to steal personal details such as passwords or credit card information, the CERT official explained.

CERT, too, has received complaints regarding those being blackmailed over social media regarding nude photos and videos. In some cases, individuals who claim to have such photos don’t actually do so, but the reputational damage and emotional distress they inflict on victims is considerable.

Mr. Chandragupta described one incident where a young girl was harassed by an individual who had set up a fake account and claimed he had nude photographs of her. He had demanded money not to release the images.

“The victim’s brother had corresponded with the blackmailer using her profile, in an attempt to find out about the images he claimed to have. The blackmailer had sent some images of a partially nude female, though her face was not visible. This led to much emotional distress for the girl and her family. The girl’s brother and parents blamed her, thinking she had sent some pictures to a former boyfriend and that these images were now being used for blackmail. When the complaint was made to CERT, officials had interviewed the victim separately from her family, and she had stressed that the images were not hers. “We were able to explain to the family that the images were not hers and they should not worry over this,” Mr. Chandragupta said.

“If you have sent such pictures to someone online, there is always the possibility they can be used against you at some stage. In certain court cases, it has been noted that nothing done on the internet is ever forgotten. Whatever you send gets stored somewhere. As such, the best protection is not to put yourself in such a position and be persuaded to send such images,” he observed.

There have also been about 10 complaints in recent times of overseas based cyber criminals who contact individuals on social media claiming that they have compromised their computers and have visuals of them watching pornographic videos. The criminals had demanded payment not to release the videos. Victims were asked to pay in the cryptocurrency ‘bitcoin.’ Most people in Sri Lanka, however, don’t have any idea of bitcoin and, as such, the blackmail attempts seem to have fizzled out, according to CERT.

Meanwhile, many people continue to fall prey to social media and messaging app scams that claim they have either won prizes or have a chance of doing so once they register. One recent ‘promotion’ on social media had claimed users stand to win a new iPhone in a raffle draw. They were redirected to a website and asked for personal details including credit card information to register. They were also asked to pay a registration fee of one US dollar. Sometime later, those who registered for the raffle draw had noticed that someone else was using their credit cards to make purchases, both overseas and in the country. “Several of the victims came to us to find out how this was happening. It was only when we questioned them whether they gave out their credit card details that they remembered registering for this raffle. We checked the web page in question and informed the hosting site that the page was being used for a scam. It was then taken down,” Mr. Chandragupta said.

In the end, the onus is on the users to take the maximum precautions possible to secure their personal data when using social media and the internet in general, the experts said.

Precautions to take when using social media sites
  • Avoid adding people who are unknown to you into your social media accounts. Most of these profiles are fake accounts.
  • Be cautious when you send friend requests to famous or popular individuals. Most of the time, these accounts are fake.
  • Never accept a friend request if the person is unknown to you. Sometimes the person may have a lot of mutual friends, but it may be worthwhile finding out how this individual is related to you before you add them.
  • Be proactive in protecting your privacy. Never send your personal details (name, address, telephone number, NIC number, driving licence, passport number or family member details) to individuals you do not know personally.
  • Make maximum use of privacy settings provided by social media websites. When uploading or publishing pictures or personal information on social media, make sure that such information can only be seen by friends and people you trust.
  • If anyone tries to violate your privacy or to destroy your online reputation, never hesitate to report such instances to the relevant authorities or block or deactivate such accounts if they belong to you.
  • Never expose your password to anyone.
  • Don’t overshare personal information, especially on social media sites.
  • Always tell a trusted party (family, parents, elders, teachers) if you are ever faced with an issue of personal privacy or security violation online. Depending on the severity of the situation, you could also consult organisations such as the Police or cyber-security incident handling institutions such as CERT

Source – CERT


Share This Post


Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.