Sextortion Scam Run by Inmates Nets $560,000 from U.S. Service Members

Cybersecurity

On November 28 the Department of Justice (DOJ) unsealed the indictment of 15 persons as “Operation Surprise Party” – a “sextortion” ring which victimized 442 service members since 2015. The Naval Criminal Investigative Service (NCIS) noted that the service members were from the Army, Navy, Air Force and Marine Corps.

The Sextortion scam

And that is just what occurred according to the DOJ indictment.

A South Carolina inmate told one military service member victim that his minor “daughter” was traumatized by the victim’s sexually explicit messages that she needed money for counseling and medical bills – this inmate successfully extorted almost $30,000 from his victims in 2016 and 2017. The State, a South Carolina paper, noted that this inmate was serving time for murder, kidnapping and armed robbery and was not eligible for release until 2042.

Another South Carolina inmate, located in a separate State correctional institution, and four accomplies, are alleged to have successfully run sextortion scams which netted $80,000.

Though the unsealed DOJ indictment identifies 15 individuals, media is reporting  an additional 250 individuals under investigation.

How the sextortion scam worked

Sextortion is a cyber sexual extortion where the criminal leverages online sexual acts for financial gain or other forms of blackmail.

The inmates, using contraband cell phones from within South Carolina state correctional institutions, would pose as women aged 18-19 years of age on online dating sites. They would specifically target U.S. service members who had signed up on the various sites. The criminals, using nude photos of young women culled from the internet would begin sending photos to their target and solicit similar photos in return.

The next step involved the “reveal” where the inmate would claim that they were actually underage, or a “parent” would intervene and engage directly with the service member, or a third party “private investigator” would contact the victim. In every case the threat of revelation, publication, arrest and embarrassment was levied or implied, with a path to resolution involving the payment for silence, destruction of photos, etc.

Then like every cottage industry, multiple forms of payment were available.

The South Carolina inmates had the victims send to intermediaries money via MoneyGram, Western Union, Green Dot MoneyPak, PayPal and Walmart. The money would then be retrieved accomplices outside the prison, and a prepaid debit card would be acquired and the numbers passed to the prisoner for use inside the prison via their smartphone. The accomplices took their cut along the way.

So widespread was this “sextortion” scam within the South Carolina inmate population that in a separate case revealed in October, four individuals were arrested and indicted in South Carolina for similar sextortion scams. These four individuals, two from within the prison and their accomplices outside, netted $35,000 from as many as 15 victims in New York, Tennessee and Florida.

Army CID warning

The Army’s Criminal Investigation Command (CID) issued a caution in April 2018, warning the Army community to be wary of “sextortion” scams which were targeting service members. The caution noted that “To avoid falling prey to a sextorionist never send compromising photos or videos of yourself whether you know them or think you know them. Turn off your electronic devices and physically block web cameras when you are not using them.”

The April 2018 warning continued, “These criminals will try to get unsuspecting service members to engage in online sexual activities and then demand money or favors in exchange for not publicizing potentially embarrassing information or turning them over to law enforcement.”

Common Sense Advice?

The Army CID provides specific advice should you find yourself in the middle of the scam identified above:

If you meet a person on a legitimate online dating site there is very little chance that you are actually communicating with an underage person. It is therefore very unlikely that you sent or received child pornography or provided your images/videos to a minor. If you met someone online who later claims to be underage you should immediately cease all communications with that person and notify Army CID.

“It is important to also keep in mind that law enforcement, to include Army CID, will never agree not take legal action if you agree to pay [ransom] money to the alleged victim or to the alleged victim’s family. If law enforcement gets involved early on, there are investigative steps that may help identify the perpetrators responsible for victimizing Army personnel.”

Let’s not forget the Ashley Madison debacle which placed more than a few cleared personnel at risk when their infrastructure was hacked and compromised.

The solution here is simple: Don’t share explicit photos of yourself online.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity