Sextortion via Hacking

At least 186 women and 44 girls were caught in a bizarre scheme by 31 year old Santa Ana CA resident Luis Mijangos who attempted to extort pornographic videos from his victims. Mijangos, a paraplegic due to a gang shooting, was arrested yesterday following a two year investigation by the FBI, is charged with extortion and faces a maximum of two years in federal prison.

The FBI originally became involved in 2009 when called in by the Glendale Police to look into the compliant of a woman who suspected she was being stalked by an ex-boyfriend. The FBI’s investigation led them to Mijangos. A forensic analysis performed showed cracking activity dating back to 2008.

The Scheme

Mijangos initially gained control of user’s PC’s using Trojans disguised as popular songs on Peer to Peer file sharing networks. Once he took control of the PC, he would search for sexually explicit photographs and financial information, and attempt to use what he found to further extort pornographic videos from his victims. Bizarre e-mails would come from [email protected] (he also went by Guicho) demanding sex tapes be made by the victims:

"I will publish the images and let your family know about your dark side … so you better do that video,
 send it to me via e-mail and you will never hear from me ever...If I don't hear from you then your family
 will hear from me,"
"You have three kids and a psycho ex but hat  I don't care if you don't want this pics and the rest I 
have from you to be published  this is what I want...A porn video of you 'you can blur your face;' 
if don't get the video ina day I will publish thse  images and let your family know about your 
dark side as a hooker"

In one case he sent a nude picture of the victim to her and demanded her silence and a pornographic video or he would tell her family. He would tell victims that since he controlled their computers, he would know if they tried to contact authorities.

At times he would post as the victim’s boyfriend and request the explicit content, when he succeeded he would request increasingly more explicit videos be made and sent to him under threat of releasing the previously sent images. Finally there is evidence that he used web cams and microphones attached to the compromised computers to watch his victims in various states of undress or during intimate activities. At least one 20 year old woman put a sticker over her web cam when it continually went on without her doing anything.

He also used keyloggers to gain access to social networking sites, e-mail, credit card numbers, and so forth to gain further information to perpetuate the scheme as well as make purchases. He sent malware via instant messenger to the contacts of his victims to infect more computers, tallying more than 100 infected in all.

Mijangos indicated he was a consultant with programming knowledge of both Java and C++, so at this point the authorities and media have dubbed him a “master hacker”. Mijangos himself has indicated he is part of a team of “international hackers” and told at least one victim you don’t want to mess with a team of hackers.

His Defense

Mjangos came up with his own bizarre explanation for his actions, that he was in fact hired by boyfriends and husbands to see if the women would respond to requests for pornographic materials, a sort of fidelity test similar to what a private investigator might do to find a cheating spouse. Interestingly, Mjangos was so stupid that he continued his illegal activities even after a search warrant was executed back in March of this year. When caught he had in his home dozens of videos showing victims in states of undress (leaving the shower, getting dressed, engaging in intercourse) as well as financial data including credit card numbers alongside TurboTax, T-Mobile, Netflix, Paypal, HSBC, and Chase Bank account information.

Mjangos is a Mexican national, thus the INS is also involved.

Finally

This case is not the first involving cyber-extortion, think back to the DDoS extortion threats made against web site operators, but it is unusual in that it was not money being requested. Its not clear to me why this man only faces two years in prison, and the charges are limited to extortion, when 44 of the victims were juveniles making this potentially a child pornography case also. Identify theft would also appear applicable.

Either way, this is a good example of the FBI showing an interest in a seemingly innocuous case, cyberstalking by an ex-boyfriend, that instead led to and nailed a pretty serious predator. Much like in the corporate environment, a lot can happen when you start to pull on a thread.

References

Filed Under: Malware

Tags: ,

Comments (3)

Trackback URL | Comments RSS Feed

  1. [...] This fellow had an interesting idea – use peer-to-peer networks to distribute remote control software to victims, then take over their computers and hunt for homemade porn. [...]

  2. meathive says:

    Interesting story that stands out from the normal crud.