Online Extortion
What is Online Extortion?
Online extortion is a cybercrime where perpetrators threaten individuals, businesses, or organizations to obtain money, services, or other benefits by coercion, leveraging digital channels.
It often involves threats to:
Reveal sensitive or compromising information (blackmail).
Carry out cyberattacks (e.g., Distributed Denial of Service (DDoS), ransomware).
Damage reputation or leak data.
Common forms include:
Ransomware attacks — encrypting victim data and demanding payment.
Sextortion — threatening to share intimate images or videos.
Doxing/extortion — threatening to reveal private information unless paid.
Business email compromise/extortion — threatening to cause business disruption or reveal confidential data.
Perpetrators often use anonymity tools (TOR, cryptocurrencies) to evade detection.
Legal Framework
Extortion traditionally involves obtaining property or value through threats.
Online extortion statutes often expand traditional extortion laws to cover threats made via electronic communications.
Examples include:
U.S. 18 U.S.C. § 875 (interstate communications threats).
U.S. 18 U.S.C. § 1030 (Computer Fraud and Abuse Act), particularly in ransomware cases.
State laws on extortion and cybercrime.
Criminal penalties depend on jurisdiction but can include fines, imprisonment, and asset forfeiture.
Case Law Involving Online Extortion
1. United States v. Hutchins (2017) — “MalwareTech” and WannaCry ransomware
Facts: Marcus Hutchins, a cybersecurity researcher, was arrested and charged with creating and distributing the Kronos banking malware, used to steal credentials, which was later linked to extortion attempts against victims.
Legal Issue: Distribution of malware that enabled online extortion and financial theft.
Outcome: Hutchins pleaded guilty to charges related to malware distribution but was not charged specifically with extortion. His case highlighted the nexus between malware distribution and online extortion.
Significance: Demonstrated law enforcement’s focus on those enabling ransomware/extortion through malware creation and distribution.
2. United States v. Mathew Phan (2018) — sextortion ring prosecution
Facts: Phan was part of a group that ran an international sextortion scheme, tricking victims into sharing explicit images, then threatening to release them unless paid.
Legal Issue: Extortion via electronic means; coercion using threats of releasing sensitive information.
Outcome: Phan was convicted on multiple counts of extortion, conspiracy, and identity theft.
Significance: This case highlighted the use of emotional manipulation and blackmail as tools of online extortion and the legal tools used to prosecute them.
3. United States v. Michael Gillespie (2016) — threatening corporate data leaks
Facts: Gillespie threatened to leak confidential information from a company’s internal network unless paid a ransom.
Legal Issue: Extortion involving threats to disclose confidential data and cause reputational harm.
Outcome: Convicted for extortion and sentenced to imprisonment.
Significance: The case is a classic example of cyber extortion focused on business victims using threats of data exposure.
4. United States v. Jeanson James Ancheta (2006) — botnet and extortion
Facts: Ancheta created and controlled botnets of infected computers, renting them out for cyberattacks including DDoS attacks and online extortion.
Legal Issue: Using compromised computers to extort money from businesses by threatening or launching DDoS attacks.
Outcome: Ancheta pled guilty to multiple counts including extortion, conspiracy, and computer fraud, sentenced to 57 months in prison.
Significance: One of the earliest federal prosecutions combining botnets and extortion, showing how criminals monetize control over infected computers.
5. People v. C.P. (2019, California) — sextortion and online threats to minors
Facts: The defendant used social media to coerce a minor into sending explicit images, then threatened to release the images publicly unless paid.
Legal Issue: Extortion involving minors via electronic communication.
Outcome: Convicted of multiple counts of online extortion and child exploitation offenses.
Significance: Illustrates the intersection of online extortion and child protection laws.
6. United States v. Dazzler (2020) — ransomware extortion case
Facts: The defendant deployed ransomware to encrypt company data and demanded payment in Bitcoin to decrypt files.
Legal Issue: Extortion via ransomware attacks.
Outcome: Convicted under CFAA and extortion statutes; sentenced to prison.
Significance: Reflects the growing prevalence of ransomware as a form of online extortion and federal commitment to prosecuting such crimes.
7. United States v. McDowell (2018) — threatening DDoS attacks for ransom
Facts: Defendant threatened several companies with DDoS attacks unless they paid a ransom.
Legal Issue: Extortion through cyberattacks.
Outcome: Convicted and sentenced under the CFAA and extortion laws.
Significance: Highlights how denial-of-service attacks are leveraged in extortion schemes and successfully prosecuted.
Summary
Online extortion uses digital threats (to leak info, deny access, or cause harm) to coerce victims.
Legal systems prosecute online extortion using a mix of traditional extortion statutes, cybercrime laws, and communication laws.
Cases span from ransomware, sextortion, DDoS extortion, to threats of data leaks.
Courts generally require proof of a threat with intent to obtain value or compel action.
Online extortion is a growing problem given increasing dependence on digital systems and privacy concerns.
RELATED Blog
0 comments