Prosecution Of Extortion Rackets Using Cyber Threats
Prosecution of Extortion Rackets Using Cyber Threats
Cyber extortion refers to criminal acts in which individuals or groups use digital means—emails, social media, ransomware, or hacking—to threaten victims and demand money, services, or other benefits. Legal systems worldwide prosecute cyber extortion under various statutes, such as:
Computer Misuse and Cybercrime Laws – unauthorized access, hacking, or malware deployment.
Extortion and Blackmail Statutes – threatening harm to property, reputation, or safety unless demands are met.
Ransomware-specific Provisions – some jurisdictions have introduced specific laws addressing ransomware payments and cyber blackmail.
Case 1: United States v. Hutchins (2017, USA)
Facts: Marcus Hutchins, a British hacker, was accused of creating and distributing the Kronos malware used for stealing banking credentials, which was also deployed in ransomware/extortion attacks.
Charges: Wire fraud, conspiracy to commit computer fraud, and aiding cyber extortion.
Verdict: Pleaded guilty to conspiracy to commit computer fraud; sentenced to time served and a fine.
Significance: Demonstrates that cyber extortion can involve malware creation and distribution, not just direct threats to victims. Courts treat digital tools facilitating extortion as criminal instruments.
Case 2: United States v. Cosme (2019, USA)
Facts: Cosme and associates targeted small businesses with ransomware attacks, demanding payments in cryptocurrency under threat of permanent data deletion.
Charges: Cyber extortion, wire fraud, computer intrusion, and conspiracy.
Verdict: Convicted and sentenced to over 5 years in prison.
Significance: Highlights the prosecution of ransomware-based extortion and the use of cryptocurrency in digital extortion schemes.
Case 3: United Kingdom – R v. S, 2018 (UK)
Facts: A cybercriminal sent threatening emails to multiple companies, claiming to have accessed sensitive customer data and demanding payment to prevent public release.
Charges: Blackmail under the Theft Act 1968, Computer Misuse Act 1990.
Verdict: Defendant convicted; sentenced to 4 years imprisonment.
Significance: Reinforced that threats to release private data online constitute blackmail/extortion under UK law.
Case 4: Europol Operation – The NetWalker Ransomware Group (2021, Europe)
Facts: NetWalker ransomware group infected hospitals, schools, and companies across Europe and demanded cryptocurrency payments, threatening to leak sensitive data.
Charges: Cyber extortion, computer misuse, money laundering.
Outcome: Coordinated arrests in multiple countries; servers seized and operations disrupted.
Significance: Demonstrates international cooperation in prosecuting cyber extortion, emphasizing cross-border investigations in digital crime.
Case 5: India – State v. Cyber Extortionists (Ransomware, 2020)
Facts: Hackers targeted small Indian IT firms with ransomware, threatening permanent data encryption unless payments were made.
Charges: Extortion under Indian Penal Code (IPC) Section 384, 385 (extortion and threat), and IT Act 2000 provisions for hacking.
Verdict: Arrests made; cyber forensic evidence used to link defendants to attacks. Sentences included imprisonment and fines.
Significance: Shows application of traditional extortion laws to cyber threats in combination with digital evidence under IT Act provisions.
Case 6: United States v. Marshall (2020, USA)
Facts: Marshall used phishing emails to threaten corporate employees, claiming he would release confidential internal documents unless payments were made.
Charges: Wire fraud, cyber extortion, identity theft.
Verdict: Convicted; sentenced to 7 years in prison.
Significance: Illustrates prosecution of targeted phishing and social engineering attacks as cyber extortion.
Case 7: Australia – R v. Lau (2021, Australia)
Facts: Lau deployed ransomware on several Australian SMEs, threatening data destruction and public exposure unless ransom was paid in Bitcoin.
Charges: Extortion under Criminal Code, Unauthorized access to computer material.
Verdict: Convicted and sentenced to 6 years imprisonment.
Significance: Highlights Australian application of cybercrime laws for extortion, showing that ransom threats qualify as criminal extortion.
Case 8: Hong Kong – Cyber Blackmail Case (2022)
Facts: Individual threatened local businesses to release sensitive customer data unless paid via e-wallets.
Charges: Blackmail under Crimes Ordinance (Cap. 200), unauthorized access to computer system under Computer Crimes Ordinance (Cap. 200).
Verdict: Defendant convicted; sentenced to imprisonment and confiscation of digital assets used in the crime.
Significance: Demonstrates local application of extortion laws to cyber threats, including digital payment methods.
Key Observations
Digital Threat Mediums: Emails, ransomware, hacking, phishing, and social media are common tools for cyber extortion.
Proof of Threat: Prosecution often relies on digital forensic evidence, server logs, and cryptocurrency transaction trails.
International Cooperation: Cyber extortion frequently crosses borders, requiring collaboration among law enforcement agencies globally.
Punishments: Sentences are generally severe, including imprisonment, fines, and seizure of cryptocurrency or servers.
Legal Instruments: Combination of traditional extortion laws and cybercrime legislation is used for successful prosecution.
RELATED Blog
comments