Mumbai: Next time you want to post photos of your holiday in the Caribbean or the French Riviera on Instagram or check into your favorite luxury hotel on Facebook, think again. With cyber criminals keeping tabs on the social media footprint of the well-heeled, you may be at risk of virtual extortion.
Take the case of the daughter of a well-known MNC CEO based in India who recently posted her vacation and hotel details on Facebook. Cyber criminals hacked into the security video of the hotel she was staying in and retrieved footage of some of her intimate moments. “They told the CEO to pay up $250,000 or they would post the footage online,” says a cyber security expert who took up the case when the police failed to act. However, the ransom eventually had to be paid since the network was too big to track down.
While companies continue to be the primary targets of cyber criminals, social media platforms like Facebook, Twitter, and Instagram have made it easy for hackers to track and target high net worth individuals (HNIs) and their family members. One cyber security analyst recalls an instance of holiday pictures posted on a CEO’s Facebook account being morphed.
Sivarama Krishnan, leader, Cyber Crime, Price water house Coopers, says there have been at least 12 cases of digital ransom in the last year, where private information, like location, or pictures, have been collected from social media accounts of CxOs or their family members.
No such cases had come to light in 2014. A major reason for this rise is the fact that people are sharing more online. “It might start with a random friend request accepted unthinkingly. But by doing that you may be exposing your entire contact list as well as giving out your email id, Twitter contacts, and Instagram pictures in the process,” says Jayant Saran, who leads eDiscovery and digital forensic services for Deloitte. He estimates extortion cases at 100, but says they may be intentionally hidden owing to the profile of the people involved.
Prasanna J, director of AVS Labs, a Bengaluru-based cyber security lab, adds that information like an individual’s birth date, mother’s maiden name and email id are sometimes enough to access their bank accounts. “The ransom is usually anything between Rs 1 crore and 5 crore.
Many just pay the money so that the case stays off the radar,” he says. Last year, a married Indian VIP was told that video footage of him being physically intimate with a foreign woman would be circulated to his Facebook friends. In many such cases, the social media platform has cooperated with experts. “They have helped us track the network and get a few people arrested,” says Prasanna. Facebook did not respond to TOI’s emails on the issue.