Posted by: David Harley | March 28, 2013

Putting a Spook in the Wheel

John Leyden commented for the Register on the MI5 warning I blogged yesterday, in MI5 undercover spies: People are falsely claiming to be us (love the subtitle: go and read it!)

Just one observation: Leyden rightly remarks that the warning is more likely to refer to Reveton-like ransomware than to “bogus offers to shift seized assets and the like, the staple of advanced-fee fraud (aka 419 scams)”. I should have made it clearer that I had in mind the type of 419 that attempts to extort money by threats of assassination, rather than the “I need you to put £30m of a dead dictator’s gold into your Post Office account” type of 419.

It’s actually the use of the Director General’s name that makes me suspect a possible 419: ransomware generally uses the name of an agency to intimidate rather than that of an individual. (HT to Kafeine for the examples referenced there.)

There’s an amusing variation on the friendly assassin 419 theme noted here – A Deadly 419. Presumably that particular post was meant more as pastiche than a serious threat to extort, but it’s based on a sub-class of 419 that has been around for quite a while. Here’s part of an example from 2007:

Good day Mr Firstname Lastname ,

I want you to read this message very carefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from, till i make out a space for us to see, i have being paid $50,000.00 in advance to terminate you with some reasons listed to me by my employers, its one i believe you call a friend, i have followed you closely for one week and three days now and have seen that you are innocent of the accusation, Do not contact the police or F.B.I. or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do, beside, this is the first time I turned out to be a betrayer in my job.

Of course, an extortion attempt from ‘MI5’ might take quite different forms to this assassination scenario: unless Thames House decides to break the habit of a lifetime and release a little more information, who knows ?

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: