Virtual kidnapping is a real threat that is worryingly starting to gain some momentum according to an ex-Secret Service guy…
At the recent NetEvents Global Analyst Summit in San Jose, the opening keynote was entitled ‘The New Hacker’ and framed as offering insights from the US intelligence agency community. On the whole this involved MK Palmore (who heads up the cyber branch of the San Francisco FBI), Dr Ronald Layton (Deputy Assistant Director of the US Secret Service) and Michael Levin (formerly Deputy Director of the National Cyber Security Division of the US Department of Homeland Security) thinking rather carefully before saying anything. Indeed, the on the fly filtering as these guys spoke was almost palpable. So when one audience member asked whether encryption backdoors are a good idea, the answers avoided the usage of such things by law enforcement and instead suggested they were bad if they let threat actors perform criminal acts.
The most memorable moments with former three letter agency man, Michael Levin, now CEO of the Center For Information Security Awareness (CFISA), were had later outside the conference hall as he pulled me to one side for a chat. Michael was keen to introduce himself, and have a conversation about the changing threatscape. Perhaps the most interesting would be how Michael revealed that one form of social engineering, making full use of intelligence gleaned from social networks along with the compromising of mobile devices, is virtual kidnapping. And it’s gaining momentum.
Now that is really frightening! Have there been any cases reported in the UK or is it all Mexico and the USA so far?
Not that I am aware of. I think it’s very much something that seems to originate in Mexico mainly, and has spread to target victims in the US.
I’m not convinced that this is a real threat concern. Why would anybody fall for this? Doesn’t make sense.
This is a real concern in the U.S. You can see a number of news videos on YouTube that document this crime by searching for virtual kidnapping. Thanks Davey for pushing this important information out to your readers!
My blog on this subject can be found here: https://www.cfisa.org/item/383-security-awareness-training-alert-virtual-kidnapping.html
What Mike said. The whole point of any scam is to convince the victim that an unlikely event is actually true. With something as frightening as being presented with a kidnap scenario, that is presented using voice (phone call from scammer with someone pretending to be the hostage in the background) and personal information gleaned from social media as well as device compromise, the scam relies upon inciting panic in the mark. When you panic, all rational thought goes out of the window; the dictionary definition states that panic “produces hysterical or irrational behavior” after all. Under these circumstances it makes perfect sense that someone without prior awareness that such a scam exists would be taken in by it. Which is why education of security threats is such a vital piece of the security posture puzzle…