Someone Tried to Extort Path

How it Started

Imagine my surprise when, while driving my daughter to lacrosse practice, I received a telegram message trying to extort me and Path Network for $1.6 million.

Let me set the scene for you, I’m driving in my Mini with my daughter talking about lacrosse and of course the boys she likes when my phone goes off. My daughter sees it and lets me know that I have a message from a business associate, we will call him Bob. Bob and I have just finished a buyout and company acquisition deal, so if he is reaching out on a Sunday something might be wrong.

I asked my daughter to respond and the extortion begins.

What information did they have and what did they want?

The individual who has taken over Bob’s account claims he has compromising data about Path and our negotiations and threatens to go public with the information. Since everything Path has done has been on the up and up with full reporting and visibility, I know this claim is wrong but let’s see where this goes.

The attacker proceeds to openly admit he has compromised Bob’s email and telegram account. He also admits that he is trying to extort me, an ex-FBI agent. (I know I have been out for 10 years but come on, is that really a smart move?)

The attacker later admits that he is in the UK, that he is promoting ICO’s, and that he has done no research on Path Network. In the end he claims he just wants the list of people who pre-bought Path utility tokens (those used for credits on the Path and Path Connect service lines) so he can pitch those “investors” on his ICO’s. He even agrees to send me an email, so we can discuss who he should contact.

The full transcript is included below save for redacted information to protect the innocent. (Also, don’t judge my daughter’s spelling. I took over the typing at 13:15 she didn't want to stop but her coach threatened sprints.)

The attacker was woefully unprepared

I have dealt with these types of attacks numerous times throughout my career both in the private and public sector but, no one has been this ill prepared, naive or idiotic.

Leave out the fact of my background, if he had investigated Path he would have found out that the company is full of ex-hackers (mostly white and gray) who would jump at a chance to track him down. Further he gives up information about himself and openly admits he is committing a crime.

What we've found so far

The team has done some limited investigation and found out that he sim-swapped the phone belonging to Bob, which is how he gained access. Because Path requires 2FA on email thru authenticator and YubiKey, the attacker could not access Bob’s Path email account. The IP address he accessed Bob’s personal account through was 194.59.251.62 which is controlled by m247.com, a company we know well.

We also know that the attacker has an inside track with AT&T for sim-swapping. Bob had just set up the new account at AT&T and was potentially getting a new device. The attacker was fully aware of this and used this honeymoon time with AT&T to launch his attack.

My reasoning for sharing

  1. Even idiots can launch cyber attacks- This guy was clueless about how to extort or how to protect his identity, but he was able to socially engineer AT&T into a sim-swap. If Bob had his bank accounts or crypto data on his phone without 2FA all his funds would be gone.
  2. Anyone can be targeted- Attackers see a name and title and think “He’ll have money, Ill go after him.” The best defense is to have plans and procedures on what to do when this type of attack comes in. Sometimes this means not engaging, sometimes you need an “expert” to talk for you and sometimes you should go straight to Law Enforcement.
  3. Great walls are no great security - All cyber attacks are based on gaining access to data and finding a way to profit from them. The idea that technological hacks are used to gain access is stupid. Most access, like 90%, is obtained through talking with people. People who are not educated about how simple comments can be used to gain more information. Building a huge wall around your system is great but you still must have a gate for access and the people manning the gate are the weakest link.
  4. Vision and review equals strength- If the attacker had gained access into Bob’s work email account, some company secrets may have been stolen. None that warranted a $1.6 million pay off but some of our cool tech might have been exposed. Because we use 2FA and can fully monitor ALL traffic into and out of our system we were able to see how far the attacker progressed. My team was actually watching for it real time and by the time I told them about the chat, they already had reviewed the logs showing no access.

With all that said, below is the log of the chat. Enjoy and if you ever need me to turn the tables on an extortionist, hit me up.

Bob, [14.10.18 12:53]
EJ
EJ Hilbert, [14.10.18 12:57]
Yes
Bob, [14.10.18 12:59]
It would be a shame if all this info got out
Bob, [14.10.18 12:59]
Like publicly
Bob, [14.10.18 12:59]
You tried to push all the blame onto Bob
EJ Hilbert, [14.10.18 13:01]
What?
Bob, [14.10.18 13:02]
EJ
Bob, [14.10.18 13:02]
you don’t have to play dumb with me
Bob, [14.10.18 13:02]
i know everything
Bob, [14.10.18 13:02]
ive seen almost everything
Bob, [14.10.18 13:03]
[ File : Screenshot_277.png ] (an image of the total ETH in our exchange account)
Bob, [14.10.18 13:04]
you guys also were going to close to final on a deal that was going to pay Bob $XXXK in ETH and $XXXK in cash at the closing.. now you all are saying that the company only has total assets of approximately $XXXK? ?
Bob, [14.10.18 13:04]
i wonder what the investors would think
Bob, [14.10.18 13:05]
doesnt sound too good so how about we work out a deal
EJ Hilbert, [14.10.18 13:05]
I’m assuming you stole Bob’s account and am trying to extort us?
Bob, [14.10.18 13:05]
yeah
Bob, [14.10.18 13:05]
we just need some path
Bob, [14.10.18 13:05]
and we’re out
EJ Hilbert, [14.10.18 13:05]
So you are willfully creating a criminal act to an ex FBI agent
Bob, [14.10.18 13:06]
yeah
Bob, [14.10.18 13:07]
id imagine an ex FBI agent would know the repercussions of the information i just got
EJ Hilbert, [14.10.18 13:07]
And how much Path do you want?
Bob, [14.10.18 13:07]
dont know yet
Bob, [14.10.18 13:08]
its live tmrw
Bob, [14.10.18 13:08]
right
EJ Hilbert, [14.10.18 13:08]
What path is already on the market
Bob, [14.10.18 13:09]
actually
Bob, [14.10.18 13:09]
I want ETH
EJ Hilbert, [14.10.18 13:10]
Noo. You sad Path you can’t change the rules
Bob, [14.10.18 13:10]
damn
Bob, [14.10.18 13:10]
i respect that
Bob, [14.10.18 13:10]
lets see
Bob, [14.10.18 13:10]
give me 5 mins
EJ Hilbert, [14.10.18 13:12]
You need a ECR20 wallet that is not on a exchange and is registered with Path before you can receive anything
Bob, [14.10.18 13:12]
i know.
EJ Hilbert, [14.10.18 13:12]
Go ahead and download the app and register
Bob, [14.10.18 13:13]
do you know who i am bro
Bob, [14.10.18 13:13]
veri
Bob, [14.10.18 13:13]
actually
Bob, [14.10.18 13:15]
4k ETH, 1M path
Bob, [14.10.18 13:15]
and this is done
Bob, [14.10.18 13:16]
0x01e3d0E60aB1C77CF0ed3EC5AFA29e499DCc463f
EJ Hilbert, [14.10.18 13:16]
That’s over a $1m
EJ Hilbert, [14.10.18 13:16]
Way too much
Bob, [14.10.18 13:17]
Okay
Bob, [14.10.18 13:17]
8k ETH
EJ Hilbert, [14.10.18 13:17]
But I’ll let the owners know
Bob, [14.10.18 13:17]
you are the owner
Bob, [14.10.18 13:17]
EJ
Bob, [14.10.18 13:17]
I KNOW EVERYTHING
EJ Hilbert, [14.10.18 13:17]
I’m not. Bob is the owner
Bob, [14.10.18 13:17]
EJ I got hacked. This is not me (This is where Bob finds out his acct is compromised)
EJ Hilbert, [14.10.18 13:18]
I know
Bob, [14.10.18 13:18]
Bob
Bob, [14.10.18 13:18]
Let me talk to EJ
Bob, [14.10.18 13:18]
EJ do you have wickr
EJ Hilbert, [14.10.18 13:19]
No. I like talking here
Bob, [14.10.18 13:19]
DL wickr
EJ Hilbert, [14.10.18 13:19]
But for the record I don’t own any portion of the company
Bob, [14.10.18 13:19]
you dont?
Bob, [14.10.18 13:19]
interesting
Bob, [14.10.18 13:20]
so i guess you wouldnt care if i just made all this info public
EJ Hilbert, [14.10.18 13:20]
Nope. I just work here
Bob, [14.10.18 13:20]
alright then
Bob, [14.10.18 13:20]
we can do it this way lol
EJ Hilbert, [14.10.18 13:21]
You do know all that info is 2 months old. And Path has no investors right?
Bob, [14.10.18 13:21]
path has no investors?
EJ Hilbert, [14.10.18 13:22]
Correct
Bob, [14.10.18 13:22]
send me the presale list
EJ Hilbert, [14.10.18 13:22]
There isn’t one
Bob, [14.10.18 13:22]
distribution list?
EJ Hilbert, [14.10.18 13:23]
There are people who bought tokens so they can use the service at a discount rate but they don’t own a part of the company
EJ Hilbert, [14.10.18 13:24]
You really should have done research prior to making demands.
EJ Hilbert, [14.10.18 13:25]
How many other companies are you trying to extort right now?
Bob, [14.10.18 13:25]
so you dont have a list of people who bought tokens?
Bob, [14.10.18 13:25]
thats what you’re telling me
EJ Hilbert, [14.10.18 13:25]
We have a list but they are not investors
Bob, [14.10.18 13:25]
send it over
EJ Hilbert, [14.10.18 13:25]
No
Bob, [14.10.18 13:26]
id hate to have expose what i read in this email
EJ Hilbert, [14.10.18 13:26]
They know about the deal with the real Bob.
Bob, [14.10.18 13:26]
i dont even want money anymore
Bob, [14.10.18 13:26]
i just want the list
Bob, [14.10.18 13:26]
and im gone
EJ Hilbert, [14.10.18 13:27]
Nah. I’m recording all this and going to share it in a Blog
Bob, [14.10.18 13:28]
so?
Bob, [14.10.18 13:28]
ill expose path lol
Bob, [14.10.18 13:28]
you’re ex FBI
Bob, [14.10.18 13:28]
you know that i there is funny business going on
EJ Hilbert, [14.10.18 13:29]
Go for it. And send me the link. I’ll post it to the main site
Bob, [14.10.18 13:29]
and im not sure it would be in the best interest for the people who hold path tokens
EJ Hilbert, [14.10.18 13:31]
Well. Let’s see. Headline will read “Idiot Hacker tries to extort start-up with out of date public records”. It will bring Path more attention.
EJ Hilbert, [14.10.18 13:32]
See all those records are in email because they also go to the SEC
Bob, [14.10.18 13:32]
my god
Bob, [14.10.18 13:32]
ej
EJ Hilbert, [14.10.18 13:32]
So whose account did you take. Bob’s or his attorney
Bob, [14.10.18 13:32]
i dont even want money ej
Bob, [14.10.18 13:32]
i just want the list
EJ Hilbert, [14.10.18 13:33]
Why?
Bob, [14.10.18 13:33]
lets make this easy
EJ Hilbert, [14.10.18 13:33]
So you can extort them? Nah
Bob, [14.10.18 13:33]
i just need to pitch some ICO’s
Bob, [14.10.18 12:53]
EJ
EJ Hilbert, [14.10.18 12:57]
Yes
Bob, [14.10.18 13:33]
im getting paid pretty big bucks
Bob, [14.10.18 13:34]
and they need this list
Bob, [14.10.18 13:34]
so like i said
Bob, [14.10.18 13:34]
lets make it easy
EJ Hilbert, [14.10.18 13:34]
Them why extort. See I have to call BS
Bob, [14.10.18 13:34]
because i have to get the list somehow
Bob, [14.10.18 13:34]
how else could i possibly do it
EJ Hilbert, [14.10.18 13:34]
Then why extort? (Sorry I was watching football)
Bob, [14.10.18 13:34]
redskins game?
EJ Hilbert, [14.10.18 13:34]
Ask nicely
Bob, [14.10.18 13:35]
football isnt big in the UK
Bob, [14.10.18 13:35]
ill ask nicely
EJ Hilbert, [14.10.18 13:35]
Recap of Chargers
Bob, [14.10.18 13:35]
May I please have the list.
EJ Hilbert, [14.10.18 13:35]
Raiders Seahawks at Wembly
EJ Hilbert, [14.10.18 13:35]
I lived in the UK for awhile
EJ Hilbert, [14.10.18 13:36]
Send me an email from a real address and then we can talk
Bob, [14.10.18 13:36]
BOBXXXXXX@gmail.com (redacted)
Bob, [14.10.18 13:36]
lets talk
EJ Hilbert, [14.10.18 13:38]
You send me an email at my account and we can discuss what ICO’s youre pushing and if our token purchasers are a fit
Bob, [14.10.18 13:38]
where do i send the email;]
EJ Hilbert, [14.10.18 13:38]
Figure it out. You’re a smart guy right?
EJ Hilbert, [14.10.18 13:39]
I’m easy to find
Bob, [14.10.18 13:39]
my god
Bob, [14.10.18 13:39]
just make this harder for me
Bob, [14.10.18 13:39]
please
Bob, [14.10.18 13:39]
brb
Bob, [14.10.18 13:42]
should i send to gmail or path email
Bob, [14.10.18 13:44]
?
Bob, [14.10.18 13:45]
0x01e3d0E60aB1C77CF0ed3EC5AFA29e499DCc463f
Bob, [14.10.18 13:46]
thats still empty
Bob, [14.10.18 13:46]
waiting on a tip
EJ Hilbert, [14.10.18 13:48]
I’m not sending anything
EJ Hilbert, [14.10.18 13:48]
Path email is fine

You might enjoy:

Next post No more posts

Comments

comments powered by Disqus