Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday.
Scores of colleges, businesses, hospitals and courthouses are believed to have received the emails which demands a Bitcoin payment be made by the end of the working day.
There are minor differences in the emails (mostly words being swapped around), but here is a typical message:
There is the bomb (tronitrotoluene) in the building where your business is located. My recruited person constructed an explosive device under my direction. It has small dimensions and it is hidden very well, it is impossible to damage the supporting building structure by my bomb, but there will be many wounded people if it detonates.
My man is controlling the situation around the building. If any unnatural behavior, panic or emergency is noticed he will power the device.
I want to suggest you a deal. You send me $20’000 in Bitcoin and the bomb will not detonate, but do not try to fool me -I warrant you that I have to call off my man solely after 3 confirmations in blockchain network.
My payment details (Bitcoin address)- 149oyt2DL52Jgykhg5vh7Jm10pdpfuyVqd
You must pay me by the end of the workday. If the working day is over and people start leaving the building explosive will explode.
This is just a business, if I do not see the money and the bomb detonates, next time other commercial enterprises will send me a lot more, because this is not a single incident. I wont enter this email. I check my Bitcoin wallet every 40 min and after seeing the payment I will order my mercenary to leave your district. If an explosion occurred and the authorities see this letter:
we arent a terrorist society and do not assume responsibility for explosions in other places.
Police authorities have confirmed that they do not believe the threats to be genuine, but you can understand the anxiety that some schools and businesses will have experienced receiving an email like this.
It takes very little effort for some cockwomble to spam out a threat like this to a list of businesses and colleges, and the impact is even more considerable than the sextortion emails that so many of us have received in recent months, quoting old passwords and claiming to have captured video footage of us as we visited porn websites (spoiler: they don’t have any video footage of you).
Sextortion is unpleasant enough, but terrifying schools with bomb threats? The police aren’t going to turn a blind eye to that, and I expect the FBI to putting considerable effort into trying to track down who might be responsible.
I also can’t help but wonder if this latest spate of spammed-out bomb hoaxes is in any way connected to the sentencing last week of British teenager George Duke-Cohan, who targeted schools in the UK and United States earlier this year with a similar extortion.
Duke-Cohan has just been sent to prison for three years for his bomb threats. Let’s hope there’s a similar outcome for whoever is behind this latest wave of hoaxes.
In case you do receive a bomb threat email, here is the advice:
- Do not respond or try to contact the sender.
- Do not pay the ransom.
- Report the email to the FBI’s Internet Crime Complaint Center or your local FBI field office.
The good news is, so far, it appears that none of the hoaxer’s intended victims has coughed up the $20,000 worth of Bitcoin. So, in that regard, the attack has been a spectacular failure.
If, however, the hoaxer was less interested in the money and keener on just causing disruption – well, I guess they have achieved their aim.
For more discussion on what George Duke-Cohan did, be sure to listen to this episode of the “Smashing Security” podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.