Maryman- Digital Forensic Services

Extortion and Death Threats

CASE STUDY

Digital Forensics Investigation for Death Threats

Tags
Digital Forensics, Account Recovery, Extortion, Protection, Investigation, Law Enforcement Referral
Digital Extortion and Death Threats Case Study

Background

A private investigator retained the Maryman team to aid their client, a recent widower. The widower lost their spouse and several adult children in a tragic accident. Several weeks after the accident, while still grieving, the widower received a text message from their deceased spouse’s cell phone number, which itself was extraordinary since the cell phone was destroyed in the accident.

The message was an extortion demand of over one million dollars. If this demand wasn’t met, the criminals threatened to kill the surviving children, grandchildren, and great grandchildren, all named individually. When the widower refused, the criminals then compromised the widower’s cell phone number, email accounts, financial accounts, and mobile carrier accounts. The criminals then proceeded to threaten the remaining family members from the widower’s and deceased spouse’s phone numbers.

Scope

The Maryman team were engaged in a multi-phase effort. The first stage was to regain control of all accounts. The second stage was to gather forensic evidence to identify the criminals. The third stage would be to deliver the information to appropriate law enforcement to support their investigation.

Stage One

The Maryman team began with assisting the widower in establishing a new business mobile account with multiple safeguards to ensure that the mobile carrier account could not be coopted again, and that the new phone numbers could not be stolen. We then developed a systematic approach to regain control of all of the accounts, including notifying all of the affiliated businesses that the widower had been victim to this attack and may be subsequently attacked via other avenues, including social engineering.

We then systematically regained access to the accounts and locked out the attackers. We reconfigured all the multi-factor authentications to the new phone number and new devices to ensure that the attackers did not regain their foothold. Additionally, we were informed by the affiliated businesses that the attackers attempted to regain access to the accounts via social engineering, so the preemptive notification was critical to ensure that the attackers were locked out.

Stage Two

Once the accounts were successfully regained, the Maryman team proceeded with the preservation of logs and forensic analysis. Most of the connections from the attackers were through a VPN (virtual-private-network) that originated from overseas. However, when we were going keyboard-to-keyboard against the attackers, the attackers didn’t enable their VPN, which provided us a window of opportunity that we seized. We were able to isolate their IP addresses to four distinct locations in the continental USA.

Stage Three

The private investigator was already working with a detective in the local law enforcement offices and a local district attorney. The logs, including the four distinct IP addresses, were delivered to the detective for follow-up. In working with the widower, after Stage Two they did not receive another communication from the criminals.

Outcomes

The Maryman team learned that the information provided to the detective was crucial in discovering the identities of the criminal organization engaging in this and other attacks. The resolution included a successful prosecution of the criminals for this and other extortion crimes.

Our Mission

To provide our clients with solutions that are conducted with complete confidentiality and proven expertise, replacing questions and liabilities with answers and value. To be responsive to the unique and individual needs of our clients and consistently deliver quality professional services at reasonable costs.

Request a
Consultation Today

818-290-3775

Maryman- Digital Forensic Services
© Copyright 2001 – 2023. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved.
Maryman- Digital Forensic Services

Founded in 2001, Maryman is a professional services firm with 100+ years of experience in digital forensics, specializing in the  full range of investigative and litigation support for cyber matters. Headquartered in Los Angeles, we serve our clients nationwide with local response and global reach across all continents.

Our Services

Digital Forensics Incident Response (DFIR)

Cyber Investigations

Electronic Discovery (e-Discovery)

Expert Witness Testimony Services

Email Forensics (Device & Cloud Accounts)

Mobile (Cell Phone) Forensics

Contacts

joe.greenfield@maryman.com
818-290-3775
  • 16000 Ventura Blvd. Suite 1204 Encino, CA 91436
  • *Office visits are by appointment only
© Copyright 2001 – 2024. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved. Developed by TLG Marketing
Scroll to Top