A man in Bloomington, Indiana claims he was coerced into cooperating with a group of “Call of Duty” players that “cryptojacked” (stole) $3.3 million dollars of cryptocurrency from various victims, Chicago Sun Times reports.
Though no charges have yet been laid, unsealed court documents show that a man interviewed in March 2017 told the FBI that fellow players of the online warfare-simulation game “Call of Duty” threatened him over the Internet that they would “SWAT” him if he did not hack the phones of up to 100 people.
A “SWAT” attack is when a malicious hacker phones in a false report of a violent incident in progress. This has often prompted a dramatic, SWAT-team response by police at the scene.
“SWATtings” can be very traumatic and dangerous.
In 2014, cryptography activist and early Bitcoin collaborator Hal Finney was SWATted after he refused to hand over bitcoins to online extortionists.
During the course of the ensuing raid, the paralyzed and wheelchair-bound Finney was left in the cold on his lawn for hours as police searched his home.
According to Chicago Sun Times citing an FBI affidavit, the Bloomington man told the FBI that, after threatening to SWAT him:
“Members of the theft ring gave him names, phone numbers and other information to allow him to take over cell phones of their victims…Once the group took over a phone, they could hack into a victim’s cryptocurrency account.”
In December 2016, representatives from the Augur company contacted the FBI to report that someone was stealing their employees’ and investors’ Augur cryptographic tokens.
Augur hosts an online prediction market where people can bet cryptocurrencies like bitcoins and ether on the outcomes of future events using Augur tokens (REP) to access the platform.
Like Bitcoins and Ether, REP can be traded for a profit on cryptocurrency exchanges.
One problem with many of the small cryptocurrencies / tokens like REP, however, is they are often stored in telephone “hot wallets” connected directly to the Internet.
This is because most of the offline hardware storage devices now available are only compatible with major coins like bitcoins and ether.
Pools of tokens stored online comprise almost irresistible honeypots for hackers, who can use SIM-scams and other hacks, including malware injected through emails (spearphishing), to take over devices and empty digital crypto wallets.
All told, the “cryptojackers” in this case allegedly made off with $3.3 million in various cryptocurrencies/tokens, including $805 000 in Augur REP tokens.
The stolen tokens were allegedly transmitted across Bitcoin and Ethereum networks directly into attacker wallets.
Following their contacts with the Bloomington man, the FBI raided the home of a man in Bolton, Illinois August 1st, where they seized computers and cellphones.
The FBI also claimed in court documents that they had transcripts of online chats where the Bloomington and Bolton men discussed extorting one of the victims of an REP theft.
During that conversation, the FBI claims, the Bolton man wrote:
“LOL (laugh out loud)…hack the world.”