loader gif

New Sextortion scam campaign purports to come from Central Intelligence Agency

New Sextortion scam campaign purports to come from Central Intelligence Agency
  • The emails claim that you are involved in a case that deals with the ‘Distribution and storage of pornographic electronic materials involving underage children’.
  • The scam emails state that you will be arrested as a part of an international operation and demands $10000 in bitcoin to remove your details from the case list.

What is the issue - A new sextortion scam campaign is underway pretending to come from the technical collection officer of the Central Intelligence Agency.

The emails claim that you are involved in a case that deals with the ‘Distribution and storage of pornographic electronic materials involving underage children’.

Why it matters - The scam emails state that you will be arrested as a part of an international operation and demands $10000 in bitcoin to remove your details from the case list.

Contents of the email

The emails have subject lines similar to ‘Central Intelligence Agency - Case #49237856’. In order to add legitimacy, these emails include several images of the CIA seal and the email addresses include the text ‘cia’, ‘gov’, ‘gq’ and 'ml'.

“Case #49237856

Distribution and storage of pornographic electronic materials involving underage children.

My name is Devon Babin and I am a technical collection officer working for Central Intelligence Agency. It has come to my attention that your personal details including your email address (person@xxx.com) are listed in case #49237856.

The following details are listed in the document's attachment:

  • Your personal details,
  • Home address,
  • Work address,
  • List of relatives and their contact information.

Case #49237856 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.

The data which could be used to acquire your personal information:

  • Your ISP web browsing history,
  • DNS queries history and connection logs,
  • Deep web .onion browsing and/or connection sharing,
  • Online chat-room logs,
  • Social media activity log.

The first arrests are scheduled for April 8, 2019.

Why am I contacting you ?

I read the documentation and I know you are a wealthy person who may be concerned about reputation. I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition.

Transfer exactly $10,000 USD (ten thousand dollars - about 2.5 BTC) through Bitcoin network to this special bitcoin address:

3DAEVKMXxAXH5njM2CZoV4U7QdK7Sf6ZZZ

You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files). Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you. Please do not contact me. I will contact you and confirm only when I see the valid transfer,the email read, BleepingComputer reported.

List of email addresses and the bitcoin addresses

Some email addresses and the bitcoin addresses observed in this sextortion campaign includes,

  • sandie.curtin@vsvl.cia-gov-int[.]gq
  • devon.babin@sccb.cia-gov-int[.]ga
  • sadye_crawley@nbvz.cia-govn[.]ml
  • carlajernigan@kbcw.cia-govn[.]ml
  • robynmckinney@mwoi.cia-gov-it[.]gq
  • antionette-carbajal@ltge.cia-gov-int[.]ga
  • page.fogle@lunr.cia-gov-int[.]ml
  • carmelo.kenyon@it6.cia-govn[.]ga
  • 3JoV6VyMavsYFXkdtUdpmBvaDaEbuCjUH5
  • 3DAEVKMXxAXH5njM2CZoV4U7QdK7Sf6ZZZ
  • 39BXj6HzMfYh3ZtLvYX5igxyjouqW4ApvM
  • 34STNDZPEUhZXcKheLZH9JPxhGZzRcXKvN
  • 35mmTS61KfwobB2zhoZFGFpjJ8BgDRqMui
  • 37aet9CFoiZuWce28kVm7YKnwbhcD4qCCD
  • 3AiFhFqKR2J6n3sw6ATcB7FeckiA5852rp
  • 32VsS6uSr8Xx7SPMptDRKUexWpZFmLcDRx

The bottom line - If any of you receive such emails from the above email addresses or similar email addresses and state that you are involved in a case that deals with the distribution and storage of child pornography, then beware that it is nothing but a scam.

loader gif