Feds thwarted an extortion plot against Best Buy

[Homerboy]

Text

Warning!!! 1 view of article per day or it asks you to register.

 

[anxi80]

problem solved...

Feds thwart extortion plot against Best Buy
David Phelps, Star Tribune

Published January 7, 2004 BEST07


Federal authorities said Tuesday they thwarted an extortion plot against Best Buy Co. Inc. by a man who sent the company an e-mail threatening to expose what he claimed were weaknesses in the retailer's computer system unless he was paid $2.5 million.

Thomas E. Ray III, a 25-year-old Jackson, Miss., resident, made his first Minnesota court appearance Tuesday before U.S. Magistrate Judge Earl Cudd. He pleaded not guilty and was released on $10,000 bail.

Ray faces two felony charges of making extortion threats to damage property or reputation and extortion threats to damage computers. He is being represented by Minneapolis attorney Rick Petry.

He was indicted in federal court in Mississippi in mid-December and accused of making a series of threats in October to Richfield-based Best Buy about the security of its BestBuy.com site. No security breaches were made into the system, Best Buy said.

Federal investigators became involved after security officials at Best Buy contacted federal authorities about the demands. The Minnesota CyberCrime Task Force also took part in the investigation, as did America Online and Netscape, Internet service providers that Ray used.

According to the indictment, Ray made the e-mail demands to Best Buy under the name and Internet address of "Jamie Weathersby, IPC Corp."

According to an FBI search warrant, the first e-mail demand came on Oct. 16. It said there was a flaw in Best Buy's Web site that would allow the sender to "review all customer accounts and assume complete ownership of www.bestbuy.com by moving it to another register or server."

The e-mail also offered to establish an unspecified business relationship between the sender and Best Buy, adding: "Without your response, we are obligated to share the security hole with the public for their protection. As a result, Best Buy may experience a loss in business, thefts and lawsuits."

The search warrant, which had been kept under court seal until this week, said a Best Buy employee attempted to respond to gain more information from the sender but could not locate any firm called IPC Corp.

A second e-mail came the next day offering "a step-by-step summary of how we were able to penetrate your Web site" for $2.5 million. If Best Buy did not agree to the deal, the e-mailer said he would list all of Best Buy's customers and their credit card numbers on BestBuy.com.

Best Buy then contacted the e-mailer and on Oct. 22 received another demand for $2.5 million. The money would have to be paid by Oct. 24 or Best Buy customer information would be posted online Oct. 27, the e-mailer said.

The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.

Assistant U.S. Attorney Paul Luehr said the address verifier was one of several investigative tools the government used to track Ray down.

"It was a tool that helped us confirm that other leads were moving in the same direction," said Luehr, who declined to discuss details of the investigation.

Ray faces a maximum of two years in prison and a $250,000 fine for property and reputation extortion. He faces a maximum sentence of five years in prison and a fine of $250,000 for threats to damage computers.


David Phelps is at dphelps@startribune.com.

 

[HomeBrewerDude]

I think someone stopped taking his meds.

 

[waggy]

Originally posted by: Homerboy
Text

Warning!!! 1 view of article per day or it asks you to register.

doh. guess he was not as smart as he thought.

 

[TommyVercetti]

EDit: Hehe wrong thread.

 

[waggy]

Originally posted by: TommyVercetti
Was the original ad referring to IBM when it talked about "1984"?

eh?

 

[Homerboy]

thanks anxi80
I screwed up and didnt copy paste it the first time (hence why I knew you could only view once)

 

[NFS4]

I thought this was going to be a thread about the $5 Xbox games

 

[TommyVercetti]

The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.

????

They could have just sent the guy an HTML email with a very tiny image (1x1) and just monitored their logs to see what IP address shows up.

 

[AMCRambler]

hahaha, this is funny stuff. If he gave them step by step instructions about the hole, why not just fix it and send him back an email and say go ahead and try?

 

[anxi80]

Originally posted by: Homerboy
thanks anxi80
I screwed up and didnt copy paste it the first time (hence why I knew you could only view once)

heh, no problem. thanks for the heads up about the ability to only read it once.

 

[sillymofo]

Originally posted by: TommyVercetti

The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.

???? They could have just sent the guy an HTML email with a very tiny image (1x1) and just monitored their logs to see what IP address shows up.

This is the FuhBI guys you talking about. They work for the government, give them some slack. ;p

 

[DurocShark]

Originally posted by: cr4zymofo

Originally posted by: TommyVercetti

The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.

???? They could have just sent the guy an HTML email with a very tiny image (1x1) and just monitored their logs to see what IP address shows up.

This is the FuhBI guys you talking about. They work for the government, give them some slack. ;p

Naw, it's just FUD. (Fear, Uncertainty, Doubt).

What did you THINK an Intenert Protocol Address Verifier was?

 

[sillymofo]

Originally posted by: DurocShark

Originally posted by: cr4zymofo

Originally posted by: TommyVercetti

The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.

???? They could have just sent the guy an HTML email with a very tiny image (1x1) and just monitored their logs to see what IP address shows up.

This is the FuhBI guys you talking about. They work for the government, give them some slack. ;p

Naw, it's just FUD. (Fear, Uncertainty, Doubt). What did you THINK an Intenert Protocol Address Verifier was?

No, I was laughing at the Internet Device...

 

[DXM]

The Minnesota CyberCrime Task Force also took part in the investigation, as did America Online and Netscape, Internet service providers that Ray used.

This guy must be one of 'dem "hackers" I always read about.

 

[ctcsoft]

If there was a security hole like that in the website then they do owe this
guy some credit for bringing it to their attention.

BB website is now a better/safer place due to this soon to be convicted
felon.

 

[Hammer]

Originally posted by: jmoe782
If there was a security hole like that in the website then they do owe this
guy some credit for bringing it to their attention.

BB website is now a better/safer place due to this soon to be convicted
felon.

yeah, but he threatened to break into their system and post customer info. that's the difference.

 

[Homerboy]

Originally posted by: jmoe782
If there was a security hole like that in the website then they do owe this
guy some credit for bringing it to their attention.

BB website is now a better/safer place due to this soon to be convicted
felon.

But still sh!ttily designed and a bear to navigate... the horror... THE HORROR of BB's website (Office Max's too)