WASHINGTON, November 7 (RIA Novosti) – Hackers using a Russian server are scamming victims out of cash by posing as the US National Security Agency (NSA), which has been at the center of a global political maelstrom over its covert surveillance programs disclosed by fugitive leaker Edward Snowden, a US computer security expert said this week.
The fraudsters are using malware that locks infected computers and sends users a notification purporting to be from the NSA saying they have committed a cybercrime, typically involving child pornography, according to Andrew Brandt, director of threat research at California-based computer security firm Blue Coat Systems.
“Emblazoned at the top of this utterly bogus screen are the logos of the NSA and a related organization, the Central Security Service,” Brandt wrote in a blog post Monday.
The scam runs through a server based in the city of Ryazan, 120 miles (200 kilometers) southeast of Moscow, and gives the targets the option of unlocking their computers by paying a “fine” for their fictitious infractions, Brandt wrote.
The malware culls the username from the computer and embeds it in the phony NSA notification to lend authenticity to the scam, he noted.
Malicious software that locks users’ computers and demands money to unlock them is known as “ransomware.”
Many ransomware gangs appear to be based in Russia and have used fraudulent warnings purportedly from other countries’ law enforcement authorities depending on the location of the target, Brandt wrote.
“If you’re in the UK, you might have seen one with the logo of Scotland Yard and a picture of a quintessentially British bobby,” he wrote.
Snowden, a former NSA contractor, fled the United States for Hong Kong and then Moscow after leaking details of several top-secret government surveillance programs to the media.
Russia granted him asylum, despite repeated demands from the US for his extradition. Snowden has been living at an undisclosed location in Russia since August.