David Beckham refused to pay £1 million to blackmailers to stop a leak of his emails, it has been reported. Hackers believed to be using Russian servers accessed millions of messages and documents from the computer system of Simon Oliveira’s agency which runs Mr Beckham’s publicity. The cyber criminals allegedly demanded a sum of one million euros – close to £1 million – not to expose the sensitive emails. IT security experts from Lieberman Software, AlienVault and ESET commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“Cybercrime powered blackmail is a police matter and it’s good that David Beckham treated it that way by going to the authorities. Too many people and organizations, faced with ransomware or more targeted cybercrime, treat it like an IT issue not a criminal affair. That hurts them and also hurts the overall community because it robs the authorities of a full view of the activities of the bad guys. There may be electronic fingerprints in one case that’s never reported that would solve dozens of others sitting on file.”
Javvad Malik, Security Advocate at AlienVault:
“While third party security has been a concern for many large Enterprises, this incident goes to show that individuals and small businesses are just as likely to be compromised by attackers.
Companies that deal with others’ data need to be extra vigilant against attackers who may want access to their client’s data.”
Mark James, IT Security Specialist at ESET:
“Celebrities are always going to be a high level target when it comes to cyber criminals and blackmail. In all cases of blackmail (including ransomware) there is a chance that even if you do pay the initial payment there is nothing stopping the criminals from asking for more money once you have paid. In this case your decisions are fairly limited; do they actually have the material? Do I want it in the public domain? What if they want more money? And of course the problem with a digital ransom is they could easily make copies to use later or sell on to other sources and you’re back to square one!
The most sensible thing to do here is not pay the ransom, notify the police and deal with the outcome. The emails themselves may or may not be released and of course knowing they could easily be manipulated to bring disrepute to the owner means you have no real control of how they may be received by the public, honesty is the best policy.”