A bomb threat email demanding a payment in Bitcoin that appears to have been sent to thousands of companies, schools, hospitals, news organizations government agencies and individuals around the United States has led to dozens of precautionary evacuations.
The Bitcoin scammers began arriving about 1 p.m. Eastern, according to Twitter users who received the notes. The bomb threat demands $20,000 be delivered to a BTC wallet and threatens that explosives will be detonated if that money is not paid. The emails claim that explosives had been planted in the location where the email recipient works by a “mercenary” of the sender. The emails have subjects like “Think twice,” and “Think about how they can help you” and appeared to be robo-generated spam.
According to KOCO-TV, Oklahoma City Police said there is a nationwide investigation into the emails underway. There have been no reports of explosives being found in any of the locations where bomb threat emails were received.
The FBI said in a statement, “We are aware of the recent bomb threats made in cities around the country, and we remain in touch with our law enforcement partners to provide assistance. As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety.”
Here is the text of the email:
Good day. My mercenary has carried the bomb (lead azide) into the building where your business is conducted. My mercenary built the explosive device under my direction. It can be hidden anywhere because of its small size, it is impossible to destroy the supporting building structure by this explosive device, but if it denotates there will be many wounded people.
My recruited person is watching the situation around the building. If he notices any suspicious activity, panic or cops the device will be blown up.
I can call off my man if you make a transfer 20,000 usd is the price for your safety and business. Transfer it to me in Bitcoin and I assure that I have to withdraw my mercenary and the bomb will not detonate. But do not try to deceive me – my guarantee will become valid only after 3 confirmations in blockchain.
It is my Bitcoin address: [redacted]
You have to solve problems with the transaction by the end of the working day, if the working day is over and people start leaving the building the bomb will explode.
Nothing personal this is just a business, if I do not see the bitcoin and a bomb explodes, next time other companies will send me more bitcoins, because it isn’t a one-time action.
I will no longer log into this email, I monitor my wallet every twenty minutes and if I receive the money I will give the command to my man to get away.
If the bomb explodes and the authorities see this email We are not a terrorist society and don’t take responsibility for explosions in other places.
Other versions of the email contained different descriptions of the type of bomb and different BTC wallet addresses. The emails appear to have been sent by fake email addresses or emails hacked and stolen by the scammer.
Here are some of the tweets from recipients of the email threats:
The Massachusetts State Police tweeted, “MSP Fusion Center tracking multiple bomb threats emailed to numerous businesses in the state. MSP Bomb Squad notified and local departments are responding in their communities. Similar threats have been received in other states. We will share more info when available.”
According to Eric Tendian, who tweets about crime in Chicago, at least 12 businesses there have received threats with calls about the email still coming into police.
The Oklahoma City Police tweeted, “We’re working a number of bomb threat calls in OKC. There have been similar threats called into several locations around the country. No credible threat found at this point. We encourage the public to continue to be vigilant and call with anything suspicious.”
“These are apparently the same email threats that have been going on around the country,” Captain David Mohlis with the Waterloo, Iowa, Police Department told the Waterloo-Cedar Falls Courier after numerous threats were reported there. “The FBI is aware of it and is asking us to obtain the (mailer’s) information that is being sent to these business owners.”
WNDU-TV in Indiana was among the businesses to evacuate:
The News & Observer newspaper in North Carolina also evacuated after an email was received by an employee there:
Schools, banks, zoos, government offices, medical centers and a wide range of other businesses were also being evacuated:
The Cedar Rapids Police tweeted, “Several area businesses are receiving what appears to be a robo-email saying there is a bomb threat to their business unless they pay money in Bitcoins. We have found no credible evidence any of these emails are authentic.”
The NYPD said in a statement, “We are currently monitoring multiple bomb threats that have been sent electronically to various locations throughout the city. These threats are also being reported to other locations nationwide and are not considered credible at this time.”
On Twitter, the NYPD added, “Please be advised – there is an email being circulated containing a bomb threat asking for bitcoin payment. While this email has been sent to numerous locations, searches have been conducted and NO DEVICES have been found. At this time, it appears that these threats are meant to cause disruption and/or obtain money. We’ll respond to each call regarding these emails to conduct a search but we wanted to share this information so the credibility of these threats can be assessed as likely NOT CREDIBLE.”
Cybersecurity expert Brian Krebs wrote, “The bitcoin address included in the email was different in each message forwarded to KrebsOnSecurity. In that respect, this scam is reminiscent of the various email sextortion campaigns that went viral earlier this year, which led with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid.”
Krebs added, “I could see this spam campaign being extremely disruptive in the short run. There is little doubt that some businesses receiving this extortion email will treat it as a credible threat. This is exactly what happened today at one of the banks that forwarded me their copy of this email.”
Jason McNew, a Pennsylvania-based security consultant, told Krebs, “There are several serious legal problems with this — people will be calling the police, and they cannot ignore even a known hoax.”