The cyber threat does not wear a black hoodie

It is the night of December 16, 2025, at Quinta de Olivos in Buenos Aires. Home of President Milei, although he is not present in this moment.

In the middle of the silence, a detonation is heard. The sound originated from one of the perimeter security posts, where Gendarmerie officer Rodrigo Gómez is on duty.

Rodrigo, 21 years old, alone, has just made the worst decision of his life. There is no logical explanation, although his farewell letter hints at a personal issue. Therefore, the investigation turns to our great life logbook: the mobile phone.

Rodrigo, like many others, had arrived in the big city to change his life.
Shy, very introverted, and eager to meet women, he downloaded a dating app. There he meets July, a very attractive 20yearold woman.

Rodrigo builds a virtual relationship with July, which gradually evolves. Little by little, they begin to exchange conversations and images. Increasingly private, increasingly intimate, something common, especially at that age.

And then the unexpected happens: He receives a call from July. But the person on the other end of the line is not July—it is her mother, who begins screaming frantically:
“You degenerate! Look at the things you’re sending my daughter! She’s 17 years old, and you send her that filth! I’m going to the police right now!”

The situation was an exploding bomb. July was a minor, and he, as an adult, had shared intimate material with her.
But how could that be? July had assured him she was 20 years old, and that is how she appeared on her dating app profile… Had she deceived him?
Still overwhelmed by the previous call, barely able to process it, the phone rings again almost immediately this time from an unknown number.

This time it is a police investigations commissioner, from the “Cyber Child Abuse Unit”, informing him that the mother’s complaint had just been received and that his arrest would proceed.

“I find your situation very complicated in the case against you.”

But the officer shows empathy, a light in the darkness, and understanding that Rodrigo had been deceived tells him there is a way to help. There was an alternative to silence the accusations: paying money to the complaining mother. The police officer himself would take care of arranging it.

By the time of the incident at Quinta de Olivos, Rodrigo had been paying consecutive demands totaling close to one thousand dollars, and more was being demanded. Impossible to keep up. There was no way out.

As you might imagine, it was ultimately discovered that the people on the other end of the line were neither July, nor her mother, nor the commissioner.

The perpetrators were a group of criminals led by former police officer Tomás Francavilla (who played the role of the supposed commissioner), who at the time was imprisoned for other crimes at the Magdalena prison.From there, with the support of family members (the supposed July and her mother), they carried out phone extortions him operating from inside the prison itself.

Rodrigo had been the victim of one of the greatest current cyber threats facing young people: sextortion.
Sextortion is criminal extortion based on the threat of exposing a victim’s intimate images. Internationally, this crime has reached extreme levels of sophistication—such as those revealed in Interpol’s Operation Strikeback in 2014, including the case of Daniel Perry and the dismantling of the syndicate led by Maria Caparas, known as “The Queen of Sextortion,” which operated globally from the Philippines. Now, that same model was being systematically deployed from the Río de la Plata.
Sextortion schemes generally differ depending on the victim’s gender.
In the case of male victims, the process typically consists of four stages:

1. Bait Construction: The cyber threat creates a fake profile of an attractive woman on a social network, using images stolen from other accounts (catfishing) or, increasingly, images generated by artificial intelligence.
2. Fishing: From this fake profile, potential victims are identified and contacted—usually shy men with limited apparent social lives.
3. The Bite: Once the victim accepts the connection request, a virtual relationship begins, carefully avoiding video calls under various pretexts.
4. Reeling in the Catch: Conversations come first. Once trust is established, intimate material is exchanged. The supposed woman sends increasingly explicit images (often AIgenerated) and eventually asks the victim to reciprocate.
   de la víctima.
5. Acquisition of the Target: With intimate images of the victim in hand, the extortion begins—threatening to make them public unless payment is made.
   

The demand for money and its payment becomes an endless cycle, known as pig butchering.

In the case of women, the strategy changes. Possibly because they tend to be more cautious and less riskoriented, the attack is direct: nude images of the victim are generated using artificial intelligence (there are applications specifically designed for this purpose), and the victim is extorted under the threat of public exposure unless she provides real images of herself—triggering an endless spiral of violence.

For kids, the threat usually comes from anonymous sources and has primarily economic motives. For women, the threat most often comes from someone in their social environment and is primarily intended to cause psychological harm.

Sextortion, grooming, pig butchering, romance scams different forms of personallevel cyberattacks that present a significant opportunity for those of us who work in cybersecurity. In a digital world where full observability of a cyberattack is almost impossible, these attacks allow us to observe their entire lifecycle.
While cyberattacks against individuals may differ in motivation, operational methods, or victim profiles and contrary to the popular imagination of what a “hacker” looks like the primary strength of the cyber threat lies not in technical expertise, but in psychological manipulation. In many cases, the attackers’ technical knowledge is minimal or even nonexistent.

This is something Hollywood has deeply ingrained in our minds: the image of the cybercriminal in a black hoodie, introverted, antisocial, operating from a dark basement full of machines. That image no longer reflects reality.

On the contrary, cyber threats rely fundamentally on psychology as their main tool to exploit human vulnerability. Their operations are defined by apparent empathy toward the victim, while being completely dehumanized.

Worse still, cybercriminal organizations are often better organized than the companies we work for.

Insights gained from studying the internal operations of these groups—most notably through Jon DiMaggio’s symbolic infiltration of LockBit—have revealed highly structured and meticulously organized systems. In some cases, individuals within these organizations are not even aware that they are participating in criminal activity.

The extreme segmentation and atomization of tasks public relations, human resources, software design, business intelligence, call centers mirror the structure of legitimate corporations. Individually, each role appears normal. Only by viewing the full operation from a leadership level does the criminal nature of the organization become visible.

So, wait a second if they’re better organized and ahead of us, is there anything we can do? Or are we lost?
Yes. We absolutely can fight back.
There is no single solution, neither at the personal nor at the corporate level. There is no silver bullet.
Just as we protect our physical homes with multiple layers of security not a single measure alarms, bars, locks, safes, reinforced glass, smoke detectors, insurance the cyber domain works the same way. Cyber defense must be deployed on multiple fronts.

And how much does all this cost? A fortune, one might think. No. Just like in the physical world, while it is possible to invest heavily in sophisticated security products, the most important protective measure a person or organization can adopt is surprisingly free.
Education in security.
Installing alarms without understanding the threats we face is irresponsible. Adopting protective measures without understanding the environment can easily become a waste of resources.
Installing alarms without understanding the threats we face is irresponsible. Adopting protective measures without understanding the environment can easily become a waste of resources.
Yes, it may sound pessimistic but reread this article. How many things could have been avoided?

Note: All dialogues quoted in this article were transcribed verbatim from audio evidence contained in the case file.