Tech support scammers mess with hacker's mother, so he retaliated with ransomware Vengeful security boffin Ivan Kwiatkowski has infected the computer of an Indian tech support scammer with the Locky ransomware. Kwiatkowski inflicted the virus on the scammers after they attempted to fleece his parents. The retaliatory strike was easy for the French malware analyst; during a phone call with the scammers he …
Let's hope he hasn't pissed off the kind of people who would have him drinking those pints through a straw.
As great as it is to see scum like this get their just rewards; engaging with them can be a dangerous game to play. Even just giving them abuse if they call can lead to endless silent phone calls which can quickly make lives a misery.
Take care and think twice before getting involved in something which can easily escalate. These bastards do need nuking from space and we need to keep pressuring the authorities to take steps against them.
You're absolutely right about the endless silent phone calls. They were targeting my city's area code last year and when they called me I took the chance to play around with them and insult them a bit. Initially the guy just called me back and manually insulted me in hilarious mangled english. But after a week that stopped and since then I've been getting ~5 silent calls a day from random numbers. It's super annoying.
On the plus side it's given me the motivation to learn VOIP. I've set up my own SIP phone system with a DID number from my area. I'm slowly learning how to get detailed information on who's calling through what. I already knew enough computer tech to mess with them. But now I'm not far from knowing enough phone tech to do so.
Expecting the poor guy to get his gear confiscated and then get dragged before the beak in 15 seconds for "hacking". There will probably be a "hate crime" accusation thrown in too to round it off, because indjuns.
If you do this vigilante stuff, better keep very quiet about it! Modern social democracy is nasty stuff.
(Holy damn, 1 thumbs up and 1 thumbs down already ... I suspect the voting will be balanced on the long run)
'Expecting the poor guy to get his gear confiscated and then get dragged before the beak in 15 seconds for "hacking".'
Perfectly good defence. He wanted to protect his parents and all other victims by getting rid of the CC details on the scammer's machine.
'There will probably be a "hate crime" accusation thrown in too to round it off, because indjuns.'
No problem. This was in France.
Unfortunately, there really isn't a "he needed killin'" defense. Not today, at any rate.
There is an old saying about a victim in a murder case who had bad or violent character.
It goes like this: "He needed killin'." In essence, it was a justification for murder in the old days in Texas that the victim had horrible or violent character. You cannot argue he needed killing in Texas courts but in limited circumstances the defense may introduce evidence of prior acts of violent misconduct or threats of violence by the deceased which illustrate his violent character, Gutierrez v. State, 764 S.W.2d 796, 798 (Tex.Crim.App. 1989).
There was a case in Kentucky in the 1870s about self defense, but nothing about the need to go out and proactively shoot somebody dead because it just had to be done.
hmm... the wife once 'bought' a hair straightener from a dodgy Chinese site, I noticed what she was doing just as she clicked the pay button, made her cancel her cards and then looked into the site and noticed it was VERY vulnerable to SQL injection, dropped the customers and products tables from it... Hair straighteners never turned up...
hmm... the wife once 'bought' a hair straightener from a dodgy Chinese site, I noticed what she was doing just as she clicked the pay button,
When you say 'dodgy', do you mean 'actively serving malware or obviously scamming' or 'badly put together with poor engrish'?
made her cancel her cards
Wise precaution if you're unsure.
and then looked into the site and noticed it was VERY vulnerable to SQL injection, dropped the customers and products tables from it... Hair straighteners never turned up...
Erm... wow.... I really hope the answer to the first question was 'very very very dodgy' otherwise criminal damage and potentially destroying someone's lively hood seems a little extreme to not get some badly made hair straighteners. Especially if their only crime was bad web site design and poor ability in a second language.
You realise that by dropping those tables you made sure that a number of innocent customers, who had already paid, were then guaranteed to not receive anything for their money?
The website may have been rubbish, but you have no proof that they were scammers. If anyone was ripping off customers it was you.
"I've not been lucky enough to have these scum ring me up"
I have, a few weeks ago, but I screwed up. In my excitement, as the guy was insisting that my "PC" had a virus, I took the piss out of him saying: "what you mean this computer in front of me with a big 'Apple' logo on it??"
(In response to which he started insisting that their records show that I have a PC, and that their server was reporting a virus on it and that if I didn't let them help me sort it out they would have no choice but to deactivate my computer for security reasons ...)
...then realised what an ass I'd been, that having got angry and arrogant with the caller I'd fooled myself into leaking valuable information that I definitely should not have given them -
1. That I do actually have a computer
2. What make it is
IT security lesson learned.
Next time, ask for the MAC addy or the serial number of the computer. That usually stops them dead in their tracks.
I did ask one "which computer?, I have about 50 of them here." Ok.. I lied about the number but suddenly he changed his script to "it's all of them!!!!!!" You could practically hear the cash register ringing in the background.
I have one Windows machine in the house, which I take good care of, and a bunch of Macs, Linux boxes, a FreeNAS system and a couple of Hackintosh NUCs on the TVs. Last time they called me, the Windows box wasn't even switched on, and I was sat in front of the TV in the lounge. I played along, but when they asked me to press the shortcut for Run, I didn't best impersonation of a panicked non-tech person, moaning that it wasn't doing anything and they were right but maybe too late to help me. They told me to open IE, oh noes! It's not there! They asked me what keys were on the bottom left of my keyboard (to filter out Mac users - nice touch, albeit somewhat late in the script) and I told them exactly what I saw on my Logitech wireless board. Utter confusion followed - they seemed to have chanced on a PC that was so utterly borked they couldn't do anything to demonstrate how borked it really wasn't. They escalated my call to a manager, who finally asked what was at the top left of my screen ("Well, there's a little apple and...") after a long pause, the first guy came back on, said "Hello, Sir? Go to hell, sir." And he hung up.
I was left with mixed feelings - of course these guys are scammers and bottom feeders, but the anger in his voice revealed how hurt he was to have wasted his time (which is money). Yep, got my own back, and maybe made him think, but ultimately these scammers aren't doing it for giggles, they're doing it because it's a way to make money, and presumably their English isn't good enough to work in a more legitimate call centre. I can afford to mess these guys around for the better part of an hour, but if he's on performance related pay, coming up to the end of a shift and wastes his time on me when he could be wringing a couple of sales out of people like my parents, I've just cost him big. On the one hand, I'm delighted to be doing my bit to slow down the success of the scam, but on the other, I'm depressed to live in such a shitty world that an (at least) bi-lingual dude of around my age is sat in a call centre somewhere in India, extorting his way to paying the bills and putting food on the table.
I dunno what the solution is, and maybe it's ridiculously post-colonial of me to assume the guy's poorer than me. Maybe his shitty scam job earns him £50k and he drives a Merc, but ultimately I think this kind of vigilante approach solves nothing for anyone. We probably all ought to pressure people in power to do more to address the issue.
"We probably all ought to pressure people in power to do more to address the issue."
Unfortunately this won't work while money is being made as those in power just say - "You're making money - where's our cut" (tax/bung etc).
Sadly this is not limited to the developing world or emerging economic growth zones but to virtually the whole world, disguised better and less blatent in more 'civilised' societies.
"We probably all ought to pressure people in power to do more to address the issue."
This strategy is exactly the opposite of helping. What should really happen is people who are incensed about a particular problem should work to organize action rather than rely upon a surrogate agency of action to fix things. What governments eventually do is a pittance compared to the time, effort, and money put into lobbying action in the first place -- with no guaranteed results, at that. At least if someone puts their blood, sweat, and tears into working directly there is a far better chance of long-term, residual, tangible success.
People and government change the world: one for the better and one for the worse.
I get what you're saying- really I do- however, if you've ever had a parent, an elderly relative, or someone who is terrified of a computer come to you for help after having fallen for one of these scam calls- seeking help- you'll change your mind..........
Yes- India is a subcontinent of quite remarkable inequalities- staggering poverty- things you quite simply wouldn't believe possible- but this is not an excuse for preying on vulnerable computer users in richer countries.
As long as these guys get a 1-in-10 return rate on their scams (or whatever level is viable) they will keep at it.
The Indian support centre scam is just another former colonial country deciding that its acceptable to extort your way out of poverty. The Nigerians have an utterly different mindset- and can afford to have a pisspoor return rate on their scams- when they're sending however many billion e-mails around the planet. The Indian approach- is just a bit more labour intensive- and better organised- but its extorting money from people who very often really can't afford it- and at the end of the day- the Nigerians, annoying as they are- aren't likely to wreck the boot disk of your parent's computer..........
I don't know if there is a solution to all of this- even if you get a call centre closed- it really is a game of whack a mole- they'll be up to something new next week...........
You or I may get our kicks from wasting their time- and its far more expensive to waste an Indian's time than it is a Nigerian's time- but ultimately- we're only playing games with them- only for a change we are in control of the board- whereas normally they are.........
The world is an unfair place- and ideally neither the Indians (or the Nigerians- or anyone else) should have to resort to the lengths they do- to get by- but neither should our Mums and Dads- elderly relatives- or other randomers- get reefed by these people.
I don't know whether there is a solution to any of this- other than educating people to the best of our abilities?
Gah! Bad indeed.. if you had a half hour to kill and a VM you could have had some wild fun. I think the record I've managed to keep one of these asshats online trying to 'help' me with my Parallels VM was nearly 43 minutes. I use an ancient copy of Windows 95 to play the first version of Sim City on (yeah, I know) and it doesn't go online.. Imagine trying to get the thing to do so inside the VM, and me playing the 'daft older woman' who's computer is *just* used for online shopping and looking at pictures of the grandkids on facebook.. The best part is when they finally get around to asking how I connect to the internet, and when I tell them it is through a telephone line, you can hear the car crashing noises in their heads. "Um.. well I go online with a telephone modem.."
"Oh, miss.. do you have a different telephone that you can use?"
"No.."
"Do you have a cell-phone?"
"No!" getting irritated sounding now. "I have a telephone on my desk, it has a dial." spins dial of desktop rotary to make clicking noises.
"I'm so sorry madam, we cannot help you."
"But what about the viruses in my computer? Will it destroy my computer?"
"I'm so sorry.."
"Can you put me through to a higher level support?" sounding panicked now.. and around it goes.
At the very last of it, after nearly three quarters of an hour, I finally got in the parting shot.. "You've just spent nearly 45 minutes trying to get into my computer.. so, before you go.. just one thing.. I HAVE A Macintosh and am running a PC virtually you scammer! Bwahahahah!"
Funny, the calls stopped and it's been several months now.
...then realised what an ass I'd been, that having got angry and arrogant with the caller I'd fooled myself into leaking valuable information that I definitely should not have given them -
1. That I do actually have a computer
2. What make it is
Err... you didn't give them your IP Address also though?
Seems all they have is a phone number and computer brand.
Unless you've still got an acoustic modem hooked up to that Apple, I don't think there's much risk.
The ones I've received all had faked caller ID.
But I still have fun with them... When I have the time I keep them on the phone for as long as possible, my current record is 45 minutes... Unfortunately this was beaten by my friend Dave... I haven't had a call since so have been unable to better him. (I think maybe I insulted them too much and actually got blacklisted).
When I have the time I keep them on the phone for as long as possible, my current record is 45 minutes...
My best is 3 hours. I had them trying to troubleshoot my non-existent fax machine, my then non-existent smart phone and my email client. They really wanted those financial details. I finally used an internet fax service to send them a Chase bank statement I found on Google images, pixilated to the point where it was barely not legible, followed by thirty pages of black.
When the guy on the line was livid when he figured out what was going on. I never get calls anymore. :(
"My best is 3 hours. I had them trying to troubleshoot my non-existent fax..."
So you don't place much value on your time. The Indian scam call center operatives daily pay rate will be less than your hourly rate. The pay-off from one successful scam is equivalent to a year's pay for them. If they hit the jackpot - access to all the files on the PC of someone with savings they can steal enough to retire on.
"I never get calls anymore..." so you suppose there's just one scammer originating all these calls or that they helpfully share data between scammers? I'm surprised you didn't get on the "random calls at 3:00am list" as punishment.
The only fools here are the ones that waste their own time messing with the scammers. (With the possible exception of the guy who sent the scammers an infected file).
My response is to put the phone down if I hear background call centre noise or an indian accent. It would be nice if the regional governments took action but they'd not want to stop so much foreign currency coming into the country even if it does mean the developed world considers the whole ethnic group and subcontinent to be a den of thieves.
Depends really- a lot of UK/US/IRE companies still use Indian call centres.
I got a wholly legit call from an Indian call centre last week (when Virgin Media went titsup in most of Ireland). I let them query their cable modem (over a vodafone internet connection) which made them happy- and off they went. No idea what they determined- but it was 7-8 hours later before the internet connection was restored.
He called just when the hockey game was about to start. Said my PC had a virus. Told him that yes, it did seem slow and that I was having a problem running his software because I was getting popups. (I love Linux..!!) then told him to hang on while my "PC" booted while watching the first period. Making sure to check in now and then with strange "Virus" messages (telling him that I got a "Your PC is stoned" message is one not anyone has fallen for in like 15 years).
During the first intermission, I tried running his "program" and said it was installing. He asked me to type a few things in, to run regedit and said the response was all the viruses in the system. I asked if I should delete it and thankfully he said "NOOOOO"
During the second period, while waiting for the "program" to load we talked hockey, and what the job prospects at "Microsoft" and if he knew anyone.. when he finally started catching on, the missus (who is Indian BTW) picked up the phone and started talking to him. He was VERY forthcoming, going into detail about the company, where it was, how many people worked there, what the hours were and everything (even passing their phone number and address) until she asked for his manager and chewed his ear off. After a few obscenities he hung up, which prompted a call back, more yelling and then passing all of his information to the RCMP.
Good times..
Lol- I'm well and truly blacklisted too........
I worked for a 3rd party company who did outsourced tech support on behalf of Dell- including o/s support (quite unusually- normally its just h/w support).
I didn't reverse hack them- but I did string them on for an hour with various virtual machines- on three separate occasions. My favourite was letting them wreck the boot sequence- and then telling them I could just hit the big button with system restore on it- and letting them see that the machine was up and running again- and asking them are they sure the virus is gone- and giving them another bash at it.......... I actually felt sorry for one of them- they refused to give up trying- eventually I had to tell them I had to go- but they were welcome to another go- if they called back at 7PM the following evening (they never did).......... I know I shouldn't- but I actually admired their dogged persistence........ After that phone call- all the random calls dried up totally- I had been getting 2-3 a week- my wife took a few (shes a techie as well- but not as good at convincingly stringing them along).
Honestly- I think they're getting wise to quite a few of us- its though I guess if they have 1-in-10 pay up- its still a good rate of return for them...........
I have been waiting years to get one of these calls. Several people I know have gotten them, but never me. Nothing like feeling left out.
Then one night I got it. Sadly, it was a particularly bad night, I was in a shite mood, tired, and hanging a light in the dining room. When the guy started with his spiel I knew my day had come and I had finally gotten THE call of my lifetime. He finished his introduction and I remained silent, dikes and wire nuts in one hand, light parts in the other. I let out a deep sigh as he asked if I was still there and I says, "I know who you are, I know this is bullshit, but I'm just not in the mood to f*(|< with you tonight. Would you mind calling back tomorrow?"
Sadly, I have not heard back.
It was an infected zip file. Windows opens it, displays the content and executes the code - because Windows is stupid like that.
The fact that a scammer fell for such a basic, elementary trick demonstrates without question that this kind of scum is really among the bottom-feeders of society.
" Windows opens it, displays the content and executes the code"
What really? so if i send my colleage cmd.exe in a zip file and he clicks on the zip file to display its contents he'll have a command prompt open up ?
or is it some startup code feature of zip file where you name one of the files in the archive to be executed? (dount it , as i just made that up )
I know you can get self extracting zips - but that is basicly an executable
I just cant see how this guy forced the code on the scammer , without the scammer falling for some basic noob tricks like clicking on an exe cos it was named pic.jpg.exe
posibly with file exts hidden
You can probably also guess that the guy opening it, assumed he was getting a legitemate email from someone who was exaclty the sort to be dumb enough to open unsolicited extensions and not the sort who would try to hack back. So he probably happily opened it, which is sorta ironic.
If you enjoy this sort of thing, you should check out https://forum.419eater.com/forum/index.php
When one of the ones I got said he was with Microsoft, I said "Hey, my cousin Bob works there, maybe you know him...."
Yeah, ten minutes later of trying to find out if he might know Bob, I then said "And thanks for letting me know about my problem. I've worked in IT for twenty years, but occasionally, I miss something. I'll look into it." And hung up.
Yeah, my Mum got the call from "TalkTalk" when she was expecting a real one. And their call centres are also in India, so it was hard to tell. Fortunately all they did with Team Viewer was to take her to the Western Union transfer website, at which point her scam alarms went off, and she called me to detoxify the computer.
I recently read that not only had they lost all their users records, but their enineering database has also been hacked, so I'm not sure if this was just dumb luck or good planning from the scumbags.
The fact the scammer immediately hung up is because he became wise on what was happening. Likely due to malware/virus protection on his end. This means the attack was halted.
If the attack was successful, the scammer wouldn't have noticed and gone on with business as usual.
Also, these guys aren't completely stupid. The system likely didn't allow any changes in most files/directories or registry, so a quick reboot and the system is back to normal.
At my company, all customer-facing call center agents are on non-permanent VDIs like this and most programs used are actually webapps to begin with. They do have a mapped network drive to store some documents, but rebooting the VDI nixes the program(assuming a strange program is allowed to run) and their files can be recovered with Previous Versions. Even with Windows, you lose nothing.
I got a "Windows virus" call and told the guy to drop the act. He instantly started yelling at me in his heavily accented but grammatically correct English. He told me in no uncertain terms that he enjoyed scamming us idiotic Westerners and that all Americans were pawns of the Jews and this job was revenge for his country.
Wow.
I merely pointed out that I, dumb Westerner, was the one with a decent life while he, the righteous, was a parasite in a boiler room. He screamed incoherently and disconnected.
That was fun!
My brother, quite an RP / BBC english voice, managed to wind one of them up into a screaming rage too. After he'd realised he'd been had our Indian friend screamed, "fuck off you fucking paki" at him. Much to my brother's credit he managed to avoid laughing, and replied, "no you fuck off, you phoned me."
At which point they got into a bizarre 2 minute exchange consisting of the Indian guy saying, "fuck off!" but not hanging up, and my brother saying, "no, you fuck off first." By which point I was in pain from laughing.
You'd have thought the guy would just want to get onto the next call, which might make some money, but I guess he was too pissed off.
One scammer down (for now, anyhow). Problem is you're playing whack-a-mole.
Should have sent some phone-home malware that would lead to exposing the bad-dude's physical location. Needs to be some way to tie meaningful physical risk to the scammers, otherwise there will be a new crop right behind this dude.
Ringing up these kinds of scammers sounds like a fantastic application for newly developing AI / Expert Systems.
eg, something which can get on the phone to them, sound credible, and take up their time for hours.
Then run it in parallel to fill their call centre. And keep it that way, permanently. :D
TL/DR version. Microsoft Support called a friend's father, managed to get paid. Managed to de-anonymise their .co.uk URL with Nominet, traced the company directors back to 12 companies registered in Coventry. LinkedIn profile listed 600 strong call centre in Kolkata, India. Found the target bank account for payments was in Barclays in the UK. Reported to ActionFraud (bad name: should be called "CountFraud", do nothing but PR release statistics). Reported to Stevenage Trading Standards, who did a thorough job getting the bank account shut down, call whitelist only equipment installed at victims house.
Take away is that continuous authority debit card payments are a pain; they follow account change transitions, and need bank HQ and local branch letters to invalidate. And now that one issue is fixed for the victim, have to sort the telesales folks selling useless vitamins.
Happy to share scammers LinkedIn profile URL and name the Coventry Business Centre where they register their businesses in the UK. Would love their scams to end.
i had every intention of winding him up and wasting time - but when he said he was "calling from windows", i just burst out laughing, told him in no uncertain terms what i thought of him, and hung up (over his protests that he was legitimate)
i've told all my friends and family that if they ever get these calls, just to hang up on them - or tell them to phone me.
never had another call from them :(
that my Acorn Electron can't access the internet, and that I've had the problem since 1991. Or "we don't need double glazing, thank you", then hang up. I've had the silent calls from a number in Falkirk (no doubt false) but I didn't really care as it wasn't me who was paying for the calls. They stopped a while ago.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
