Tech support scammer tricked into installing ransomware

Tech support scammer tricked into installing ransomware

26
46


Tech support scammer tricked into installing ransomware


26 COMMENTS

  1. I just tell “Emily” or whoever that I am have been a network admin for 28 years and nothing is wrong with my computer, that’s when Emily hangs up. But the problem seems to be getting worse, last week I got a call from someone who had turned over all his information, card number, social security, benefit card. The pop-up that yells at the user scared a lot of users last winter.
    IMHO, most people are clueless about computer security and how the internet works, case in point, how many politicians gladly sent all their secret nefarious information in unencrypted e-mails! I tell the computer security classes I teach, if you wouldn’t paint it on the side of your car and drive around with it, don’t send it in an e-mail!

    ]]>

  2. Haha, that sounds amazing.
    Hopefully the ransomware spread out across the entire network essentially shutting down their entire operation (assuming it’s located in one place like a call-center).
    I wouldn’t have the guts to do it myself, but props to him for being brave enough to do that.

    ]]>

  3. It’s further than I’d have gone but I think it’s great. Years back I received a similar call and led the guy on a wild goose chase, inserting every annoying complication I’ve gotten from my clients over the years (i.e.: “My mouse is on the left side of my desk, so when you say ‘right click’ do you mean ‘left click’?”, etc.). Finally, after about 40 minutes of this, I finally let the guy know that the “Internet wireless” had been hit by lightening, and asked if he could fix that remotely as well. He said No and hung up.
    40 minutes of tech support for free? Not a bad deal 🙂

    ]]>

  4. Do two rights make a wrong? HMMM. That’s a good question. -1 plus -1 equals -2, not zero. When the underworld “takes care of a problem” as in the movies, is that the way to settle problems? Maybe, because the first is out of business and won’t cause any more problems. But ethically is it a right? The IT world must struggle with crooks and ethics. What a world we live in. No different than the 13th century!
    I do have a frustration with your security recommendations. I was alerted to Ghostery to help keep intruders like Google at bay some years ago in a Sophos article. 6 Ghostery trackers on this Sophos page. Now, it this article there is a video on the SoundClould video player which is blocked by Ghostery for very valid reasons, telling me:
    Detected tracker source URLs:https://w.soundcloud.com/player/?url=https%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F121351621&visual=true&show_artwork=true&color=1a60b3&auto_play=false&sharing=true&download=false&show_playcount=false
    I don’t want to be tracked if I can help it and Ghostery helps. None of my 4 computers have Adobe Flash, so that is out. Too many writers at Sophos fear the Flash consequences and recommend not playing with fire.
    Can the powers that be at be at Sophos set a policy that only non-tracking and safe video players be used in articles?
    p.s all my computers (2 Apple Macs and 2 active Dell Laptops all have Sophos anti-virus/malware installed).

    ]]>

  5. What exactly is it about the Soundcloud player that worries you? You can listen to the podcast without logging in, so Soundcloud isn’t getting much from you except setting a cookie (I clear my cookies every browser exit to keep a bit of a cap on what any one service learns in one session) and your IP number (or whatever you present as “your” IP number). As far I as I know, we chose Soundcloud to host our podcasts because it works well all around the world, has good uptime and decent streaming speeds, is widely known, doesn’t need Flash, and doesn’t require you to create an account to listen.
    I hear you about “not being tracked,” but with judicious cookie deletion I’m not sure that Soundcloud learns much about you from listening to our podcasts, except perhaps that “an unknown person X from town Y in country Z who listens to Chet Chats and Techknows also likes music by artists P, Q and R,” and that only if if you listen to lots of different tracks without exiting your browser in between (or using the “zap recent history” button from time to time).
    Or do you know something bad about Soundcloud that we should know about, other than that Ghostery has it in one of its lists for some reason?

    ]]>

  6. Worked for me too – I went further I found there list of people they scam and sent each one the email of where they exist

    ]]>

  7. So far as it can, yes. Ideally, it will block access to the entire bogus domain, not just to individual URLs, which nobbles he lot.

    ]]>

  8. After having dealt with customers hit by ransomeware I can understand the temptation. But it is important to stay atop the fray, to have clean hands in all one’s dealings. Much as I’d love to infect the perps with their own medicine, I just couldn’t justify doing so…
    But if someone else does it… more power to you! I just hope you don’t get tangled in the same web trying to catch the bad guys, that is the ones with bad intent.

    ]]>

  9. I have never held with scambaiting, and I have always received a warm response at conferences when I have publicly stood against it.
    You don’t raise yourself to new heights by lowering yourself to someone else’s depths. You don’t show decency by treating other people with disdain. You don’t tower above the law by breaking it yourself. The only person who’s likely to come out of this badly is the call centre guy who ran the ransomware file. I don’t have a huge amount of sympathy for the call centre workers, to be sure, having heard the way they treat some of their victims (and I don’t much accept the argument I’ve heard that the staff “genuinely think they’ve got a real job and don’t realise it’s a scam”). But you can just imagine some call centre operator clawing back $300 from the hapless caller’s wages – leaving him stuck at the support-scam coalface for months and months to pay it all back – as a “punishment” to make good on the cost of his mistake. In other words, I suspect that this sort of vigilante justice very likely combines illegality with a blow struck against the wrong person.
    It’s like those guys who think they’re clever because they trick 419 scammers into demeaning themselves by posting pictures of themselves with a fish stuck down their trousers, or persuade them to carve replica PCs out of wood for some weird power-play purpose. It’s screamingly funny, unless you’re more than 12 years old.
    If you lie down with dogs, you get up with fleas.
    My 2p.

    ]]>

  10. As a matter of ethics, you pretty well covered all the bases there, Paul. But what about the practical aspects? Unless I’m really missing something, it seems to me that this stunt just put a lot of innocent people in further jeopardy than they might have been otherwise: isn’t that ransomware going to spread to the call center network, and then be further spread to the poor folks that were already being duped into wasting their money on “tech support”? So instead of just being ripped off, they will actually be paying for real damage to their own systems!

    ]]>

  11. I didn’t think of that. But I should have. Most ranswomare these days is a sort of one-shot, scramble-your-data deal, but not all malware works that way. Indeed, we’ve written about self-spreading, viral ransomware before:https://nakedsecurity.sophos.com/2014/12/05/notes-from-sophoslabs-ransomware-with-a-difference-this-one-is-a-true-virus/https://nakedsecurity.sophos.com/2016/06/01/zcrypt-the-ransomware-thats-also-a-computer-virus/
    Another good reason not to muck about with malware 🙂

    ]]>

  12. There weren’t two wrongs. There was only one. The Indians believe in karma, and this was karma in action. This was ethical hacking.

    ]]>

  13. Hmmm. You can’t use the sum of everyone else’s beliefs to justify your own actions. “The Chinese are all hackers, so I can hack. The Nigerians are all scammers, so I can scam. Americans are all movie and music pirates, so I can steal what I like. All people of nationality X are Y, so I can make sweeping statements about them, even if the facts suggest otherwise.”
    (Not all Indians believe in karma, of course, so your “argument” stops right there. In any case, AFAIK, karma isn’t about me being allowed to do bad thing X to you simply because you did X to someone else. It’s about the spiritual repercussions on you that arise from you doing X. I’m pretty sure it’s not an excuse for ill-directed vigilante revenge, even if both you and your victim believe in it.)

    ]]>

  14. I love it and most certainly think two wrongs don’t make a right, but that this pithy idiom has nothing to do with teaching a scammer a lesson, and taste of their own medicine. Certainly even if you consider that wrong it is not an arimetic addition of wrongs and the net result is not in the least clearly two wrongs or more wrong than it was from the outset. It is an escape path from a wrong that hopes as a net outcome to create a net reduction in wrongs (arguing that, the more people do this, the less cost effective the scam becomes and if a quorum is reached it becomes a net loss scenario or at the very least your number or IP is whitelisted (which is being black listed by a scam agency … 😉

    ]]>

  15. When my wife gets these calls, she acts confused and happy that a “computer person” is calling her with an offer for a new computer. “I don’t have one, and always wanted one! When are you sending it to me?” The poor “tech” tries to help her confusion, but my wife just gets more excited about her good fortune, and the “tech” quickly hangs up.
    I, however, act all concerned, “Which device is reporting these problems?”
    ‘Your windows computer.’
    “Well, The EULA says that windows telemetry doesn’t include personal information. How did you get my number?”
    ‘It is coded in the information.’
    “So which computer is it? I know that you should have my device ID and which version of windows is running.”
    ‘It’s the one you use most.’
    “Well, that is your third lie. I don’t use windows, ah yes, none of our devices run windows.”
    (click)
    Some don’t give up that easily, some sound all pompous that they don’t lie, and that I must be lying. Some guess wrong and say, ‘I can help you with the dangerous Mac problems.’
    “I thought you were windows support?”
    ‘We fix windows and mac systems.’
    “Well, I don’t run either of those.”
    (click)

    ]]>

  16. One variation you can use when they call you: “Sorry, this is my mom’s computer, I’ll get her for you, one moment please”. Immediately put down the phone (keep the connection alive). Sounds pretty inoccent, costs them several minutes and you nothing.

    ]]>

  17. I have a chat with them then ask them which computer is the one that’s got the problem. The usual answer is, “The Windows PC”. A few more rounds until I’m bored or have to go then I ask if their mother knows what they do for a living and would she be ashamed of them if she did, scamming money out of naïve victims. They usually hang up at that although I did get one who got abusive. He was actually quite funny. I left him listening to “on hold” music whilst he ranted.

    ]]>

  18. That maxim about “living by the sword and dying by the sword” is one of those weirdly ironic misquotes used to conclude that violence is excellent, given its place…
    …even though that seems to me the exact opposite of what was meant when it was most famously said.
    I’d be surprised if the ransomware infection at the other end caused any significant disruption or loss of earnings to the person running the call centre, but I wouldn’t be surprised to hear that the boss fella took it out on the junior for making that sort of mistake. In other words, you have no idea what “they” got, and so you have no idea whether it was what “they” deserved or not.
    And that’s where mucking about with malware gets you.

    ]]>

  19. Paul,
    You seem to have a lot invested in telling everyone else how wrong they are.
    Did this Ivan ask for CC info to defraud someone? DId he call them unsolicited?
    They punched first. He punched hardest. Nothing amoral about that.

    ]]>

  20. You might want to look up the word “amoral” in a dictionary. It has a rather particular meaning which may not be the one you are after here.

    ]]>

  21. If this was wrong, then so is putting people in prison for crimes. Wearing a badge or black robes doesn’t make your action more or less moral.

    ]]>

LEAVE A REPLY

Inline
Inline