This Site Has Moved

New Wordpress Site

The Old/Non Updated Content...




The home of the haikulator

 

Links

Sentence Generators
My Stand-up & gigs
The Coding Craftsman
BurberryAndBroccoli
MarkInventions

The Musical!
Incredible Productions

apostrophell
backlash
incredible
haiku


Previous Posts

An Open Letter To HSBC
Pay What Now?
Outro
Hearing the music
When to quit
I am not as other men
Tonight I was funny
Attack of the Drones
Notes on your set
Why Pissing off a Fellow Comedian was Fun

Blog Archives

October 2001
November 2001
December 2001
January 2002
February 2002
March 2002
April 2002
May 2002
June 2002
July 2002
August 2002
September 2002
October 2002
November 2002
December 2002
January 2003
February 2003
March 2003
April 2003
May 2003
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
July 2008
August 2008
September 2008
October 2008
November 2008
December 2008
January 2009
March 2009
April 2009
May 2009
August 2009
September 2009
January 2010
March 2010
April 2010
May 2010
June 2010
July 2010
August 2010
September 2010
October 2010
November 2010
December 2010
January 2011
February 2011
March 2011
April 2011
May 2011
June 2011
July 2011
August 2011
October 2011
December 2011
February 2012
March 2012
April 2012
May 2012
June 2012
July 2012
March 2013
April 2013
May 2013
June 2013
July 2013
August 2013
September 2013
October 2013
December 2013
January 2014
February 2014
March 2014
May 2014
July 2014
January 2015
February 2015
March 2015
April 2015
May 2015
June 2015
July 2015
August 2015
January 2016
February 2016
March 2016
April 2016
May 2016
July 2016
August 2017
January 2018
August 2018
September 2018
July 2019
August 2019
May 2020
June 2020
July 2020
August 2020
September 2020
December 2020
January 2021
July 2021
September 2021
February 2022

Saturday, August 4

Hi, we’re calling from Some Criminals.com

Having recently set up a company, I understand that it can be hard to determine your best business model, and hard to perfect your attack on the market. One company that is really pushing itself hard is best called “Not really BT”. I say that because they ring us up relatively frequently, claiming to be BT when it’s quite clear that they’re anything but actually BT.

I’ve had some minor adventures with them in the past. Sometimes they claimed to be calling from Microsoft, telling me they’d detected a fault on my computer. One one occasion I pretended to have a Mac (living the dream, eh) and tried to do what they were telling me, complaining that my screen didn’t have on it what they were asking me to click on. I wasn’t at the computer - I’d made it up. When I said I didn’t have Internet Explorer, but could use Safari, they asked “Don’t you have Windows” and I said “Well, you told me you’d found a problem with MY computer; don’t YOU know?”. They hung up.

One guy claiming to be from Microsoft told me he was called Martin Short, so I launched into a tirade around how much I loved his movies, especially The Three Amigos (great film). He hung up.

The other day a woman claiming to be from BT spouted nonsense at me about hackers and servers and when she paused I said “Look, you don’t have to do this. You don’t have to ring people up to try to exploit them. You could get a better job that’s not so dishonest.” Without missing a beat she told me to go fuck myself and hung up on me. Seriously, it’s hard to give careers advice in IT these days.

I’ve always wanted to explore these scams deeper. I say always, I mean I’ve kind of wanted for some time... so after my careers advice call was so rudely terminated, I went onto my Mac: yes I have a real Mac now, not a pretend one - don’t worry it also dual boots to Windows, so I’ve not entirely sold my soul to Apple: also Microsoft... I went onto my Mac and I installed a fresh Windows within VirtualBox. In short, this simulation of a computer is running a Windows with nothing installed on it except a web browser. It knows nothing about me other than my name and has no access to any of my private files... but it lives in a sandbox on my computer.

Having created the pretend computer, I took a clone of it and called that the honeypot. I fear I may have misnamed it - it should really be called honey trap. Honeypot sounds like a euphemism for something naughty, but I’m not going to google that in a hurry to check.

The honeypot can be compromised as many times as you like and it can be wiped in 20 seconds and rebuilt from the original in 5 minutes. In other words it’s a playground where I can watch hackers trying to fool me, knowing that they’re wasting all of our time. Similarly, as it’s not real and has never been used in the real world, there’s zero chance of it having caught any viruses or having been compromised in any other way.

On Tuesday another hacker called. I ran up the stairs giddy with excitement and quickly started up the honeypot computer on my real computer and turn on screen recording with my phone on speakerphone.



What occurred is a play in three acts.

In act 1, there is the ridiculous attempt by the scammers to blind me with science and take control of my computer, the situation and my confidence. We’ll come to try techniques they use in a bit. In act 2, at around 36:46 in the above video, I reach a point where I no longer want to play, partly because it was taking so long, and partly because the request they made would have genuinely compromised my security, so I reveal that I’m an IT specialist and that they’ve been trapped in a virtual computer all along and that I can see through their lies and bullshit.... it took a lot of pushing from me for the fellow on the other end to accept that the game was up. In act 3, the human behind behind the scam - someone who has a shitty job in a criminal call centre in a deprived country - spoke to me as a human, with no script, with his own feelings and fears, and I shut up and listened... or at least backed off enough for him to be heard. He may even give up this game one day as a result.

Before I explain the con (briefly - watch it to see more) I should say that I came into this aware that some people go for jobs in what they think is genuine IT support, then learn during induction that they’ll be exploiting people for criminal gain... some walk away, some have no option but to stay and probably some feel entitled to skim money off whom they imagine are wealthy foreigners.

The con seems to be tiered. The first person you speak to is a robot asking you to press 1 for support. The idea being to filter out people who don’t answer, or who don’t think they might have a computer problem that needs support.

The next person is there to ask you to do stuff. When it’s clear that you’re pliable and will follow instruction, you’re passed onto the next person who walks you through setting up some software that gives them control of your computer. Bizarrely they use two tools at the same time. Any Desk and Team Viewer. One of the things they try to minimise is your perception of what these are and what access you’re handing over to the people on the other end.

Finally you are handed over to a hacker. This is the person who will ramp up the social engineering claims, suggesting how important it is to catch hackers, and who will also be driving the control of your computer while, and this is the clever bit trying to convince you that you’re doing it. My hacker “Mark Robinson” probably not his real name, was getting me to do all manner of silly things including typing the command “I want to know how many hackers are activate on my server” into a command prompt... and when I hit return, he pasted in a command to make my machine actually appear to do stuff. Luckily he pulled the trick twice so I saw what he was doing as it flashed past the second time.

So you think there’s a problem (they have you look in spurious error logs to start the process), you think BT are fixing the problem for you by telling you what to do, and you’ve forgotten that they’re watching and controlling your computer during the call.

After they earn your trust they will eventually hold your computer to ransom unless you pay them.

People fall for this.

I hope the above video, in which I deliberately slow them down and waste their time will be useful to show people about the dangers of being scammed/hacked. Similarly I hope people will look at the victim on the other end of the phone - he deserves a better life than this, but has fallen into something quite wrong.

The best defence against this is everyone being wise to it. Then they will stop as there’ll be no market for it.

Share!

0 Comments:

Post a Comment

<< Home

All content ©2001 - 2020 Ashley Frieze