Man learns tech support scammer's real name

Originally published at: https://boingboing.net/2020/06/29/man-learns-tech-support-scamme.html

…

This was a good one. In his conversation with the scammers, he casually asks about the scam they’re running, and the scammer seems more nonplussed or bemused than angry about getting caught.

Damn that’s good!

Unfortunately that probably tells us something about the perceived risk of any serious consequences or prolonged shutdown of operations.

In an ideal world a detected scammer would sound like someone about to be purged with fire and sword, because he’d be about to be purged with fire and sword; but no such luck in our lesser reality.

Jump 8m in for when he goes full Liam Neeson.

SCAMMER : Does anyone else use this computer, sir?

JIM: Not really, no.

SCAMMER: What do you do, mostly, using this computer?

JIM: I track down scammers on the internet. Using this computer.

Jim Browning has managed some high profile takedowns of scammers, and even had some of the tool vendors make changes based on his investigations, but, as he says repeatedly, it doesn’t matter if the scammers themselves are ignored by the local police, and he’s noted several times in the past that the reporting infrastructure setup in (predominantly) India where these scammers operate is either broken or nonexistant a lot of the time.

And that assumes they aren’t busy with other things they deem more important than protecting foreigners from scammers.

As satisfying as this is to watch, it requires a level of tech sophistication to thwart them that most people don’t have, and it’s totally infuriating that they are so successful at what they do. I have a friend in his 80s who has fallen prey to assholes like this, and though he’s totally paranoid, he has been victimized several times.

If the example of places like New York, London, Zurich; and basically every British protectorate with sunlight and sand is anything to go by; the local authorities might well approve of having a more or less nonviolent and profitable white collar crime industry in town. Doesn’t help that it overlaps almost perfectly, in terms of skills and infrastructure required, with the (quite possibly lower paying and almost certainly more degrading) outsourced helpdesk jobs; so even if you do crack down sloshing between one side of the law and the other is likely to be very low friction.

I assume that interest in cracking down is further reduced by the fact that there are apparently quite a few dubiously employable engineers to deal with; and the electorate isn’t going to get any happier if those become unemployed engineers.

I don’t even see scammers as con men, they’re muggers who work from home.

Indeed. Some of the victim recordings he’s managed to capture are just heartwrenching, as the elderly or mentally challenged are talked out of large sums of money.

Does he ever discuss his methods for gaining access to their computers? This bit seems kinda glossed over.

(I’m guessing that he sends a compromised file or “information” as a link to a malware server, and doesn’t discuss this because of the legal implications, but if there’s a more direct method or something uniquely applicable to these scammers, I’d curious to learn it).

Right, same reason he doesn’t give his real name. His actions, while noble, are almost certainly illegal in many jurisdictions.

This guy is great. He’s on my shortlist of Patreon people to sponsor if I ever actually follow through and sign up.

What he does have is a very particular set of skills…

“I will hunt you down, and talk to you.”

I think he should also give a disclaimer every time he gives a scammer access to his system, that you shouldn’t give a scammer access to your system, even if you know it’s a scammer.

He has ways to reverse remote screenshare applications and use them against the scammers but I don’t know the specifics.This is a powerful technique in the wrong hands, so it’s no wonder he doesn’t share these details in the video. Also, info like that would be pulled from YouTube in a heartbeat.

Well he’s using a virtual machine so there’s not much they can do. They don’t strike me as the kinds of people who can do something like this. From having watched a few videos of that kind I get the impression the average scanner isn’t actually very computer literate. They just follow a script about what to do to make their victims think they know what they are doing.

I really wish I had those sort of skills, to be able to get into their systems and treat the scammers the way they treat others.
And then go one step further and nuke their entire systems, leaving nothing but metaphorical radioactive slag.
The nearest I’ve got was winding up a supposed BT service engineer who maintained my computer was infected with a virus and was forwarding them to others.
His first mistake was assuming I used a PC, he was very confused when I kept telling him I couldn’t find the Windows key, my keyboard didn’t have one. You could almost hear the gears of his train of though grinding when I said I used a Mac, and he had to change his script!
When he asked me to tap in a web address and I said, “Oh, that’s funny, I’ve just got a little yellow triangle with an exclamation mark and it’s says this site is not safe and may be compromised “ the line suddenly went dead!
At least I managed to waste around thirty minutes of his time when he wasn’t harassing someone more vulnerable.
Scumbags, everyone of them.

About one more iteration of that and the viewer gets their brain Snow Crashed. I figured I’d skip the last 30 seconds or so.