This article was published on August 16, 2016

Clever security researcher gives scammers a taste of their own medicine


Clever security researcher gives scammers a taste of their own medicine Image by: Elegant Themes

Hell hath no fury like a security expert scammed, or so goes the saying. A group of online scammers learned this the hard way when they tried to trick researcher Ivan Kwiatkowski’s parents into paying for phony antivirus software.

The scammers ran an elaborate scheme with people who stumbled upon this now-defunct site. It displayed a bunch of random numbers, file names and pop-up messages on the page, along with a warning about the visitor’s computer being infected by the Zeus virus.

When Kwiatkowski heard about this from his panicked parents, he decided to play along and see where this went. He booted a virtual machine running Windows XP and called the ‘tech support’ number listed in the Zeus warning pop-up.

Kwiatkowski following one of the support rep’s instructions and installed a remote assistance tool that allowed them to access files on his virtual machine. He stayed in character for a good while, even feigning shock when the rep launched the command prompt and typed in “1452 virus found” and “ip hacked.”

Interestingly, Kwiatkowski managed to stump the rep with a simple question about where to buy the necessary $190 antivirus software she recommended, and that was the end of that call. But he wasn’t through yet, so he placed a second call and was connected to another executive, who pitched him a ‘Tech Protection subscription’ costing just €299.99 ($335).

After supplying a couple of fake credit card numbers that obviously didn’t work, Kwiatkowski comes up with a way to put the kibosh on the scammers. He copied a Locky ransomware file from the junk folder in his email inbox and sent it to the support executive, claiming that it was a photo of his credit card they could look at to help make the payment for him.

While the executive kept trying to unzip the file in the hopes of finding a legit credit card, the ransomware ran in the background on his computer, encrypting his files and locking him out of his own system without his knowledge.

Kwiatkowski told the BBC that he wasn’t entirely sure if the ransomware had successfully locked the scammers out of their computer. “He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill,” he said.

However it may have turned out at their end, it’s clear that Kwiatkowski taught them a lesson they won’t forget quickly – making him the hero we deserve and the hero we need right now.

The entire episode, with all its hilarious details, is worth a read. Find it over at Kwiatkowski’s blog.

Via The BBC

Get the TNW newsletter

Get the most important tech news in your inbox each week.