Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Tuesday August 16 2016, @04:28PM   Printer-friendly
from the vigilante dept.

Some may have heard of scambaiting spammers to waste their time and resources. There are many sites like 419eater which concentrate on it. However, Arthur T Knackerbracket has found the following story which takes things a step further. A French security researcher says he managed to turn the tables on a cyber-scammer by sending him malware. Whether or not that is ethical is left as an exercise for the readership.

But Ivan Kwiatkowski played along with the scheme until he was asked to send credit card details. He instead sent an attachment containing ransomware.

[...] When Mr Kwiatkowski's parents stumbled across one such website, he decided to telephone the company and pretend he had been fooled.

The "assistant" on the telephone tried to bamboozle him with technical jargon and encouraged him to buy a "tech protection subscription" costing 300 euros (£260).

Mr Kwiatkowski told the assistant that he could not see his credit card details clearly and offered to send a photograph of the information.

But he instead sent a copy of Locky ransomware disguised as a compressed photograph, which the assistant said he had opened.

"He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Mr Kwiatkowski wrote in his blog.

[...] Mr Kwiatkowski said he could not be absolutely certain whether the ransomware had infected the scammer's computer, but there was a fair chance it had.

"He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," said Mr Kwiatkowski.

"But encrypting a whole file system does take some time."

He acknowledged that some people may have found his retaliation unethical, but said responses had been "mostly positive".


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by Azuma Hazuki on Tuesday August 16 2016, @06:09PM

    by Azuma Hazuki (5086) on Tuesday August 16 2016, @06:09PM (#388758) Journal

    Hilarious? Mmmyes. Nicer than I would be, too; I'd exfiltrate all his passwords and sensitive info first, THEN encrypt random stuff, THEN sign him up for the vilest pornography I could find.

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 3, Funny) by bob_super on Tuesday August 16 2016, @08:04PM

    by bob_super (1357) on Tuesday August 16 2016, @08:04PM (#388813)

    > sign him up for the vilest pornography I could find.

    Someone who scams people for a living may just happen to enjoy whatever porn you can put your hands on.

    I would have ransomware lock his computer with full-volume Boys Band videos, then Frozen Songs and Elmo's Song looping over Battlefield Earth.

    • (Score: 2) by Azuma Hazuki on Tuesday August 16 2016, @08:28PM

      by Azuma Hazuki (5086) on Tuesday August 16 2016, @08:28PM (#388819) Journal

      I doubt very much he would enjoy what I have in mind. There is a subtype of drawn pornography called "ero-guro" that mostly involves gore, torture, and dismemberment; it's known to cause PTSD on viewing for some people.

      --
      I am "that girl" your mother warned you about...
  • (Score: 2) by halcyon1234 on Wednesday August 17 2016, @02:21PM

    by halcyon1234 (1082) on Wednesday August 17 2016, @02:21PM (#389120)

    I'd exfiltrate all his passwords and sensitive info first

    If you do that, instead target lockware scammers. Hack them, steal all the unlock codes for all existing victims, and then send them to all victims for free

    Of course, that may just train the victims to be even more gullible. "Oh hi, I see your computer is locked, here is a magic email from a stranger that you should blindly follow...."

    --
    Original Submission [thedailywtf.com]