SoylentNews is people
SoylentNews
Some may have heard of scambaiting spammers to waste their time and resources. There are many sites like 419eater which concentrate on it. However, Arthur T Knackerbracket has found the following story which takes things a step further. A French security researcher says he managed to turn the tables on a cyber-scammer by sending him malware. Whether or not that is ethical is left as an exercise for the readership.
But Ivan Kwiatkowski played along with the scheme until he was asked to send credit card details. He instead sent an attachment containing ransomware.
[...] When Mr Kwiatkowski's parents stumbled across one such website, he decided to telephone the company and pretend he had been fooled.
The "assistant" on the telephone tried to bamboozle him with technical jargon and encouraged him to buy a "tech protection subscription" costing 300 euros (£260).
Mr Kwiatkowski told the assistant that he could not see his credit card details clearly and offered to send a photograph of the information.
But he instead sent a copy of Locky ransomware disguised as a compressed photograph, which the assistant said he had opened.
"He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Mr Kwiatkowski wrote in his blog.
[...] Mr Kwiatkowski said he could not be absolutely certain whether the ransomware had infected the scammer's computer, but there was a fair chance it had.
"He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," said Mr Kwiatkowski.
"But encrypting a whole file system does take some time."
He acknowledged that some people may have found his retaliation unethical, but said responses had been "mostly positive".
(Score: 4, Interesting) by DannyB on Tuesday August 16 2016, @06:21PM
In my example, by flattening their tires, or tripping them as they run out the bank, you didn't *stop* the bank robbers either. You just inconvenienced them.
You bring up Vigilantism, which is interesting. Where would you draw the line? Is any sort of interference, inconvenience, or action against a criminal act in progress an act of vigilantism?
With these scammers, you don't have any realistic option of reporting them to law enforcement in any meaningful way that is actionable to them. So inconveniencing them, at least slowing down their ability to scam others, seems like not such a bad idea.
As for your contrived invalid mother's computer which the scammer is using -- the harm done to the mother is the scammer's fault. The scammer should have a reasonable expectation that someone might try to do something like this.
The lower I set my standards the more accomplishments I have.
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 16 2016, @09:06PM
> In my example, by flattening their tires, or tripping them as they run out the bank, you didn't *stop* the bank robbers either. You just inconvenienced them.
No you didn't. In those examples you made it easier for them to be caught by delaying them. That is a key point -- those hypothetical actions improved the chances of the criminals being brought to justice. They were not about retribution for the criminals.
> As for your contrived invalid mother's computer which the scammer is using -- the harm done to the mother is the scammer's fault.
No, it is the fault of the person who used sent the ransomware. Consider this: if he was not a scammer and someone sent him ransomware anyway, who's fault is it then? Obviously it is the fault of the person sending the ransomware. The fact that he was also a scammer does not the change that.
(Score: 0) by Anonymous Coward on Tuesday August 16 2016, @09:45PM
You just can't take the effect and make it the cause.