back to article Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong

Fraudsters masquerading as ISP support agents to phish payment card details have been unmasked – after they tried to scam a Brit infosec biz cofounder. Kurtis Baron, director of the Cambridge-based penetration-testing outfit Fidus Information Security, told El Reg today how his cofounder Andrew Mabbitt received a private …

Page:

  1. Michael Hoffmann
    Meh

    Well?

    Where was the IP coming from? Did that help at all or was it TORed or spoofed or somewhere in Lower Tajikistan - where even knowing doesn't mean you'll ever get at anybody.

    Would have been nice to at least add that bit to the story.

    1. max allan

      Re: Well?

      If it's been released to the police, publicising it would likely put any investigation or conviction in jeopardy.

      1. Lord Elpuss Silver badge

        Re: Well?

        Unfortunately I would seriously, seriously doubt any prosecution will be forthcoming. Even if the police knew what to do with the info they've been given, this will have zero priority for them.

        I say unfortunately as I've been scammed a couple of times (I buy and sell a lot online and sometimes don't do due diligence as much as I should) - and despite in two cases giving the police a complete evidence file including IPs, complete communication records, actual bank details of the scammer, address and copy of photo ID, they declined to pursue. That's not "we had a look but on the balance of the evidence realised no prosecution was likely", they declined to pursue at all. As in - not even look at the case.

        After I raised an official complaint I was contacted by a police representative who said it was staffing and priority issues, also the amount involved was less than 300. I reminded her that speeding fines are mostly also less than 300, but they have no trouble at all pursuing those.

        I want to like the police, I really do. But on the small number of occasions I've needed them, they've been absolutely no use whatsoever; whilst managing to pick up every small infraction the other way and prosecuting it to the greatest extent permissible by law.

        1. Anonymous Coward
          Anonymous Coward

          At least they were being realistic

          Having been biffed by a street yob in Merrie Olde London Towne I staunched the bleeding and phoned the cops. Sympathetic voice declared their fathomless zeal for apprehending malefactors and told me someone would pop around shortly to interview, collect evidence, no need for me to go to station. So I cleaned up the worst of it and stayed put, rigorously sober for a good presentation of my recollections, etc. Some four hours later, now the wrong side of midnight, a call came back: "we're just a wee bit busy, sorry you're still waiting, maybe you could drop into the station to give a report?". Local station was of course by then closed for the night so I finally crawled off to bed and frittered away the next morning making the report. A few weeks later came a form letter declaring how sorry London Met was that I'd been the victim of assault, here's a list of support organisations, etc.

          So fuck-all happened, except some metrics about contacting the victim were met. An honest prognosis at the outset would have been more useful.

          1. steviebuk Silver badge

            Re: At least they were being realistic

            But if you were someone high profile on TV action would of been taken as has happened before. If there is possible bad PR to have from a celeb they'll act. If its from a pleb, then fuck it.

        2. Anonymous Coward
          Anonymous Coward

          Re: Well?

          Sadly had my credit card details stolen a while back, bank caught it, blocked card, sent new one, all right with the world.

          About a week later I received a call from the Natwest fraud support team. This was interesting, as my bank is not Natwest. I inquired whether they could give me a reference so I could call back, line went dead. The same happened again a couple of days after that, this time I ummed and ahhed a little and got to the point where they read out a list of fictional transactions for me to confirm (or presumably not, since they were fictitious, and presumably leading into, "I'll just need you to confirm some security details"), at which point I called their bluff again. Clearly some kind of follow up phishing on the basis that if you've been got once then maybe you're a soft touch.

          So... these people have some of my details, and some connection with the original criminals, and are clearly doing this on a regular basis, with some degree of success or they wouldn't bother. Is there any way to report this? No, apparently no crime has taken place so the fraud office aren't interested. And we wonder why it continues to happen.

        3. Isitari

          Re: Well?

          Would it be possible in those sorts of cases where the police / CPS aren't willing to push for prosecution to take a civil case? Lower level of proof required but I can understand there are costs at your end involved.

          1. katrinab Silver badge

            Re: Well?

            Civil case for what? If they steal money off you, you can sue to get it back, but where no money was handed over, it is difficult to see what the loss is. A criminal prosecution for attempted fraud is the only option.

        4. Loyal Commenter Silver badge

          Re: Well?

          After I raised an official complaint I was contacted by a police representative who said it was staffing and priority issues

          Well, that is what happens when the government cuts the police budget by 40%. Don't blame the police for the fact that, like all public bodies under the government's ideological austerity drive, have been cut to the bone.

          1. Cynic_999 Silver badge

            Re: Well?

            "

            Well, that is what happens when the government cuts the police budget by 40%

            "

            While that may be part of the reason, I do not believe it is what is mostly to blame by a long chalk. I subscribe to a weekly email that proudly gives all the initiatives and new activities the police are involved in, and most of them seem to be using money and resources with on wishy-washy activities with either no clear goals or no way to measure what they have achieved. Just how do you measure the effectiveness of a police initiative to "Improve diversity awareness," - and is it likely to prevent any crime? £20000 of my area's police budget tax was spunked on a web site set up to "help victims of online bullying."

            ISTM that easy cases or cases that appeal to officers get prompt attention from car-loads of police, but those that may require lots of routine police work get shelved on the basis of "prioritizing".

          2. Maverick

            Re: Well?

            actually this attitude WELL predates any police cuts

            1. Marcus Smith

              Re: Well?

              Yep, my experience of the police has always been exactly the same, they just can't be bothered. It was the same before any of the austerity measure cuts going back for many, many years. I think the mistake most people make is to assume that the police are there for our benefit which is demonstrably untrue.

              The modern police force only exists to uphold the status quo for rich business owners and other top members of society. Only the wealthy are protected, the poor struggle to get any justice or protection. Still investigating Stephen Lawrence murder 26 years on... Still Investigating Hillsborough 30 years on... Will still be investigating Grenfell 30 years from now.

        5. The Specialist
          Devil

          Re: Well?

          >"actual bank details of the scammer"

          You could at least set up some dd for a few charities using the crook's bank account details.

      2. opaque

        Re: Well?

        Could have just said "In Turkey, in the UK" etc etc. Don't need to go into anymore details than that

  2. Anonymous Coward
    Anonymous Coward

    Deadpool

    He's considered a hero now? Weird.

    1. Robert Carnegie Silver badge

      Re: Deadpool

      As mercenary assassins go, Deadpool is considered nearly heroic by several other superheroes. He did kill REDACTED though, on the orders of REDACTED.

      1. amanfromMars 1 Silver badge

        Re: Deadpool Cheltenham GCHQ Station

        As mercenary assassins go, Deadpool is considered nearly heroic by several other superheroes. He did kill REDACTED though, on the orders of REDACTED. .... Robert Carnegie

        Thus is REDACTED Masked to Follow Future Feeds and Immaculate Seeds ..... The Raw Core Generator of Source for All the Tales you Believed to Be Real rather than Simple Virtual Reality Programs.

        That Source Goes a'Knock Knocking on Heavens' Doors wherever they be Found, Bounty Bound in Dutiful Prize Possessions.

        A Vessel of Originals to Embrace and Fete or Search and Destroy? That always ends up right badly for any aggressor in either of the two extreme journeys to travel and help realise. Playing the Mere Mortal there has one extinguished, excommunicated and exiled back into the flock.

        I can certainly commend and recommend the former, and absolutely in preference to suffering the latter.

        Dare to Care Share that Information, GCHQ, with Hoped Up Allies Relaying and Relying on ...... Five Eyes Intelligence Crews and AIMaster Pilots. ‽

        Any questions from anyone can quickly and easily be answered from the likes of here on these pages in this space place ? Keep IT Simple Always Works Best.

      2. jmch Silver badge
        Facepalm

        Re: Deadpool

        "He did kill REDACTED though, on the orders of REDACTED."

        REDACTED directed that REDACTED be redacted on direction of REDACTED. Queries about REDACTED to be redirected to REDACTED for redaction.

    2. Michael Habel Silver badge

      Re: Deadpool

      Deadpool is the greatest supah hero ever!

      1. bombastic bob Silver badge
        Devil

        Re: Deadpool

        "Deadpool is the greatest supah hero ever!"

        I think so too, although, technically an ANTI-hero since he's not a boy scout type. Batman would _also_ be considered an 'anti-hero' in most cases.

        This whole exchange reminds me of the background music from a particular fight scene in Deadpool 2 - "Fighting Dirty".

        Fighting Dirty (repeat several times)

        You can't stop him. He's the BOFH

        You can't stop, this @#$%^*(

        Holy $#!+balls (repeat)

        ok I had a bit of artistic license with 'BOFH' but still, it applies in this case, right?

        NOTE: I'd normally insert the real profanity, but sometimes it's funnier to use punctuation substitution, and it's also a bit more 'work safe'

        1. MonkeyCee

          Re: Deadpool

          "Batman would _also_ be considered an 'anti-hero' in most cases."

          Somewhat off topic, but I never really got Batman as being any sort of hero. Wayne Enterprises always seems to be at the heart of whatever evil plot is going on, so if Bruce bothered to actually to his day job, maybe there would be less problems.

          Maybe Gotham would be less of a shithole if Bruce paid some more tax, and then the city wouldn't have to close mental hospitals etc.

          I'm also of the school of thought that superman would be more useful turning a generator than flying around the place :)

          http://www.smbc-comics.com/?id=2305

          1. Roj Blake

            Re: Deadpool

            Batman is a 1%er who enjoys beating up people with mental health problems. They then end up in a privately-run mental home with dubious standards.

            1. Anonymous Coward
              Anonymous Coward

              Re: Deadpool

              He may also be the only superhero to die of a heart attack before the end of a fight and have his fanbase insist that counts as winning.

              1. SonofRojBlake

                Re: Deadpool

                In the words of Reginald D Hunter:

                "Dude owns a corporation, has access to state of the art equipment, and he uses this to beat up on street level crime. He doesn't go after the oligarchs, the media barons, the Murdochs, or the Trumps, he mainly just f**ks with the purse-snatchers on the corner.

                Batman is a conservative's wet dream.

                F**k Batman."

    3. Baldrickk

      Re: Deadpool

      He's definitely an antihero. Alignment? Chaotic neutral? anyone who actually plays DnD care to weigh in?

      1. Ochib

        Re: Deadpool

        Chaotic neutral is someone who pledges to neither the good or evil spectrum, but enjoys ******* things up. Deadpool is a mercenary who enjoys his job. He is 'chaotic' because his means and motives are simply to have fun. This is usually attributed to psychopathic characters, which Deadpool is.

      2. Snowy
        Thumb Up

        Re: Deadpool

        I would agree Chaotic Neutral, a good definition of it is:

        A chaotic neutral character follows his whims. He is an individualist first and last. He values his own liberty but doesn't strive to protect others' freedom. He avoids authority, resents restrictions, and challenges traditions. A chaotic neutral character does not intentionally disrupt organizations as part of a campaign of anarchy. To do so, he would have to be motivated either by good (and a desire to liberate others) or evil (and a desire to make those different from himself suffer). A chaotic neutral character may be unpredictable, but his behavior is not totally random. He is not as likely to jump off a bridge as to cross it. (quote from http://easydamus.com/chaoticneutral.html)

  3. Anonymous Coward
    Anonymous Coward

    reporting the account and the IP address to Twitter and the Met Police

    and here, dear children, is where our story ends :/

    hope not, but then, why am I fooling myself...

    1. Pascal

      Re: reporting the account and the IP address to Twitter and the Met Police

      Yeah for a while we played with honeypots against various scams like those "president of our company sends urgent email to accounting needing a bank transfer done" messages, collecting communication traces and ip addresses, and reported the first couple of those to the proper authorities. It quickly became clear that nobody gave a rat's ass about it when we were never asked any follow-up questions and any of our own follow-up questions never got any real replies.

      1. Anonymous Coward
        Anonymous Coward

        Re: reporting the account and the IP address to Twitter and the Met Police

        Presumably this person has good hacking/pentesting skills, so

        - Hack into the system at the given IP address (covering his traces, of course)

        - Load it with malware configured to attempt to hack into the FBI/DoD/GCHQ/etc.

        - Buy popcorn

        1. bombastic bob Silver badge
          Devil

          Re: reporting the account and the IP address to Twitter and the Met Police

          keep in mind you can't *legally* back-hack someone. I know, it should be covered by "self defense" and "stand your ground", but there you go. Laws are usually written by idiots and people with agendas.

          Although a bit of 'grey hat' hacking can be useful.

          Example: back in the 'code red' days, the code red infected machine basically had a port open that went directoy to a CMD shell that would run in the background. You could, in theory, send a web request that would invoke CMD with commands of your choice [this was the big problem with code red, the big back door].

          Any machine attempting to infect (your Linux box - ha ha ha ha ha) would have a particular signature. Using that IP address, you could (in theory) "back hack" it and shut down the web server. This would stop the infection in its tracks, as it was memory resident only unless someone altered the system after the fact. Of course, you could *ALSO* pop up a message box on the console saying "you are an idiot, patch your code-red infected IIS server" or similar, or maybe leave a text file on the desktop called "IDIOT.TXT" or similar. Heh. (it wasn't me, I just heard about it)

          On a related note, 419 scammers have been trolled in similar ways. I really like that 'Africa' video that features photos of Nigerian 419 scammers holding up signs with lyrics from Toto's 'Africa'. Crowning moment of awesome! So why not troll the phishing scammers, too? Spectator sport, even!

          1. Anonymous Coward
            Anonymous Coward

            Re: reporting the account and the IP address to Twitter and the Met Police

            keep in mind you can't *legally* back-hack someone. I know, it should be covered by "self defense" and "stand your ground", but there you go. Laws are usually written by idiots and people with agendas.

            Depends on the country - it's permitted in some.

            However, the big problem is that you have to be certain of your target. I occasionally track these miscreants, and the smarter ones tend to proxy via a machine they hacked previously, so your retaliation would then hit someone who should practice better server hygiene, but who is essentially innocent. It could even become something equivalent to SWATting.

    2. Kevin McMurtrie Silver badge

      Re: reporting the account and the IP address to Twitter and the Met Police

      There must be 100+ IP addresses committing crimes against any given server on any day. There's nobody who will take up that case. Most hosting networks don't even care so there's nothing to do except to drop the CIDR into a blacklist.

      1. bombastic bob Silver badge
        Meh

        Re: reporting the account and the IP address to Twitter and the Met Police

        "There must be 100+ IP addresses committing crimes"

        yeah there must be a zillion people committing OTHER kinds of crimes, too. I guess we should just let them get away with it... NOT.

        Sorry, I don't buy that at ALL. I say, nuke 'em 'till they glow (then shoot 'em in the dark)

        /me thought I heard a whiny voice saying 'law enforcement is TOO HARD'

        I quote Charles Bronson from one of the 'Death Wish' movies, while he makes his own bullets: "Nothing is too good for our friends!". Along with Deadpool, excellent vigilante movies!

        Did I say 'vigilante'? I sure did!

        /me every once in a while goes over the 'Fail2ban' logs and reports one of the IP addresses, particularly if they show up more than once within the last day or 2.

    3. Pen-y-gors Silver badge

      Re: reporting the account and the IP address to Twitter and the Met Police

      While the fate of the criminals is unknown

      Now that the Met are on the case I think we can safely assume that they are happily carrying on as before, enjoying the fruits of their labour.

      It's pointless reporting 'cyber-crime' to the Met, even when you give them IP addresses, account details used to purchase IT services in the UK, and loads more, they do nothing.

      1. Anonymous Coward
        Anonymous Coward

        Re: reporting the account and the IP address to Twitter and the Met Police

        "even when you give them IP addresses, account details used to purchase IT services in the UK, and loads more, they do nothing."

        OK, here's a thought then - tell Plod HQ that the IP addresses etc have been selling promoting and selling Kodi(etc) boxes. Plod seemed to have plenty of time and PR money to shut down anything Kodi related.

        Or have they sorted all that out now?

  4. J.G.Harston Silver badge

    In Ye Olden Dayes I used to keep a rape alarm next to the telephone for busting the eardums of scammers. Wish there was an Internet equivalent.

    1. sgrier23

      I never used a rape alarm, but I have a good set of lungs and a loud whistle did equally as good.

    2. Mark 85 Silver badge

      Still works as there's still phone scammers out there. Keep the alarm or whistle or whatever floats your boat handy.

      1. Fruit and Nutcase Silver badge
        Mushroom

        Once during a nuisance call, I went and placed a chair under the smoke alarm in the room, stepped onto the chair, reached up and pressed the self test button on the alarm whilst holding the mobile next to it with the other hand. Yep, it worked

    3. Marcelo Rodrigues

      Can't we just play an wav to the other side? A nice square wave, 0dB, 1kHz.

      There must be an app for that, in our mobiles...

      1. bombastic bob Silver badge
        Devil

        "There must be an app for that, in our mobiles..."

        I like it... I should do that, put in 'droid store for free. too bad it won't work on my land line, though.

        I actually stopped answering my landline phone unless I recognize who it is on the answering machine speaker. No ringer either. Just goes to answering machine after FOUR RINGS (the maximum setting). The message starts off with an impersonation of 'The Big Bopper' saying "HELLoooo, BaaaayBY!". It's intended to flip the "hello" sensors in the robo dialers. Then it thanks friends/family for calling, please leave a message etc. and "For the rest of you, THIS NUMBER IS ON THE NATIONAL DO NOT CALL LIST". A lot of them hang up at exactly that point. And I'm glad if I wasted even a little of their time.

        1. Charles 9 Silver badge

          What I do is use ncid. In addition to the FCC bad list, I have two additional block scripts. One instantly blocks V telemarketers. The other silently hangs up on any new caller. Serious callers will think there was a glitch and call again, this time getting through. Meanwhile, I get a lead time to research the number with say 800notes to see if it should be permanently blacklisted.

    4. Lord Elpuss Silver badge

      I don't think this works any more with digital exchanges; signals are clipped, so a rape alarm or similar will be heard as an annoying peep, but won't bust any eardrums.

      1. djack

        I usually start whispering in an attempt to get them to turn up the speaker volume at their end before suddenly unleashing the deafening noise.

    5. Dr Dan Holdsworth
      Black Helicopters

      For phone phishers there are time-wasting systems that effectively just play random noncommittal crap at the phisher whenever there's a gap in the conversation. These do tend to string the average microsoft support scammer along for quite a while, since such scams don't attract exactly the greatest brains in the world at the sharp end.

      For email scammers, similar spoofing systems exist to string them along until they get bored with trying to out-think an infinitely patient machine. Alternatively quite a few people view scammers like this as entertainment. The Scamorama site is one such; some of their better efforts include pretending to be a man who was "a failed recipient of a whole-body transplant", who ekes out a miserable existence on a life support system in a university cellar as a disembodied head (typing with his nose). Needless to say, the efforts of the scammers to extract money from this poor chap are long-winded, amusing and ultimately fruitless.

    6. 's water music

      In Ye Olden Dayes I used to keep a rape alarm next to the telephone for busting the eardums of scammers. Wish there was an Internet equivalent

      LOIC? (with a similar risk of collateral damage to yourself)

    7. bombastic bob Silver badge
      Devil

      "In Ye Olden Dayes I used to keep a rape alarm next to the telephone for busting the eardums of scammers. Wish there was an Internet equivalent."

      get an old modem, and hook up a microcontroller with a button that puts it into 'answer' mode. "that tone" is ear splitting.

      I was getting harassment calls at one time, started doing that consistently (put modem into answer mode) from the command line on a computer. Calls stopped.

  5. sgrier23

    Dirty Scammers

    Hi

    Well done, I also enjoy wasting the time from scammers - "Hello Windows technical support..." type calls.

    As a Linux user (Linux Mint) on a laptop, they try and get me to do the "Windows Key plus R", but that does not work. They get a bit confused as to why it does not work. I usually get passed onto their "Second Line" Support / Expert scammer, but they are equally confused They ask what type of computer I use, I say "Asus", which to them is a Windows PC.

    These scammers need to be imprisoned for decades, but if that happens then I won't have my fun. The longest I have kept them on the phone was just under 1 hour, I was bored ay the end of it, but at least they called me and not some poor innocent who would be conned by these vermin.

    Once again, well done and I will need to note this as a new tactic these vermin are trying to use.

    1. JohnFen
      Pint

      Re: Dirty Scammers

      Well done, sir! I couldn't keep that up for an hour. Have a beer.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021