Phone scammers are often trolled. In Russia, this is done by one in five subscribers, according to a survey conducted by Kaspersky Lab. However, it usually goes no further than humorous conversations.
Last year, an incredible thing happened – prankers attacked scammers "from the inside". To be more precise – they immediately disabled all the major call centers in India that deceived pensioners around the world. And although the scammers returned to calls a week later, they managed to lose $ 2 million.
The organizers were:
The bloggers targeted call centers Met Technologies, VRM and Ansh Ihfo Solutions. All are located in Kolkata. According to bloggers, this Indian city is considered a hotbed of telephone fraud on a global scale. It is from there that victims from the United States and other countries usually call.
Before breaking into the offices of fraudsters, bloggers conducted an investigation. And here's what they learned about Calcutta's fraudulent call centers:
Each of these call centers has a website and legal contracts. And this is logical – if at least some of the employees are engaged in legitimate calls, then the organization will have fewer questions when checking.
Then the bloggers hired 10 private detectives. They infiltrated call centers and continued to collect evidence of crimes on the spot. They also carried out sabotage when everything was ready.
All attacks were planned to be harmless, but extremely unpleasant. The pranks used a water bottle that fills the room with a bad smell, a package of Viagra with the boss's name on the box, and liquid hand soap with persistent food coloring. In addition, cockroaches with rats, smoke machines and a sparkly gas bomb designed by Marc Robert were brought into the offices of call centers.
The first and only victim of bloggers was Ansh Ihfo Solutions. All the "surprises" hit her in one day. After that, all fraudulent call centers became paranoid.
First, they began to thoroughly inspect employees at the entrance, and then they temporarily closed their offices. Moreover, the decision was made not only where bloggers planned to conduct attacks. All major fraudulent call centers in India have stopped working for a week.
And even if the entire video surveillance system is replaced in call centers, this will not be a problem for Jim Browning and other robingood hackers. Access to the cameras is usually easy to get, experts remind.
The second condition, according to the expert, is a vulnerability in the web access panel to the camera itself. These can be default passwords or risks associated with web applications that allow you to authenticate and watch data streams from cameras.
According to the expert, most likely Jim Browning knew the IP address of the camera, went to the web panel and hacked the authentication form through a vulnerability or selecting a simple password. Or it could find the IP address of the camera that was protected by authentication. But at the same time, he knew the camera developer and firmware version, so he was able to find a public exploit for it or develop it himself. Vulnerabilities in the firmware of IoT devices are quite easy to find, recalls Alexander Gerasimov.
In any case, the bloggers achieved their goal. They exposed the scammers, attracted the attention of millions of youtube users, and temporarily paralyzed the criminals. But the $ 2 million lost is just a drop in the cash flow that passes through such organizations. And it is obvious that the fight against cybercriminals needs other, more serious methods.
Last year, an incredible thing happened – prankers attacked scammers "from the inside". To be more precise – they immediately disabled all the major call centers in India that deceived pensioners around the world. And although the scammers returned to calls a week later, they managed to lose $ 2 million.
And now for more details
In May 2022, American youtube bloggers told how they conducted a special prank operation against fraudulent call centers in India.The organizers were:
- Jim Browning-uncovers international fraud schemes and organizations that specialize in deceiving victims over the phone and on the Internet,
- Mark Robert-runs a popular science YouTube channel. In his videos, he talks about important discoveries and his own experiments, including with glitter bombs and other gadgets created by him. He also frequently participates in campaigns to expose cyber fraudsters;
- guys from the antiscum project Trilogy Media.
The bloggers targeted call centers Met Technologies, VRM and Ansh Ihfo Solutions. All are located in Kolkata. According to bloggers, this Indian city is considered a hotbed of telephone fraud on a global scale. It is from there that victims from the United States and other countries usually call.
Before breaking into the offices of fraudsters, bloggers conducted an investigation. And here's what they learned about Calcutta's fraudulent call centers:
- 90% of the victims are elderly (65 years and older). To immediately determine the age of the interlocutor, attackers often use a script;
- calls are made during business days and hours in the United States;
- most often, they use the legend with a refund from Amazon, pretend to be Microsoft, McAfee, Norton Antivirus, the tax service and banks;
- income – about 60 thousand dollars a day.
Each of these call centers has a website and legal contracts. And this is logical – if at least some of the employees are engaged in legitimate calls, then the organization will have fewer questions when checking.
X-day and the aftermath
Preparation for the operation took a year and a half. At first, the participants of the punk campaign collected dirt on criminal call centers. To do this, Jim Browning hacked into their systems, connected to employees ' computers and video surveillance cameras in their offices.Then the bloggers hired 10 private detectives. They infiltrated call centers and continued to collect evidence of crimes on the spot. They also carried out sabotage when everything was ready.
All attacks were planned to be harmless, but extremely unpleasant. The pranks used a water bottle that fills the room with a bad smell, a package of Viagra with the boss's name on the box, and liquid hand soap with persistent food coloring. In addition, cockroaches with rats, smoke machines and a sparkly gas bomb designed by Marc Robert were brought into the offices of call centers.
The first and only victim of bloggers was Ansh Ihfo Solutions. All the "surprises" hit her in one day. After that, all fraudulent call centers became paranoid.
First, they began to thoroughly inspect employees at the entrance, and then they temporarily closed their offices. Moreover, the decision was made not only where bloggers planned to conduct attacks. All major fraudulent call centers in India have stopped working for a week.
The Jim Browning Method
Of course, a week later, the attackers continued to call the victims. However, the bloggers still have access to the cameras and video recording of the attack in Ansh Ihfo Solutions. The collected materials will continue to work against fraudsters for a long time, attracting the attention of potential victims and reducing criminal income.And even if the entire video surveillance system is replaced in call centers, this will not be a problem for Jim Browning and other robingood hackers. Access to the cameras is usually easy to get, experts remind.
The second condition, according to the expert, is a vulnerability in the web access panel to the camera itself. These can be default passwords or risks associated with web applications that allow you to authenticate and watch data streams from cameras.
According to the expert, most likely Jim Browning knew the IP address of the camera, went to the web panel and hacked the authentication form through a vulnerability or selecting a simple password. Or it could find the IP address of the camera that was protected by authentication. But at the same time, he knew the camera developer and firmware version, so he was able to find a public exploit for it or develop it himself. Vulnerabilities in the firmware of IoT devices are quite easy to find, recalls Alexander Gerasimov.
Conclusions
Of course, bloggers launched a prank operation not only for the sake of HYPE. This is the only method they had left to deal with illegal call centers in Calcutta. Previously, they appealed to the authorities in India, but it did not give any result – complains Mark Robert.In any case, the bloggers achieved their goal. They exposed the scammers, attracted the attention of millions of youtube users, and temporarily paralyzed the criminals. But the $ 2 million lost is just a drop in the cash flow that passes through such organizations. And it is obvious that the fight against cybercriminals needs other, more serious methods.
