Slashdot Mirror

← Back to Stories (view on slashdot.org)

Programmer Develops Phone Bot To Target Windows Support Scammers (onthewire.io)

Posted by BeauHD on from the broadside-campaign dept.

Trailrunner7 quotes a report from On the Wire: The man who developed a bot that frustrates and annoys robocallers is planning to take on the infamous Windows support scam callers head-on. Roger Anderson last year debuted his Jolly Roger bot, a system that intercepts robocalls and puts the caller into a never-ending loop of pre-recorded phrases designed to waste their time. Anderson built the system as a way to protect his own landlines from annoying telemarketers and it worked so well that he later expanded it into a service for both consumers and businesses. Users can send telemarketing calls to the Jolly Roger bot and listen in while it chats inanely with the caller. Now, Anderson is targeting the huge business that is the Windows fake support scam. This one takes a variety of forms, often with a pre-recorded message informing the victim that technicians have detected that his computer has a virus and that he will be connected to a Windows support specialist to help fix it. The callers have no affiliation with Microsoft and no way of detecting any malware on a target's machine. It's just a scare tactic to intimidate victims into paying a fee to remove the nonexistent malware, and sometimes the scammers get victims to install other unwanted apps on their PCs, as well. Anderson plans to turn the tables on these scammers and unleash his bots on their call centers. "I'm getting ready for a major initiative to shut down Windows Support. It's like wack-a-mole, but I'm getting close to going nuclear on them. As fast as you can report fake 'you have a virus call this number now' messages to me, I will be able to hit them with thousands of calls from bots," Andrew said in a post Tuesday.

58 of 97 comments (clear)

  1. Legality by Anonymous Coward · · Score: 2, Funny

    How is this even legal? It is a crime to waste the money of corporations. Maybe some of these tech support companies will put him in prison or send someone to physically harm him.

    1. Re:Legality by DonaId+Trump · · Score: 5, Funny

      It's all part of a bigly 4-D chess game! This American hero is going to flood Indian call centers with thousands of cyber. It's the biggest cyber anyone has ever done. And when those Indian call centers get overwhelmed with cyber, Microsoft Support scamming jobs will come back to America!

    2. Re:Legality by Anonymous Coward · · Score: 1

      They'd have to admit who they are first. They're not a corporation they're a bunch of scamming assholes. Wasting their time is nothing compared to lying to people and probably stealing millions of dollars.

    3. Re:Legality by number6x · · Score: 5, Insightful

      How is this even legal? It is a crime to waste the money of corporations.

      What planet do you live on? It cannot be planet Earth!

      In no way, shape, or form is it a crime to waste the money of a corporation. Besides, they are free to hang up at any time and to stop wasting their own time.

      This is a completely ridiculous thought. Almost as laughable as when people write things like "Corporate officers are obligated by law to make a profit." This is a completely false statement.

      Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so. Stockholders or owners would like a company to be profitable and to make them money. They may choose new corporate leadership if a company is doing poorly, but they seem to be just as likely to hire a Carly Fiorina and run the company into the ground, while patting each other on the back for their great ability to pick such a great leader!

      Corporate officers are required by law to follow legal accounting practices, and to follow the law when reporting their accounting to government agencies for things like paying taxes, or complying with insurance reserve laws, or payroll employment insurance obligations. This is just the same as an individual filing their taxes must be honest. They would be subject to fines if they don't follow these tax and accounting laws. Jail may be possible if criminal intent or negligence could be proven. However, they can be losing money, wasting money and frittering it away and still be completely in compliance with the law.

      If it were truly a crime to waste the money of a corporation, pretty much all corporate managers and officers would be criminals.

    4. Re: Legality by Anonymous Coward · · Score: 1

      Ironically.

    5. Re: Legality by CaptainDork · · Score: 1

      (Score:+1, Ironic)

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re: Legality by Darinbob · · Score: 1

      Ironically sarcastic.

    7. Re:Legality by Rudisaurus · · Score: 1

      How is this even legal? It is a crime to waste the money of corporations..

      It is a crime to waste the time of Slashdot readers with idiotic drivel like this.

      Maybe some of these tech support companies will put him in prison or send someone to physically harm him.

      The first of your suggestions is ludicrous. The second is (surprisingly, coming from you) indeed possible -- provided they can find him. They are criminal enterprises, after all. And there's hope for you! You actually had a coherent thought!

      --
      licet differant, aequabitur
    8. Re:Legality by stealth_finger · · Score: 2

      It's all part of a bigly 4-D chess game! This American hero is going to flood Indian call centers with thousands of cyber. It's the biggest cyber anyone has ever done. And when those Indian call centers get overwhelmed with cyber, Microsoft Support scamming jobs will come back to America!

      It will be the easiest of the EASY D

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
    9. Re:Legality by Zontar_Thing_From_Ve · · Score: 2

      Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so.

      In the USA you can sue publicly traded companies if you feel that management has been derelict and hope for the best in the court system, but in general you are quite right. My previous job was working for a US subsidiary of a European telco. I don't like to name who I worked for because I don't want to give them free publicity as I still, years later, have some grudges against them and how they treated their US based employees. Anyway, we competed in a market segment as a minnow against much bigger fish like AT&T. Our bigger competitors could offer pretty much the same stuff we did but cheaper because they had economies of scale in North America that we couldn't match that enabled them to have a lower price structure. Desperate to get business, our European bosses somehow got a major American company with offices all around the world as a customer. I don't want to name the company or what we did for them, but you would be absolutely appalled to know what we did for them, the fact that they needed it done at all, and the fact that they were too stupid to just do it themselves. I'll just vaguely say that we fixed a major email issue for them. We sold this service at a huge loss just to be able to get their business because management decided that if we could tell prospective clients that we had company X as a customer, we could get more business. It didn't work. In fact, it not only didn't work, our crazy North American sales team took it as a green light to literally sell everything they could at any price, even if at a loss, just to get business. Our CEO had to send out a company wide email around the world to every employee saying that we could no longer sell services to customers at a loss. That's how bad it got. Another point is that Amazon lost truckloads of money for years after it started and I remember investment writers seriously asking in the 1990s if the company would ever turn a profit. Sometimes you have to run at a loss to get established and hopefully you have the money available to do that.

  2. I liked it by Revek · · Score: 1

    Some of the youtube calls are funny. I have salty sally on quick transfer. Its only six bucks a year.

  3. Re:Solution by Anonymous Coward · · Score: 1

    I can't help it. I'm lonely. Sometimes I even buy stuff from them just so they'll stay on the line and talk to me.

  4. Hi by Anonymous Coward · · Score: 5, Funny

    Hi, this is Lenny!! Come again?

    1. Re:Hi by DonaId+Trump · · Score: 1, Offtopic

      Believe me, I want to. But this Propecia makes it where I can only come about once a week! SAD!

  5. Re:Solution by Sigma+7 · · Score: 3, Insightful

    Don't answer calls from unknown numbers. Problem solved.

    Impractical for those who are job hunting, or those who are a major contact in some community organization (such as for a church, community group, etc.)

  6. Re:Scammers don't use real numbers by Revek · · Score: 5, Informative

    Go read how it works. You transfer crap calls to one of the robots and it talks to them for you. It now works with sip, so I added an extension on my pbx to transfer it to them. It emails you the recording but I also record it on my pbx.

  7. This Man is a Goddamned Superhero! by RumGunner · · Score: 4, Insightful

    Vigilante justice has never been funnier.

  8. Scam by Archangel+Michael · · Score: 3, Interesting

    When your scam relies upon a script, it is easy to script a response that falls within the norms of what you're expecting out of your victims.

    Queue the robot that checks the "I am not a robot" check box ... because it can.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Scam by AmiMoJo · · Score: 2

      If you just want to get rid of them, a very short disconnected tone or the sound of a fax machine modem for a second or two is usually enough to turn robocallers away. They won't even bother to hand the call to a human, and may even mark the number as dead.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Scam by Archangel+Michael · · Score: 1

      Why would I want them to stop? There is nothing more fulfilling than playing dumb while walking them through the long line of stupid questions, wasting their time. We should all waste as much of their time as we can, that is the only way to make them stop. Cost of finding a victim goes way up, the profits go way down.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    3. Re:Scam by Archangel+Michael · · Score: 1

      "What's Chrome?"

      "What's Firefox?"

      "Whats IE?"

      "Is that like AOL?"

      "I'm on Compuserve is that like the Internet?"

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    4. Re:Scam by AmiMoJo · · Score: 1

      Isn't the point of wasting their time to make them stop though? To make it unprofitable. Or do you mean you actually enjoy wasting their time in person?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. Re:Scammers don't use real numbers by cstdenis · · Score: 3, Interesting

    The summery says " 'you have a virus call this number now' messages" so it sounds like they are giving out a real number they expect the victims to call.

    --
    1984 was not supposed to be an instruction manual.
  10. they don't know any better by Anonymous Coward · · Score: 1, Informative

    Most call center scammers are blissfully unaware they're commiting a scam. They really think they're trying to help people solve their computer "problems" by having them sign-up for support plans. They're just script monkies. Some of the reps may know that their "services" are bogus and commit the scam anyways as long as they get a paycheck, they don't care. The ones that really know what's going on are the C-level types within the call center company. Check out Lewis's Tech channel some time. Really funny and sad stuff there.

    1. Re:they don't know any better by Anonymous Coward · · Score: 4, Insightful

      Bullshit. They know. Once they know you have found them out they invariably start cursing at you and being rude. Don't be so fucking naiive.

    2. Re:they don't know any better by Darinbob · · Score: 1

      No, many are real. They fool the listener into installing a variant of TeamViewer so that they can remotely control the computer. And my mother nearly fell for this three times. Once was "Microsoft" saying they detected a virus on the computer, but she figured out something was funny and hung up and turned off before too much happened. Second time it was "Best Buy" (actually bestbuy??.us) who called her, shortly after a fake "you've got a virus!" messaged showed up. They offered to help fix her computer, for free. Step one was to remove the old antivirus. Then she bought the new Symantec Endpoint from "Best Buy". Then they ran a virus scan

      I was sending some email back and forth and a bit confused by what she was saying, until I got an email update saying "I'll call Microsoft in the morning". So I called and woke her up to get the whole story, explaining that not even the President gets to just call Microsoft and that it was all a scam. She wondered why Best Buy would bother helping her if it was a scam. And she purchased the Symantec Endpoint using a bank transfer number(!!!!). So I had to talk hard to convince her to head to the bank the next day and cancel any transactions, and then monitor every week or so for unusual activity.

      Third time it was something similar, only 6 months after the previous thing. She shut off the computer after seeing the mouse moving by itself. Then she got a local guy to remove viruses which he did by wiping the computer, reinstalling windows, and making a huge mess of things (he didn't know there was a backup, she didn't know any of her passwords, and he set her up with a new "free" email account even though the router on the desk should have made it clear she had a paid-for ISP account). I think she was too embarrassed to call me.

      Really... when you're young your parents try to teach you beware if strangers. When you get older you have to each your parents to distrust strangers on the internet.

    3. Re:they don't know any better by Anonymous Coward · · Score: 1

      Only the sole scammers. The larger ones hire a generic call center which follow given scripts. You can buy these services for next to nothing through the massive data capture services running in Manilla (cheaper than India). If you want 100,000 people contacted within a few days, they'll do it and follow your precise script (that's question flow, not some bash/perl/python file), and provide you with a uniformed export. You can even handle the calls and hook them through to their people who'll do the rest with no idea what's going on. It's trivial to do a farmed SIP breakout, exclusion lists, auto-learning and capture (which are then sold to others).

      Disclaimer: I used to write the tools that allowed them to create phone support and market research capture within a few hours. Some were complete wank like the vehicle prospects, others were high level medical and pharma science (these are worth more than gold). My stuff was 100% legit, but I know the bastards sold my system when I started to get devs emailing me after finding my details in the source.

  11. Re:Solution by bobbied · · Score: 1

    Don't answer calls from unknown numbers. Problem solved.

    My provider, Ooma, does a really good job of keeping an up to date listing of Telemarketing numbers, plus they allow you to deny any calls that don't provide a valid ANI. All I do is turn on their filters and I rarely get any unwanted calls. They are also cheap (after you buy the device that is).

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  12. Re:Solution by Anonymous Coward · · Score: 3, Insightful

    I just use a Google Voice number for that. Cuts down on a lot of obvious scams, is easy to report numbers that make their way through, plus the numbers are tied to the email address I use for said group.

  13. Re:Solution by Anonymous Coward · · Score: 2, Insightful

    Jesus, we're a community of nerds - MOST of us are required to answer our personal phones and we don't always have the luxury of having everyone's contact information in our address book.

    And for Mr. "this is illegal!" above, what these assholes are doing is illegal to. Put me in the same fucking cell and I'll teach them a lesson the courts aren't allowed to teach.

  14. Re:Solution by PRMan · · Score: 1

    Ooma Premium is SOOO worth it. I get more bad calls on my cell phone now, because the home phone only rings for real people.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  15. Re:Invalid numbers by bobbied · · Score: 2

    Typical... Scammers just provide spoofed data for the caller ID. Apart from having the right kind of trunk connection with ma bell (pretty much anything except a POTS line) you can set up the caller to receive just about ANY number. I had our PBX operator show me how once. He knew the White House switch board number so he used that to set up the PBX and called my cell phone. Voilà, I got a call from the White House! Great to amaze your friends or hide your true identity from the hapless person you want to abuse who depends on the caller ID.

    Of course, none of this slight of hand actually keeps the Phone Company from knowing who to charge or from telling law enforcement who you are if presented the proper warrant....

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  16. Re:Invalid numbers by omnichad · · Score: 1

    Providers should pass the ANI number down to the SIP trunk, separate from caller ID. Then the PBX would see the same number calling in each time on that side.

    I know you automatically get that on incoming calls if you have an 800-number, but I don't know if it's possible with normal numbers or whether it's part of the SIP standard.

  17. nothing new by Lumpy · · Score: 5, Interesting

    I was doing this 10 years ago with Asterisk phone server. get a phone call at the house, press *1 and it transfers them to telemarketer hell where it plays random human responses that are a lot better than his as I was looking for pauses in audio to respond, his is just random audio that is not responding to the audio coming in.

    There was a asterisk guru that published all the goodies on how to do this over a decade ago and I used his code and modified it a bit. worked great and the longest I tired up a telemarketer was 2 hours.

    about 4 years ago someone had a better one called "this is lenny" that emulated an old senile man and was recording the calls for everyones entertainment.

    --
    Do not look at laser with remaining good eye.
    1. Re:nothing new by sims+2 · · Score: 3, Interesting

      Lenny is still going! https://www.reddit.com/r/itsle...

      --
      Minimum threshold fixed. Thanks!
  18. Re:Solution by darkain · · Score: 2

    As someone who runs the IT department at a retail establishment where half of our orders are placed via phone calls, it would be near impossible to just "not answer" the phone. Not every entity has this luxury. Though, I do personally have the luxury of fucking with all these "tech support" callers every time they contact us!

  19. Re:Invalid numbers by bobbied · · Score: 2

    Sometimes the ANI isn't what you send for the Caller ID data. It's like the difference between E-mail "from" and "Reply TO" headers.

    There ARE valid reasons to do this slight of hand, so the phone company usually allows it from PBX operators.... At least the ones who don't abuse the privilege...

    I'm sure that part of this SS7 ISUP signaling protocol is mirrored in SIP, but I left the Telco world right when SIP was getting started so I'm not well versed in the various protocols used to handle signaling in the SIP world.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  20. Re:Scammers don't use real numbers by sconeu · · Score: 1

    It's wintery here.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  21. Turing Test by khelms · · Score: 3, Funny

    This will discover if the telemarketers are really intelligent and self-aware.

  22. I hav one ... by CaptainDork · · Score: 1

    ... 1-800-whitehouse.

    Thanks, Roger.

    You're a peach.

    --
    It little behooves the best of us to comment on the rest of us.
  23. Re:Invalid numbers by omnichad · · Score: 1

    I don't mean send it as caller ID, but rather as extra metadata. That way, you can block further calls entirely. I suppose if it's a large call center, there's going to be a large block of numbers anyway. But a lot of these scammers are lone operators. I get phone calls every day on my business line from Houston, TX and Chicago, IL and I have no business with either area, vendor or otherwise.

    And yes - I use caller ID spoofing every day to have certain outgoing calls from my PBX show up as my Google Voice number.

  24. Re:Solution by stealth_finger · · Score: 1

    Don't answer calls from unknown numbers. Problem solved.

    Nah, you answer calls from unknowns with "Hello, Burger King" or some other random company. If it scam you can get rid easily if it's legit you change track and they forget all about that first bit.

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u
  25. Re:Invalid numbers by crypticedge · · Score: 2

    I usually use my local FBI Field office number when I'm testing a new system I setup. There's next to no controls on CID reporting on any voip provider.

  26. Re:Opinions vary #2/2 unidentifiable troll by crypticedge · · Score: 1

    You've been pushing this virus for YEARS now on here. When will you give it up?

  27. Re:Solution by AmiMoJo · · Score: 1

    There is an Android app called TrueCaller that is great for screening calls. It uses crowd sourced data to identify numbers and shows you how many people marked them as spam.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  28. Re:Scammers don't use real numbers by AmiMoJo · · Score: 1

    Yes, that's how it works. They get you to call them back, because it gives the victim more confidence. People have got the message that if random people call you claiming to be your bank, it's probably a scam, so you need to call them on their official number... And somehow telling people to call back with a number left in a voice mail fulfils this requirement.

    It also means you have plenty of time to prepare a Windows 98 VM and set up a Skype account to call them with. Someone needs to make a VM with randomly generated user data and a virtual user who wastes the scammer's time, while auto-reporting their TeamViewer account for TOS violations etc.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  29. Re:Eat your words troll... apk by Zontar+The+Mindless · · Score: 1

    I heard somebody posted an article about you on Encyclopedia Dramatica but it got deleted. I wonder why anybody would do that.

    --
    Il n'y a pas de Planet B.
  30. Hilarious by SpaghettiPattern · · Score: 1

    Never heard of it before. Youtubed it. Absolutely hilarious!

    • Are calling about something?
    • I'm kind of like in the middle of something right now. Like what are you exactly calling about?
    --

    I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
  31. Re:Scammers don't use real numbers by tepples · · Score: 1

    Are any of the popular tech support scam baiters on YouTube based out of Australia or New Zealand?

  32. Re:Scammers don't use real numbers by tepples · · Score: 1

    It also means you have plenty of time to prepare a Windows 98 VM and set up a Skype account to call them with.

    The scammers have become wise to this. They refuse to deal with Windows 98 and Windows XP on grounds that Microsoft has announced their end of support.

    Someone needs to make a VM with randomly generated user data and a virtual user who wastes the scammer's time

    Someone needs to go on YouTube and watch Lewis's Tech, Thunder Tech, Each&Everything, etc. do exactly this.

  33. Scammer Sub Lounge by tepples · · Score: 1

    You could waste their time, upload the waste of time to YouTube, and possibly even make a little money on ads. It works for the Scammer Sub Lounge partners.

  34. Re:This guy... by DrackenFireBreather · · Score: 1

    No! No capes!

    http://i.imgur.com/9Ybgz.gif

    --
    Read the rest of this rant...
  35. Re:Scammers don't use real numbers by TheCarp · · Score: 1

    > The scammers have become wise to this. They refuse to deal with Windows 98 and Windows XP on grounds that Microsoft has announced their end of support.

    So much effort anyway....its easier to not setup a VM and...get this.... Lie to them.

    Its fun. Treat it like a video game. Its role playing practice. Your just rolled a new character "stupid user". Just pretend to be the dumbest user you ever tried to help, and imagine what issues they might encounter. Feel free to be "too smart for your own good".

    My favorite was when one guy asked me to open a link "in chrome", I agree. 3 mins later he is asking "whats going on now?" "oh I am installing chrome" "oh so you have a web....ok" He waited another 5 minutes before checking in again.

    Hint: I wasn't installing chrome

    --
    "I opened my eyes, and everything went dark again"
  36. Re:Scammers don't use real numbers by tepples · · Score: 1

    its easier to not setup a VM

    One of the first things a scammer does is get you to install a remote assistance application to give administrative access to Windows. No VM means the scammer can use syskey.exe to apply a boot password you don't know or otherwise completely wreck it.

    My favorite was when one guy asked me to open a link "in chrome", I agree. 3 mins later he is asking "whats going on now?"

    So your strategy appears to involve stalling the scammer to keep him from even getting to the LogMeIn or GoToMyPC or TeamViewer step. Are there videos of that strategy?

  37. Re:Zontar the proven nutcase sockpuppeteer! by Zontar+The+Mindless · · Score: 1

    Such modesty from one who's got a whole archive dedicated to him at Ars Technica. How touching.

    --
    Il n'y a pas de Planet B.
  38. Re:Arstechnica = chumps I blew away easily by Zontar+The+Mindless · · Score: 1

    And this is why you're too much of a coward to sign in with an account here, right? It would have nothing to do with you getting banned time and again from the Ars forums?

    And this is also why I spent last evening enjoying a 10-course dinner for the Lantern Festival at the Great Happiness Restaurant in Guangzhou while you dined on Cheet-Ohs in your mother's basement in Poughkeepsie? In your world, this somehow makes you a winner and me a loser? I'm having trouble following your logic here.

    As for the postcard--in no way whatsoever was it "threatening", since all it said was something like, "Greetings from your old buddy Zontar in Stockholm. Behave yourself." Any "threat" you perceived was purely the product of your own imagination, most likely when you realised that (a) it was indeed possible (and even dead easy) to track you down, (b) someone with ill intent and time on his hands could just as easily have shown up at your door, and (c) you fucked up big time by admitting you'd even got the thing. Fortunately for you, (a) I am a more ethical being (and a smarter one) than you, (b) I am not vulnerable in the way that Jeremy, Jay, or your other victims were--and (c) you are not really worth the trouble in any case.

    As for your ridiculous claims concerning Russinovitch: Anyone with the time & patience to check out your claims will discover, just as I did, that you managed to get more downloads of your crappy freeware than he did his because you mercilessly spammed every web forum you could find, just like you try to do here.

    Saturday in the park,
    I think it was the 4th of July...

    HAND, AlecStaar.

    --
    Il n'y a pas de Planet B.
  39. Re:Arstechnica = chumps I blew away easily by Zontar+The+Mindless · · Score: 1

    Oh, right, it's Syracuse, not Poughkeepsie. Whatever.

    --
    Il n'y a pas de Planet B.
  40. Re:Scammers don't use real numbers by TheCarp · · Score: 1

    Right, I don't actually DO any of the things I was claiming, I just lie to him. Its so much easier than actually going through with it. I put him on speakerphone and go about my business while I fuck with him.

    No videos, but one dude totally caught on and started singing to me before he hung up.

    --
    "I opened my eyes, and everything went dark again"