Programmer Develops Phone Bot To Target Windows Support Scammers

Trailrunner7 quotes a report from On the Wire: The man who developed a bot that frustrates and annoys robocallers is planning to take on the infamous Windows support scam callers head-on. Roger Anderson last year debuted his Jolly Roger bot, a system that intercepts robocalls and puts the caller into a never-ending loop of pre-recorded phrases designed to waste their time. Anderson built the system as a way to protect his own landlines from annoying telemarketers and it worked so well that he later expanded it into a service for both consumers and businesses. Users can send telemarketing calls to the Jolly Roger bot and listen in while it chats inanely with the caller. Now, Anderson is targeting the huge business that is the Windows fake support scam. This one takes a variety of forms, often with a pre-recorded message informing the victim that technicians have detected that his computer has a virus and that he will be connected to a Windows support specialist to help fix it. The callers have no affiliation with Microsoft and no way of detecting any malware on a target's machine. It's just a scare tactic to intimidate victims into paying a fee to remove the nonexistent malware, and sometimes the scammers get victims to install other unwanted apps on their PCs, as well. Anderson plans to turn the tables on these scammers and unleash his bots on their call centers. "I'm getting ready for a major initiative to shut down Windows Support. It's like wack-a-mole, but I'm getting close to going nuclear on them. As fast as you can report fake 'you have a virus call this number now' messages to me, I will be able to hit them with thousands of calls from bots," Andrew said in a post Tuesday.

Legality

How is this even legal? It is a crime to waste the money of corporations. Maybe some of these tech support companies will put him in prison or send someone to physically harm him.

Re:Legality

[DonaId+Trump]

It's all part of a bigly 4-D chess game! This American hero is going to flood Indian call centers with thousands of cyber. It's the biggest cyber anyone has ever done. And when those Indian call centers get overwhelmed with cyber, Microsoft Support scamming jobs will come back to America!

Re:Legality

[number6x]

How is this even legal? It is a crime to waste the money of corporations.

What planet do you live on? It cannot be planet Earth!

In no way, shape, or form is it a crime to waste the money of a corporation. Besides, they are free to hang up at any time and to stop wasting their own time.

This is a completely ridiculous thought. Almost as laughable as when people write things like "Corporate officers are obligated by law to make a profit." This is a completely false statement.

Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so. Stockholders or owners would like a company to be profitable and to make them money. They may choose new corporate leadership if a company is doing poorly, but they seem to be just as likely to hire a Carly Fiorina and run the company into the ground, while patting each other on the back for their great ability to pick such a great leader!

Corporate officers are required by law to follow legal accounting practices, and to follow the law when reporting their accounting to government agencies for things like paying taxes, or complying with insurance reserve laws, or payroll employment insurance obligations. This is just the same as an individual filing their taxes must be honest. They would be subject to fines if they don't follow these tax and accounting laws. Jail may be possible if criminal intent or negligence could be proven. However, they can be losing money, wasting money and frittering it away and still be completely in compliance with the law.

If it were truly a crime to waste the money of a corporation, pretty much all corporate managers and officers would be criminals.

Re:Legality

[stealth_finger]

It's all part of a bigly 4-D chess game! This American hero is going to flood Indian call centers with thousands of cyber. It's the biggest cyber anyone has ever done. And when those Indian call centers get overwhelmed with cyber, Microsoft Support scamming jobs will come back to America!

It will be the easiest of the EASY D

Re:Legality

[Zontar_Thing_From_Ve]

Companies are under no obligation to profit. They are completely free to fail and go bankrupt. They would like to profit and not fail, but they are under no legal obligation to do so.

In the USA you can sue publicly traded companies if you feel that management has been derelict and hope for the best in the court system, but in general you are quite right. My previous job was working for a US subsidiary of a European telco. I don't like to name who I worked for because I don't want to give them free publicity as I still, years later, have some grudges against them and how they treated their US based employees. Anyway, we competed in a market segment as a minnow against much bigger fish like AT&T. Our bigger competitors could offer pretty much the same stuff we did but cheaper because they had economies of scale in North America that we couldn't match that enabled them to have a lower price structure. Desperate to get business, our European bosses somehow got a major American company with offices all around the world as a customer. I don't want to name the company or what we did for them, but you would be absolutely appalled to know what we did for them, the fact that they needed it done at all, and the fact that they were too stupid to just do it themselves. I'll just vaguely say that we fixed a major email issue for them. We sold this service at a huge loss just to be able to get their business because management decided that if we could tell prospective clients that we had company X as a customer, we could get more business. It didn't work. In fact, it not only didn't work, our crazy North American sales team took it as a green light to literally sell everything they could at any price, even if at a loss, just to get business. Our CEO had to send out a company wide email around the world to every employee saying that we could no longer sell services to customers at a loss. That's how bad it got. Another point is that Amazon lost truckloads of money for years after it started and I remember investment writers seriously asking in the 1990s if the company would ever turn a profit. Sometimes you have to run at a loss to get established and hopefully you have the money available to do that.

Hi

Hi, this is Lenny!! Come again?

Re:Solution

[Sigma+7]

Don't answer calls from unknown numbers. Problem solved.

Impractical for those who are job hunting, or those who are a major contact in some community organization (such as for a church, community group, etc.)

Re:Scammers don't use real numbers

[Revek]

Go read how it works. You transfer crap calls to one of the robots and it talks to them for you. It now works with sip, so I added an extension on my pbx to transfer it to them. It emails you the recording but I also record it on my pbx.

This Man is a Goddamned Superhero!

[RumGunner]

Vigilante justice has never been funnier.

Scam

[Archangel+Michael]

When your scam relies upon a script, it is easy to script a response that falls within the norms of what you're expecting out of your victims.

Queue the robot that checks the "I am not a robot" check box ... because it can.

Re:Scam

[AmiMoJo]

If you just want to get rid of them, a very short disconnected tone or the sound of a fax machine modem for a second or two is usually enough to turn robocallers away. They won't even bother to hand the call to a human, and may even mark the number as dead.

Re:Scammers don't use real numbers

[cstdenis]

The summery says " 'you have a virus call this number now' messages" so it sounds like they are giving out a real number they expect the victims to call.

Re:Solution

I just use a Google Voice number for that. Cuts down on a lot of obvious scams, is easy to report numbers that make their way through, plus the numbers are tied to the email address I use for said group.

Re:Solution

Jesus, we're a community of nerds - MOST of us are required to answer our personal phones and we don't always have the luxury of having everyone's contact information in our address book.

And for Mr. "this is illegal!" above, what these assholes are doing is illegal to. Put me in the same fucking cell and I'll teach them a lesson the courts aren't allowed to teach.

Re:Invalid numbers

[bobbied]

Typical... Scammers just provide spoofed data for the caller ID. Apart from having the right kind of trunk connection with ma bell (pretty much anything except a POTS line) you can set up the caller to receive just about ANY number. I had our PBX operator show me how once. He knew the White House switch board number so he used that to set up the PBX and called my cell phone. Voilà, I got a call from the White House! Great to amaze your friends or hide your true identity from the hapless person you want to abuse who depends on the caller ID.

Of course, none of this slight of hand actually keeps the Phone Company from knowing who to charge or from telling law enforcement who you are if presented the proper warrant....

nothing new

[Lumpy]

I was doing this 10 years ago with Asterisk phone server. get a phone call at the house, press *1 and it transfers them to telemarketer hell where it plays random human responses that are a lot better than his as I was looking for pauses in audio to respond, his is just random audio that is not responding to the audio coming in.

There was a asterisk guru that published all the goodies on how to do this over a decade ago and I used his code and modified it a bit. worked great and the longest I tired up a telemarketer was 2 hours.

about 4 years ago someone had a better one called "this is lenny" that emulated an old senile man and was recording the calls for everyones entertainment.

Re:nothing new

[sims+2]

Lenny is still going! https://www.reddit.com/r/itsle...

Re:Solution

[darkain]

As someone who runs the IT department at a retail establishment where half of our orders are placed via phone calls, it would be near impossible to just "not answer" the phone. Not every entity has this luxury. Though, I do personally have the luxury of fucking with all these "tech support" callers every time they contact us!

Re:Invalid numbers

[bobbied]

Sometimes the ANI isn't what you send for the Caller ID data. It's like the difference between E-mail "from" and "Reply TO" headers.

There ARE valid reasons to do this slight of hand, so the phone company usually allows it from PBX operators.... At least the ones who don't abuse the privilege...

I'm sure that part of this SS7 ISUP signaling protocol is mirrored in SIP, but I left the Telco world right when SIP was getting started so I'm not well versed in the various protocols used to handle signaling in the SIP world.

Re:they don't know any better

Bullshit. They know. Once they know you have found them out they invariably start cursing at you and being rude. Don't be so fucking naiive.

Turing Test

[khelms]

This will discover if the telemarketers are really intelligent and self-aware.

Re:Invalid numbers

[crypticedge]

I usually use my local FBI Field office number when I'm testing a new system I setup. There's next to no controls on CID reporting on any voip provider.