How a hacker got sweet revenge on scammers who tried to take advantage of his parents

Woman venetian mask venice disguise lipstick wig hairMarco Di Lauro/Getty ImagesThe ‘tech support workers’ were operating under false pretenses — but so was the ‘victim.’

Don’t mess with security researchers.

Case in point: Scammers tried to target Ivan Kwiatkowski’s parents, so he retaliated by tricking them into installing ransomware — a type of malware that encrypts the victim’s files and demands a ransom — on their computer.

Kwiatkowski detailed the entire episode in a post on his blog. (We first read about it over on The Register.) It began when his parents ended up on a web page (falsely) claiming they had been infected with a bit of malware known as Zeus, and which directed them to a “tech support” helpline that claimed it could fix everything.

Tech support scam frenchIvan KwiatkowskiThe malicious webpage Ivan Kwiatkowski’s parents encountered that pretends to be a malware infection.

This got the French security researcher’s attention, so “I decided I would give them a call to know more about what they hoped to accomplish,” he wrote. He used a virtual machine running Windows XP (a simulation of the old operating system so the tech support scammers wouldn’t gain access to his real files) and called up feigning a total lack of computer literacy.

They directed him to install a remote-assistant app that let them control his computer (in reality, just the virtual machine), and attempted to prove with various tricks that his computer was “infected.” (These tricks included booting up the command line and clumsily typing “ip hacked” and “1452 virus” as if it was an alert from the computer.)

Tech support scam command lineIvan KwiatkowskiThis is not how you detect viruses.

The end game of the scammers is getting the credit card details of the “infected” victim. They do this by pretending to sell anti-virus software that can solve all the victim’s technical problems.

So when the time came for Kwiatkowski to “pay” for the fake software they were selling, he deliberately gave them incorrect card details. When, for obvious reasons, they didn’t work, he offered a solution: He could just photograph his card and send them the photo!

Tech support scam photoIvan KwiatkowskiRansomware will encrypt the target’s data, rendering their files permanently useless unless they pay a ransom.

So he grabs a malicious file that contains ransomware from his junk email folder, renames it “Photo (823),” and sends it over.

“I tried opening your photo, nothing happens,” the scammer says.

“Are you sure?”Kwiatkowski asks. “Sometimes my pictures have a problem opening on MacOS, are you on Windows?”

The scammer responds: “Your pictures are corrupted because your computer is infected. This is why we need to take care of this.”

Not quite.

Kwiatkowski wrote on his blog: “And while a background process quietly encrypts his files, we try paying a couple more times with those random numbers and he finally gives up, suggesting that I contact my bank and promising to call me back next Monday.”

The researcher thinks that if more people messed with scammers, it could help to disrupt their malicious business model.

“Scammers don’t have the time to separate legitimate mugus from the ones who just pretend. Their business model relies on the fact that only gullible people will reply. Now were they spammed back, their workload would increase so much that scamming wouldn’t be a profitable activity anymore,” he wrote.

NOW WATCH: This robot butler is like your own personal R2-D2

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.