Category: Fight Back

The Hero Who Stopped NHS Ransomware Attack

The WannaCry ransomware attack of May 2017 wasn’t aimed at the NHS, it was spread across Europe and Asia and happened to hit the NHS very hard for a series of reasons including that they had old Windows 95 machines on their network and because their network has a huge number of computers attached to it.  The ransomware demands users pay $300 worth of online currency Bitcoins to retrieve their files, but the price goes up if they don’t pay quickly and of course there is no guarantee that payment allows file retrieval.

An anonymous  UK cybersecurity researcher (known by the Twitter handle @malwaretechblog)  with the help of Darien Huss from security firm Proofpoint looked at the ransomware and discovered the name of a website which was being accessed by the ransomware. But the website address hadn’t been registered by anyone. He bought the domain name in order to track the activities of the ransomware but in fact it was a “kill switch” that stopped the ransomware from spreading any further. Well done, if unintentionally.

That didn’t help the people whose computers had already been infected but it stop the outbreak from continuing.

Unfortunately once the scammers realised how the malware had been stopped, they created and released a version that ignored the kill switch. But at least people had time to build defences against another attack.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic.

MalwareTech explained that he bought the domain because his company tracks botnets (automated networks of controlled computers), and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

Well done hero – he’s now an honorary Ninja.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

UK Biggest Cyber Criminals Caught

The UK’s biggest ever cyber scammers stole £113m by calling victims pretending to be from their bank. Fraudsters used bin bags full of cash for shopping sprees, bought supercars and a Lahore mansion. The Glasgow-based gang targeted small businesses in telephone fraud scam and they cleared out millions of pounds from their victims’ bank accounts

The ring leader Choudhary has been jailed for 11 years and 14 others also face prison terms.

The Burnley-born fraudster had fleeced over 750 British firms to fund his millionaire playboy lifestyle. Raking in £3million a month by cold-calling bank customers, he ruined hundreds of lives and put small businesses on the brink of bankruptcy – leaving one victim so distraught that she committed suicide.

The Method

Choudhary phoned businesses claiming to be from their bank, saying security on the accounts had been compromised. He got internet bank security details and passwords from employees and emptied their accounts in minutes, blocking phone lines with software to stop contact with the real bank

Unwitting customers were told their accounts had been hacked and were duped into giving their internet banking passwords over the phone.

The cash was withdrawn by ‘money mules’ and moved through transfer exchanges from London to Pakistan and elsewhere. The biggest raid saw £2.2million taken from a solicitor’s firm in minutes

Choudhary used the details to convince businesses he was a genuine bank employee, telling them they had been hacked by ‘someone in Aberdeen’ called ‘King’

Scotland Yard believes at least 750 businesses were affected between January 2013 and October 2015, but there could be countless others. Choudhary targeted customers from Lloyds, Santander, Barclays and Royal Bank of Scotland.

Choudhary grew so rich that he flew his personal valets 8,000 miles across the world to polish his Porsches.

He posed as a music producer and property developer and owned a fleet of expensive cars including a Bentley, Rolls-Royce, Lamborghini and two Porsches.

Choudhary spent millions on a property portfolio in Pakistan, Dubai and Scotland, treated himself to £100,000 shopping trips at Harrods, bought £45,000 Rolex watches and enjoyed luxury holidays in the Middle East.

Conviction

Choudhary was jailed for 11 years. Corrupt Lloyds business adviser, Jones Opare-Addo, was jailed for five years for leaking account details to the gang and setting up accounts to launder cash.

Emma Daramola, 23, was given a two-year suspended sentence for conspiracy to commit fraud by abuse of position for her role as an insider at Lloyds

A long list of accomplices were also jailed.

Do you have an opinion on this matter? Please comment in the box below.

Louise and the Microsoft Support Scammer

Louise started up Internet Explorer browser on her PC and a screen popped up with a warning

WARNING – YOUR COMPUTER IS INFECTED

CALL Microsoft SUPPORT on 0208 3808 8964 IMMEDIATELY.

DO NOT TURN YOUR COMPUTER OFF OR ATTEMPT TO DO ANYTHING ELSE

Louise called the number immediately.

A very pleasant Indian man answered and he seemed very knowledgeable and assured her he would resolve the problem.

He asked her to install a piece of Citrix software which she did so he could take control of her PC and establish the nature of the problem.

He emphasised that the PC was badly infected and how important it was to remove the threat.

He warned her to turn off any other computers or mobile phones in the house as they could also become  infected.

At this point, his patter turned into more of a sales pitch for a package that would solve her problem and this made Louise suspicious.

Now Louise’s husband Charles was surprised at the request to turn off other computers and that made him suspicious so he turned the iPAD back on and searched for scams.

He found it – the “Microsoft Support scam”.

Charles then pulled the power cord from the PC to end any incursion by the support scammer.

What happened next?

The scammers called back three times and were ignored until they stopped calling.

Charles ran Kaspersky anti-virus to scan the PC for problems and installed Malwarebytes to also scan for any other malware. He also deleted the Citrix installation.

The PC was safe and they hadn’t been scammed but Charles and Louise had a narrow escape.

If continued, the scammers may have garnered credit card details, bank details, logins and passwords. etc.  as well as being paid for removing a non-existent computer virus.

If you see a warning screen like the one above – turn off the computer and contact a professional.  Do not call the number on screen as they are scammers.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Caller Protection Company Fined For Cold Calling

A West Sussex company has been fined £40,000 for making nuisance calls to the elderly.

The Information Commissioner’s Office (ICO) ruled that IT Protect Ltd, in Bognor Regis, broke the law because it called people registered with the Telephone Preference Service (TPS), which is a service home users can sign up to for preventing unsolicited calls.

Ironically, this firm was making nuisance calls to people to sell them a call blocking device. But by phoning people registered with the TPS it broke the law. The ICO  investigation was aided by members of the public reporting the nuisance calls they’d received from IT Protect.. They told ICO that the firm had preyed on the elderly and misled people by giving the impression they were working with BT.”  STEVE ECKERSLEY, HEAD OF ENFORCEMENT, ICO

IT Protect told the ICO it had bought a list of people and phone numbers from another firm, but it had not verified that the numbers were not on the TPS list and hence could not legally be cold called.

Reliance on another firm does not preclude the company from law breaking.

The law says that calls should not be made to anyone who has registered with the TPS unless they have told the caller that they wish to receive such calls from them. Companies failing to screen against the TPS, who then call people without consent, can expect enforcement action by the ICO.

IT Protect is the first company to be slapped with a bill by the ICO since it took over management of the Telephone Preference System in December

TPS  is a free service designed to protect people from unsolicited sales or marketing calls

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

How to Play the Telemarketer Game

We all get phone calls from telemarketers and scammers. The idea of the game is to waste as much of their time as possible. The more you waste – the less time they have to scam or waste other people’s time.

They normally start with something to get you answering questions e.g. how are you?

You can just say fine but no reason why you shouldn’t tell them half your life story – every illness you’ve ever had, how bad the NHS is, your local doctor, your kids or parents or friends illnesses, the weather. You get the point – talk about anything.

Then they get onto their script.

Answer some questions and ask more questions when you get the chance.

Your questions can be sensible or whatever comes to mind.

e.g. “My Aunt Milly said I shouldn’t talk to anyone who’s a Libra? Are you a Libra?”

 Awarding Yourself Points

Each minute spent on the phone 10 points
Getting caller to repeat part of the script 5 points
Getting answers to stupid questions 15 points
Changing the subject 50 points
Making the caller angry 100 points
Making the caller hang up 100 points

Have fun.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

How to Charge Cold Callers

It is possible under specific circumstances that you can invoice cold calling companies and make them pay for your time wasted.

But it takes a lot of effort to make it work and is only possible with very insistent cold callers who refuse to stop.

Richard Herman is a retired BT engineer and he was plagued with calls from a solicitors.

He thought about what would make it possible for him to claim money from them and he put his plan into action.

  1. He recorded every call and the date, time and length of each call.
  2. He warned them that they would be incurring costs if they continued to call him against his wishes. This warning needed to be explicit rather than just saying ”It will cost you”
  3. He specified that the charge would be £10 per minute or part thereof occupied in answering the cold calls.
  4. His meticulous records, recordings of the calls and warnings to the callers to stop, put him in an excellent position with the law.
  5. He wrote to the callers demanding payment
  6. When payment was not forthcoming and the calls continued then he started legal action.
  7. The company behind the cold calls turned out to be a solicitors and they fought the case but lost and had to pay up.

You can do the same if you’re willing to put in the time and effort.

Richard Herman has a website at http://www.saynotocoldcalls.com/index.html giving more detail and he will answer queries.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Liverpool Advertising Scammers Busted

Advertising magazine fraudster George Williams jailed for seven years over £5.2 million scam.

George Williams controlled a Liverpool-based team conning firms into paying for adverts in a publication called “Emergency Services News”. There should have been about 1.2m copies per year to fulfil their promises to clients but instead police found they only printed 30,000 copies over 3 years.

Williams and others called themselves Weinstein Williams Associates Ltd and were found to have falsely claimed that they worked for the emergency services and detectives believe as many as 15,000 victims paid for adverts in publications that either did not materialise or didn’t reached the audience they had been promised.

Weinstein Williams Associates cold-called people all over the UK, claiming they were endorsed by emergency services to get people to place paid adverts in their fake magazine. Anyone who complained was threatened with legal action.

Williams, of Linacre Road, Bootle, took £2,000 a week and splashed out on flash cars, boats and property. He was jailed for seven years and four other men were sentenced at Liverpool Crown Court over the scam.

Judge Robert Warnock told Williams: “The evidence is overwhelming. You recruited guilty and unscrupulous sales staff. You enjoyed the criminal lifestyle.”  “You have shown no remorse at all. It is highly probable you will offend in the same way. Your motive was greed and your method deception.”

Scammers like this create a plausible situation where they appear to help people in business. But it’s mostly fake and the businesses lose out and the scammers get very rich.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

How to protect Yourself Against Online Scams


The points below can help you to be safer online – but stay cautious, especially where money is concerned.

1. Don’t buy anything or agree to anything that seems too good to be true.
The offer of riches or a bargain or some reward may tempt you, but be careful. If something seems too good to true then it almost certainly is.
2. Always check and confirm the identity of individuals and websites you are dealing with, both online and offline. Do not give away any personal information unless you are sure of who they are and why they need the information.
3. Don’t fall for an advance fee scam. That is do not pay upfront for a job application, a reward, a lottery win or anything else similar.
Any work-at-home scheme where you have to pay upfront is likely to be a scam and anything else where you pay up front for something where you don’t expect a charge is also likely to be a scam.

This applies, for example, to lotteries, other supposed competition wins or inheritances, and people claiming they want to share money they inherited or won.

  1. Don’t buy (or rent) from someone you don’t know or haven’t checked out. This is a difficult one as it’s the business model for Internet business Airbnb and many people around the world have benefited from renting out their home to strangers or renting the home of a stranger. If you are going to do this, make sure to read the reviews carefully looking for anything suspicious and if there aren’t enough reviews on the property then find another one.
  2. Protect your confidential information. Don’t give out private information in response to an inquiry you didn’t initiate.
  3. Buying Online. Use services like PayPal to limit your exposure to card fraud. Once your card is registered on Paypal you can use it on most websites to make secure payment without those websites having sight of your card details.

When buying online, check for “https” in the address line and a closed padlock symbol . If they are missing then the site isn’t safe for confidential information such as login and password.

  1. Don’t be pressed into taking precipitate action. The scammers will try to make you do things quickly – so you don’t have time to figure out that it’s a scam. They will make things appear urgent or set a deadline.

No matter how persuasive an offer seems or how much an agent pushes you to agree on a deal now to get a discount, don’t do it!

  1. Do not respond to charity emails as these can be fake – only donate to charities you know or have checked out and send your money directly to the charity.
  2. Use reputable Internet security software on your PC and keep it up to date. Choose products with “Internet Security” or similar wording rather than simple anti-virus programs as they have more comprehensive features and protection.

Regularly check that you’re using the latest version and that it automatically updates its malware definitions.

Ignore pop-ups and other warnings that your machine is infected that don’t come from this program. And never pay money in response to such warnings.

  1. Don’t click on links and attachments in unsolicited, unchecked messages or social networks.

This may be difficult for some people used to such messages from friends, but it’s your choice to take the risk or not.  At Christmas time many people send e-cards and scammers know this and send their own malware versions, so be warned.

  1. Don’t use Cash Transfer companies such as Western Union or Moneycorp as if the transaction proves to be fraudulent you cannot recover your money.
  2. Be wary about downloading software from unfamiliar websites or using torrent sites that share files. These might install malware on your PC.
  3. Set strong passwords and ideally use different logins and passwords for each website.
  4. Never reply to spam messages – there’s no point and you would only end up with more spam messages.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Defending FightBack Ninja Blog Against Online Attacks

cartoon_gangsters

The Fightback Ninja blog uses standard WordPress technology for the creation and management of the blog online.

WordPress is very good and free to use and there are many thousands of templates and addons available, so you can use it to create a wide variety of blogs, websites and more.

However, the fact that it is so well known also makes all WordPress installations a target for scammers and spammers.

Attack type 1 – the attackers try to access specific files that normally exist in WordPress installations, with the intention of amending those files to give themselves  scammers complete access.

Counter action: I had installed iThemes addon for WordPress and it gives a good level of protection against the common sorts of attacks. It blocked access and will lockout any IP address or login that tries constantly to access specific files.

Attack type 2 – password guessing

All WordPress installations have an admin login with the ability to create new logins and do anything on the installation.

Counter action: After nearly 10,000 attempts to crack the password, they gave up. Good job I had picked one that cannot be guessed.

Attack type 3 – comment spamming

This is not directly an attack but is simply morons trying to post entries (full of links) on the comments of the blog. This is usually to increase the ranking of some website by having as many backlinks as possible.

Counter Action: I had Installed a spam comment blocking addon called Akismet.  This puts all comments in a holding area till I chose to approve them or delete them.  So far nearly one hundred such spam comments have been blocked. The sort of comment they typically try to post is anodyne e.g. “Good writing but have you checked out this list of good links?” This is just rubbish to be deleted. As their attempted posts never appear on the blog – they give up for a while then try again.

Also, Google ignores post comments where the post is less than 3 months old so these comment spammers always go for old posts.

If you allow these comments onto your blog then you will be inundated with more as they are produced automatically.

Attack type 4 – A deluge of comment spam

Counter attack: I had to install an addon that let me turn off the comment facility completely for a while.

It is a nuisance that all WordPress sites get attacked in these ways, especially the popular ones. But the right precautions make it difficult for the scammers to cause any damage.

No doubt, the morons, scammers and spammers will continue attacks at some time but hopefully will never succeed.

If you have any experiences like this or with scammers  do let me know, by email.

ninja_signature