Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime

Scam Call Center's Own CCTV Gets Breached (bbc.co.uk) 49

A call center scammed 40,000 people over the last 14 months, bringing in $8 million. But within four months their own computer system had been remotely breached by "online vigilante" Jim Browning, according to the BBC. He secretly tapped into the call center's own closed-circuit TV cameras, and eventually tipped off the police, leading to a raid on the call center this week.

Browning also shared the footage with the BBC program Panorama -- along with recordings of 70,000 phone calls -- so you can watch some of that footage online. "I really do want the whole world to see what this looks like," Browning says in the BBC's report.

Slashdot reader newcastlejon shared the link. At one point Browning even dialed in to that call center from the U.K. -- and then watched as the scammers in India took his call while claiming to be in San Jose, California. "Can you name me one restaurant in San Jose?" Browning asks -- and as the scammer pulls up Google, Browning adds "I bet you're looking at Google right now..."

But Browning does take issue with the BBC's terminology. "I'm not a 'vigilante'," he complained on Twitter this week. "I report the scams to the proper authorities. Most of the time the reports are ignored and it seems to take a documentary before something actually happens."
This discussion has been archived. No new comments can be posted.

Scam Call Center's Own CCTV Gets Breached

Comments Filter:
  • Editing (Score:5, Insightful)

    by Scutter ( 18425 ) on Saturday March 07, 2020 @11:48AM (#59806198) Journal

    The editing on that video on the BBC's site was almost more infuriating than the scammers. I don't know why you have to keep cutting away every three seconds and adding in a bunch of fake video artifacts.

    • by Myself ( 57572 )

      I just closed the window and came back here to see if anyone had commented on it. Yup.

      It's like a student just learned how to use the effects tool and decided that an absolute overdose thereof would somehow make it more watchable.

      Sorry, BBC, whatever story you were trying to tell got lost in all the glitches.

    • by thomst ( 1640045 )

      Scutter noted:

      The editing on that video on the BBC's site was almost more infuriating than the scammers. I don't know why you have to keep cutting away every three seconds and adding in a bunch of fake video artifacts.

      The Beeb's video is geoblocked, but the promo is also available on Youtube [youtube.com].

      And, yes, the editing of the promo is apparently intended to discourage viewers from watching it. Me, for instance.

      I bailed on it in under 30 seconds.

      The class of morons who conflate "flashy," "annoying," and "good" are clearly in charge of the BBC's self-promotion department ...

    • The editing on that video on the BBC's site was almost more infuriating than the scammers. I don't know why you have to keep cutting away every three seconds and adding in a bunch of fake video artifacts.

      Because that is what BBC and other media does nowdays. It is very rare for a video or photo to be genuine because it shows something different from what is intended to be shown. Creating editing is essential to maintain the narrative and the editors continue doing even when it is not needed - it is the inertia and habit.

      Example (Guardian front page as I have given up on the Beeb years ago): https://i.guim.co.uk/img/media... [guim.co.uk]

      Any mentioning of this photo in the Guardian comments is immediately removed. Wh

  • How is this guy not in jail? Hacking is illegal.
    • Re:Jail (Score:5, Insightful)

      by UnknownSoldier ( 67820 ) on Saturday March 07, 2020 @11:57AM (#59806214)

      To play Devil's Advocate:

      All that is required for evil to prevail is for good men to do nothing.

      • I'd further prosecute them [the scammers] for GDPR violations in that they're are trading within the EU, and as a result of poor security, customer information was been obtained by a third party.

        Yeah, technically the third-party is probably operating illegally, but... it'll be hard to trace *who* actually did that <innocent-face> ... and there's less incentive to follow up that particular crime since there's no money involved.
    • And so are theft and murder.

      But if you got the biggest club, and some medieival unscientific methods and some people claiming "he did it", you can call it "imprisonment" "confiscation" and "death sentence", and your dumb livestock will just eat it up.

      We $harm people
      who $harm people
      because $harming people is wrong.

    • Who is the injured party? How much would prosecution cost, and is the relevant law agency in the UK capable of prosecuting such a case? The FBI Computer Crime in the USA is not.

      • by OzPeter ( 195038 )

        Who is the injured party? How much would prosecution cost, and is the relevant law agency in the UK capable of prosecuting such a case? The FBI Computer Crime in the USA is not.

        Computer Misuse Act 1990 [wikipedia.org]

        1. Unauthorised access to computer material, punishable by twelve months' imprisonment (or six months in Scotland) and/or a fine "not exceeding level 5 on the standard scale" (since 2015, unlimited);

        2. Unauthorised access with intent to commit or facilitate commission of further offences, punishable by twelve months/maximum fine (or six months in Scotland) on summary conviction and/or five years/fine on indictment;

        3. unauthorised modification of computer material, punishable by twelve months/maximum fine (or six months in Scotland) on summary conviction and/or ten years/fine on indictment;

        And lots of laws don't require an injured party. For example it is illegal to simply draw child pornography on the USA. So if you do it, who is injured party? Also see any law that starts with "conspiracy to .. "

        But I have to laugh at "I'm not a 'vigilante'", when that is exactly what he is.

        • It's not clear the law against drawn CP is constitutional, and the only convictions under it involved simultaneous possession of the real deal, and only a handful of times. There's conflicting rulings. I don't expect it to hold up. You'll note the clearnet is flooded with the stuff and no action is taken.
        • by Anonymous Coward

          I think you're missing the point, it's not a legal one, it's a practical one.

          In the UK, there has to be a public interest in justifying the cost of pursuing a prosecution. There's exactly zero public interest in spending tax payers money prosecuting someone who is taking down scam call centres in defence of what are typically vulnerable people in the UK.

          If there was some downside to this, such as a risk of deteriorating political relations with India, someone in India being physically hurt as a direct resul

        • 1. Unauthorised access to computer material, punishable by twelve months' imprisonment (or six months in Scotland)

          Is Scotland really that bad? [visitscotland.com] I would have thought it was the obvious choice.

    • Toss 'im in the gulag! Yeehaw!

    • Because he's overseas and the indians can't prosecute him :V

      • Re:Jail (Score:4, Informative)

        by mobby_6kl ( 668092 ) on Saturday March 07, 2020 @04:23PM (#59806658)

        I had to check but unsurprisingly India does have an extradition treaty with the UK as well as most of Europe: http://www.cbi.gov.in/interpol... [cbi.gov.in]

        That said I can't imagine trying to extradite him for hacking would be very popular at home or in the UK.

        • As an Indian let me say that these scammers are screwed. And by that, I mean these particular scammers. Policing or state presence in general in the land is minimal to non-existent. The city of Gurgaon where these fuckers were operating is right at the border of Delhi, the capital of India. It is known to have very low education level but being next to Delhi, it is recently developed and has sky-rocketing rent attracting pure business types (who hate educated people) from around the country and the poor lur

    • by sjames ( 1099 )

      Vigilante action always shows up where law enforcement leaves a vacuum. And that is why no action will be taken against him. The last thing authorities want is a months long stream of news pointing out their utter failure to pursue a real crime that harms everyday people, and of course the side question, why are they bending over backwards to protect the people they're supposed to be arresting?

      If this was a personal beef that few have to deal with or they could honestly say they investigated and there no ev

      • The last thing authorities want is a months long stream of news pointing out their utter failure to pursue a real crime

        Therein lies the real problem. I'm by no means an expert, but I do enjoy many of these "hacking the scammer videos" on YouTube. I usually just play them in the background the way some folks would play a sports match. I get the impression that the authorities aren't sufficiently inclined to pursue such matters until they are suitably embarrassed and appropriately shamed for their failures. It's unfortunate. This is big business. Just this year I've had the opportunity to be arrested by the IRS Police more ti

        • by sjames ( 1099 )

          Agreed, the volume of this crap is slowly but surely making the telephone useless as a form of communication. I never answer the POTS line unless the caller starts leaving a message and I recognize them. Unless cellphones develop the same capability to let you hear a message being left in realtime, they will simply be useless for voice communication soon.

  • The phone companies will stop this from happening, as soon as they stop making so much money.
  • Yeah, they appear to clearly be criminals.

    But last time I checked, that does not allow you to break the law either. You'll be just one more criminal. Which, in this case, is called a vigilante. Which is generally mostly accepted, as our entire legal system is based on commiting violent revenge on the most lazily, conveniently and closest available scapegoat in the cascade of cause and effect, determined with ridiculously unscientific methodology, anyway. :)

    All in all, we can let it slide, given that the sca

    • He got lucky they were from India so no or little chance of prosecution.

      I got a call from "Mike" (fake UK number) two weeks ago with a very slight accent which started as "We are from a financial consultancy". He got a rather obscene answer from me and I hanged up before he finished. Mike showed some lack of professionalism after that and tried to call me from his REAL number which matched his accent - Portugal. So this is by no means an "Indian only thing" - there are call centres in Portugal, Slovakia,

  • by Alwin Henseler ( 640539 ) on Saturday March 07, 2020 @01:33PM (#59806352)

    Some quotes from ISM's story to illustrate why:

    .. fake tech support company ..

    It's just too easy to spoof things that go over the internet (or phone). And for most victims, it's impossible to check what's real & what's not. Like factchecking fake news without knowledge of the subject matter, and only (equally questionable) online sources to go by. Is a call center really located where scammer says they're calling from? How would you know, and why would it even matter? Many legitimate companies have outsourced their call centres too these days. I've worked in some myself - customers call a fixed landline suggesting they call a line in city A, I'd take their call sitting in city B. Nothing out of the ordinary.
    Victim hears a 'suspicious' accent, so what? No doubt there's many people with say, Indian accent working in US call centres.

    I have investigated a number of fake 'logistic company' websites at one time. Once you've seen a few, it gets easier and easier to find cut & paste copies of sites. But some of those might be a genuine company's website. How to tell? Often it's easy, sometimes it's not (I won't share tips here for obvious reasons). Reported to ISP's, some act, some don't. Fake banking sites are usually removed quickly, fake company sites often are not as long as scammer pays the hosting bill & no legal steps are taken (yes black sheep in the ISP community, we have your names).

    An expert may call a victim stupid by ignoring 'obvious' warning signs. But if you dive into the psychological aspects, the picture is much less clear. For example take romance scams [wikipedia.org]: sometimes victims are worked on for months. Even though they've never met in person, it feels like it's a friend or family member that's asking for help. For most people that's hard to ignore. And enough people have money in the bank to grab their chequebook & convince themselves they've done the right thing. When such a scam gets uncovered, it's not just the money that hurts: it's the feeling of being betrayed by a trusted friend, and the difficulty of even believing (never mind accepting) that 'friend' doesn't really exist at all.

    So it's as much social engineering as technical trickery, and mixing those in a refined manner. Internet, phone, direct messaging apps, social networks & more is thrown into that mix. It's naive to think scammers are stupid: basically it's a job. Some fail miserably, but some are very good at it. And a few well-organized groups can do a lot of damage (this holds for the white hats too, btw).

    Acting on Browning's tip-off (..)

    With internet / phone scams, authorities DO NOT act on tip-offs, period. It's regarded as non-violent petty crime (and time consuming to gather evidence - never mind finding culprits or getting them behind bars). Personally I assume law enforcement to be stupid regarding internet or phone scams - I have yet to be proven wrong on that. :-( Authorities act when media reports get enough attention that doing nothing becomes impossible. Or when so many reports of victims come in, they can't continue to ignore it. Or when the total $ damage is so big that 'there MUST be something worth investigating'. "tip-off" means nothing. "over 8 million USD", "40,000 victims", and "the BBC's report" are the keywords here.

    While Chauhan may have kept his allegedly shady business dealings secret, he made no effort to hide his immense wealth. The alleged cyber-criminal lived in Gurugram's luxury Magnolia condominium on Golf Course Road and was known locally for wearing designer clothes and driving around the city in Porches and Jaguar SUVs.

    Sure he may fall from grace. Maybe even do some time. But you think his illegally obtained riches will be taken away? Think

  • by nsaspook ( 20301 ) on Saturday March 07, 2020 @02:32PM (#59806448) Homepage

    A hacking and a cracking.

  • Given that what these scammers do is (presumably) illegal even in India, why aren't the Indian law enforcement agencies doing more to go after the scammers? (especially when given all the details to go round a few people up and make some easy arrests)
    Are the cops too busy with other things that are considered more important in the eyes of the higher-ups? Are the scammers paying off the cops to leave them alone? Something else?

    • by micheas ( 231635 )

      Because matching the scammer to the victim is hard.

      50 people scammed 5,000 people in a month and you have a victims list and a list of scammers, but now you need to map the two lists together. The recordings helped the police to do that. Suspect 27 was sitting in the chair in front of the computer that scammed victim 349 when the person was scammed is a lot easier to make the case of. Especially when you have a recording of the phone call.

      It will be interesting to see if the lesson learned from the criminal

    • Given that what these scammers do is (presumably) illegal even in India, why aren't the Indian law enforcement agencies doing more to go after the scammers? (especially when given all the details to go round a few people up and make some easy arrests)
      Are the cops too busy with other things that are considered more important in the eyes of the higher-ups? Are the scammers paying off the cops to leave them alone? Something else?

      Don't forget Bernie Madoff scammed the hell out of practically everyone in and got away with it for a great many years. Enron was equally as bad. Businesses can be down right evil as can some politicians and still scam the hell out of most of the people most of the time. How the hell else could a consummate scammer and obvious pathological liar become the POTUS.

      Cons are called cons for a good reason they get what they want by manipulating people it is all that they are usually really good at in life. Hitle

  • by waspleg ( 316038 ) on Saturday March 07, 2020 @06:56PM (#59806844) Journal

    which has the information the videos he's forced to redact because of YouTube policies. Browning is also a fake name. He's part of the scambaiting community, I like him but no one is as Kitboga who is practically a performance artist who focuses on wasting scammer's time.

"Facts are stupid things." -- President Ronald Reagan (a blooper from his speeach at the '88 GOP convention)

Working...