Scammer slammer thwarts online hijacking attempt

Queenstown computer consultant Eden Brackstone concedes he is now a marked man, after he turned the tables on an attempted scammer this week.

The online hijacker picked the wrong guy to mess with, when he phoned Mr Brackstone on Monday, claiming to be from Spark technical support and seeking remote access to Mr Brackstone's terminal.

"As a business owner in the IT field, we get targeted by these scammers many times a week," Mr Brackstone told Radio LIVE's Mark Sainsbury. "Two or three times a week is not uncommon."

"In this case, the scammer accidentally/on purpose - perhaps he didn't realise who he was speaking to or the level of my knowledge - gave me unrestricted access to his computer, not the other way round.

"They use this tactic as a mechanism to establish trust. If someone rings you, asking for your passwords, that's going to trigger a hesitant response from the user, so these guys have started giving access to their computers, whereby you only see a blank screen and then they ask you to switch sides.

"Once I had access to his computer, I made sure he was away from his desk and then spent the next half hour wrecking varying degrees of havoc, but all the while gathering valuable information to pass on to anyone who's interested."

Mr Brackstone was able to discover where the call originated, how many other scam calls they had made, their success ratios and the countries they were targeting.

He insists he did nothing illegal - he simply used his IT knowledge to gain an advantage over his potential hacker, whose password was (laughably) '123456'.

"My prime objective was to get some information that might prove useful to deterring these things. There might be mechanisms that people further up the chain could use to shut them down completely."

Bring it on

But Mr Brackstone accepts the ramifications for his actions may be increased attention from scammers, looking to extract revenge by bringing him and his DeepFocus company down.

His challenge to them - bring it on.

"As for legal consequences for me, I can't see there being any," he told Sainsbury. "Perhaps the more likely outcome is that I will be targeted with more of these calls.

"The gentleman is probably not too popular among his peers, having essentially left the door open. I think anyone in my position, with the skill and knowledge to do so, would have done exactly the same thing."

But NetSafe technology and partnerships director Sean Lyons advises others not to engage with scammers in this way, likening it to a burglary situation.

"We are really cautious, when we hear stories like this," he told Newshub. "It's not vigilantism, but we always caution people against it.

"It may well be an organised-crime network and they don't tend to appreciate people having a crack at them.

"And it reminds me a bit of the guy who stops a burglar and ends up in court on assault charges - it's the same here."

If the scammer was based overseas - and Mr Brackstone narrowed the origin down to Africa or India - there is probably no common jurisdiction for legal action.

But if the call came from within New Zealand, Mr Lyons warns: "There's a strong likelihood that a crime has been committed, not by the scammer."   

Mr Brackstone insists this incident should serve as a wake-up call to other internet users, who receive bogus calls about online security.

"Anyone who gets these kind of phone calls needs to exercise vigilance," he says. "A genuine phone call from a legitimate company or individual is exceedingly rare.

"If there's even a shred of doubt about who you're dealing with, hang up the phone and contact a professional. Get someone you know and trust to audit your system, and reassure you that you haven't been breached."