Hacking the Scammers and Exposing Their Tactics in a Mission to Protect Nepalese Youth
A few days ago, I returned to my hometown during my semester break with the intention of spending some time with family. However, I stumbled upon a lead regarding some fraudulent groups. My cousin, who is currently studying in his first year of BBA, was speaking to me about a friend who had been introducing him to money-making schemes. At first, I disregarded the matter, but as I listened further, I realized the gravity of the situation. It was similar story like some Networking companies that where running in Nepal and got arrested previously from varrious parts of Nepal.
However, as I delved deeper into the matter, I grew intrigued and decided to investigate further. I started with open-source intelligence (OSINT) research and employed some social engineering tactics on my cousin’s friend, using his account. Although the friend was new to the business, I was unable to gather much information. But he mentioned using a virtual office that he logs into using a VPN. As a security researcher, my primary concern was to gain access to the VPN and uncover more information.
I pretended to be naive and expressed interest in joining the business, convincing the agent that I was a potential mark. The agent told me that he would forward my name to the headquarters for selection. I was using my cousin’s device for the operation and posed as him, as the agent was familiar with my cousin as a childhood friend who had been in India for some time. To my delight, the agent informed me that I had been shortlisted.
However, the interesting thing was that all they knew was my name. I had not submitted any CV, documents, or any other form of identification. Nonetheless, I was pleased that I had been selected for an interview. The agent instructed my cousin to dress in formal attire for the interview and informed me that there would be two rounds. I have gone through several interviews before and was not intimidated by the process.
The day of the interview arrived and I was filled with excitement at the thought of potentially becoming a billionaire. The interview was scheduled for 1 PM Nepal time and I was eager to give it my all. The scammers conducting the interview were English-speaking and I was ready to impress them. The first round began and I was faced with the interviewer.
The interviewer introduced himself as Jassi Bhai, or at least that’s what he claimed his name to be. He taught me about the business in a manner that felt more like an orientation than an interview. I challenged him with unconventional logic, for instance, when he asked what my first step would be if I were to open a textile factory, he expected me to say acquiring land or infrastructure. However, I responded with conducting a market analysis and even argued with him over the importance of market analysis over purchasing land. Jassi Bhai grew increasingly frustrated with my responses, but I was pleased to see my unconventional approach ruffle his feathers. He proclaimed that he understood the business better than I did, to which I replied that he may have the knowledge of the business, but the real challenge was applying it effectively. This is where the fun part began. He provided me with a VPN and instructed me to log in using the credentials he provided, directing me to visit 10.*.*.* to view his members and personal workspace.
I was overjoyed with this development and eagerly turned on my Zenmap to conduct a CIDR scan of the /24 range, all the while engaging with Jassi Bhai to keep his attention. I pretended to be impressed with his supposed use of modern technology and acted respectfully towards him. I believe he may have thought that I was in awe of his supposed technological prowess. It was kind of CMS where the scammer used to keep track of peoples.
The scan revealed several devices including printers, RDP, SMB, and SMTP servers. To my surprise, all the SQL servers had root access with blank passwords, while the SMB servers had enabled anonymous login. This was a clear indication that their system was not properly secured, giving me even more insight into their operation.
With the first round of the interview successfully completed, Jassi Bhai informed me that I would need to wait for an hour as the next round would be with their manager. This gave me ample time to explore the computers and servers that I had discovered during my CIDR scan. I took advantage of the situation to gain further insight into their operation. I did some random things, which I cannot write here.
The second round of the interview began with a beautiful young woman sitting in front of me. I was pleasantly surprised by her polite demeanor and striking beauty, especially on Valentine’s Day. It was a welcome change from the first round with Jassi Bhai.
She introduced herself as the HR of the company and one of its senior officials. She then proceeded to lecture me on the ins and outs of product manufacturing business. Although I was already tired of lectures, I kept my patience and feigned interest. I asked if I could take notes to appear more attentive, all the while secretly hacking into their systems.
I was informed that I needed to deposit 2,35,000 Indian Rupees within a week in order to join the chain of businesses that they claimed to own, with the promise of making 5 crores or more within 4–5 years of starting it. She instructed me to keep the details of the agreement confidential and asked me to provide my personal documents such as citizenship and passport within 15 minutes. When I inquired about the legality of the company, she claimed it to be a legal entity but refused to reveal the name of the company I would be working for.
It seems that their tactics were well thought out, including having the payment and personal documents sent to a middleman, who was supposedly a friend of your cousin, instead of directly to them. This way, if anything went wrong, they would be able to deny any wrongdoing and place the blame on the middleman. By not providing any information about themselves, they were able to keep their true identities hidden. What a plan!
But I banged their system, and might be temporarily stopped the operations. While we can take down their systems, they can simply set up new ones. This is why it’s important to educate more people and raise awareness about these types of scams. By doing so, we can prevent our loved ones from falling victim to these illegal activities and losing both their money and time. Stay vigilant and protect those close to you. Peace!
Facebook: facebook.com/31337mickey
twitter: twitter.com/sushil_phuyal
linkedin: linkedin.com/in/1337mickey
