Friday, 04 March 2016 06:41

How to Out a Hacker

Written by

…and almost get their name and address

 

When Nguyen Minh Chau (name changed) had her Gmail account compromised, the hacker went through the standard procedures to try and extort more passwords — they sent out a fake Dropbox logo with a link for all of Chau’s contacts to download the file. Clicking on the link would mean the chance of someone else getting hacked.

 

Seeing the link and knowing Chau I replied to the email with three question marks. I wanted to know if this was real or if it was fake. The email exchange that followed made it very clear that this was a sham.

 

We all know about those dark, nameless souls who use the anonymity of the internet to achieve unsavoury goals. They hack into Facebook or email accounts, plant malware and make use of any success they have to extort money. The big boys, the ones who get past the security of major websites or government agencies, make the headlines. The small ones don’t, but they’re just as lethal. These are people who lead a strange and dark existence. When it pays it pays, when it doesn’t, they try someone else. To arrest them requires whole teams of investigators to out them from their cloud of secrecy.

 

This is how the conversation went:

 

**********

 

Dear Nick,

 

I’m sorry to bother you, I am in a terrible situation right now and am going to need your urgent help. I am in Limassol, Cyprus at the moment and I misplaced my bag containing all my vital items, phone and money.

 

I’m trying to sort things out with the necessary authorities but still need a little help from you.

 

Thank you very much!

 

**********

 

Sure, I can help. What’s your name?

 

**********

 

Dear Nick,

 

I’m Chau again. Thanks for your reply, it’s a terrible experience but i am physically okay. So far I’ve contacted the embassy and they are helping me out with my documentation but I urgently need about €900 to sort some bills and make every necessary arrangement to leave here.

 

I will pay back as soon as I leave here. Please let me know if you can help.

 

**********

 

Oh, okay. Glad to hear you’re fine.

 

I’m sure the embassy will be able to lend you some money to get home, although surely it will cost more than 900 euro.

 

Embassies are usually good like that.

 

Although, I have to say, I didn’t realise Vietnam had an embassy in Cyprus. Things must be changing, eh?

 

**********

 

And so the conversation continued until I agreed to send the fake Chau some money.

The original Dropbox link sent by the hacker 

The Pay-Off

 

Like a kidnapper trying to extort a ransom, this is where the scam starts to fall apart; the taking of the money. With increasing protections in place to prevent global money flows being used for deceitful purposes, to get money sent through — in this case Western Union — the receiver has to have ID and a name. Here are the details they sent me:

 

Name: Nguyen Minh Chau

Address: Binod Dahal Souzan Theodosiou, 316 Ayio Andreou Street, Limassol, Cyprus

Postal Code: 3150

 

I will need a scanned copy of the receipt and tracking number of the transfer after transfer is made to get the money here.

 

It was clear to see what was going on here. The name of the hacker — or, possibly the fake name of the hacker — was the first four words of the address. Binod Dahal Souzan Theodosiou. Whatever ID they had, whether fake or real, would contain this name. That way they could claim that the name on the actual transfer, Nguyen Minh Chau, was a mistake.

 

But when I started doing some research on this name, I got a little surprise.

 

Binod or Vinod is a Hindu name meaning happiness. It’s found in India and Nepal. The second name, Dahal, is Nepalese. Souzan is an Arabic girl’s name while Theodosiou is Greek or Greek Cypriot. Whoever was doing this was most likely using fake ID as well as a fake name. Also, their English was good. So there was a story to this that was perhaps not evident in the name.

 

So, had I outed this person? Not at all. But it made me feel that I had to write about it. Being hacked or having your email or Facebook accounts compromised is like being burgled, it’s just not always treated like that. To prevent burglary you need to up your security and not do anything stupid like leaving your doors unlocked or your windows open. In other words, don’t click on strange-looking links.

Typical emails sent by people trying to get you to click

Last modified on Friday, 04 March 2016 06:55
Nick Ross

Chief editor and co-founder of Word Vietnam, Nick Ross was born in the humble city of London before moving to the less humble climes of Vietnam. His wanderings have taken him to definitely not enough corners of the globe, but being a constant optimist, he still has hopes.

twitter.com/nickrossvietnam

1 comment

  • Comment Link James Mallika Sunday, 21 January 2018 02:03 posted by James Mallika

    Do you want to silently intercept SMS messages? Or listen to live calls in progress of your staff or children? Perhaps you suspect them of misusing your mobile phone or texting inappropriate people? Have you been curious about what your boyfriend, girlfriend, husband or wife is chatting about on his or her mobile phone? Now you could hear 100% completely undetected.
    Monitoring mobile phone text messages remotely in real-time without someone knowing is not difficult at {Johnhacker498@gmail.com} and his service is very cheap and affordable so quickly calls on on {Johnhacker498@gmail.com} today for a non trace and perfect job

Leave a comment

Make sure you enter the (*) required information where indicated.Basic HTML code is allowed.

Online Partners

Top