0:00

Hello, Jack. Hello, hello. Good.

0:03

Well, it's good evening for

0:06

me. I

0:09

guess you're in the States. It's probably

0:11

the afternoon. Yeah. Yeah. I

0:14

just eat lunch. I'm having some chocolate. You

0:16

like chocolate? Okay. Oh

0:19

yes. There's very well, there's very few

0:21

people I think don't like chocolate. I

0:23

know. Yeah. Yeah.

0:26

Yeah. Chocolate's great.

0:28

Yeah. I like the energy. Yeah.

0:31

A little caffeine. Yeah. Indeed.

0:34

You know, there's only like a few places in the world that have

0:36

caffeine. There's tea, coffee, cola,

0:40

chocolate. And I think

0:42

that's it. That's the natural sources. Yeah. No,

0:45

it's yeah. It's hard to do without it. Yeah.

0:49

Do like a bit of chocolate. You're actually making me hungry. I

0:52

probably got you at a bad time. I

0:54

wasn't actually expecting you to say, yeah, I'm ready to

0:56

go. We can just

0:59

do this, but absolutely suits me down to the

1:01

ground. You know what? The thing is,

1:03

is that you are the most requested guest maybe

1:05

I've ever had. Well, okay.

1:08

So if you're available, I'm available. Let's go.

1:10

I'm going to put the chocolate to the

1:12

side and let's get, let's make a podcast.

1:15

Yeah, that's cool. I've got to say, even

1:17

before we do this, I have listened to

1:19

loads of your podcasts and honestly, it's an

1:22

honor for me even to be asked on

1:24

to it. So there you go. So

1:29

you're the guy that everyone knows you're

1:31

ready to go. Oh, I'm

1:33

ready. Yeah, far away. These

1:40

are true stories from the dark side of the

1:42

Internet. I'm

1:47

Jack Resider. This

1:50

is Darknet Diaries. This

2:08

episode is sponsored by Intruder. Growing

2:10

attack surfaces, dynamic cloud environments, and the

2:12

constant stream of new vulnerabilities stressing you

2:14

out, Intruder is here to help you

2:16

cut through the chaos of vulnerability management

2:18

with ease. Combining leading scanning

2:21

engines, actionable results with advice and analytics

2:23

to help you understand how secure you

2:25

really are, Intruder levels up

2:27

your vulnerability management program. Thanks

2:30

to continuous monitoring, you're alerted as new

2:32

systems come online and are automatically checked

2:35

for weaknesses. It highlights unnecessary exposures like

2:37

unprotected admin panels or misconfigured cloud storage

2:39

and includes proactive threat response, automatically scanning

2:42

your systems for emerging threats. So you're

2:44

always one step ahead of hackers. And

2:46

the best part? You can get set

2:49

up in minutes and scan everything you

2:51

have in one place. That's

2:53

right, infrastructure, web apps, APIs. Join

2:56

the thousands of companies who are using Intruder

2:58

to find and fix what matters most. Sign

3:01

up to Intruder today and get 20% off your first

3:03

three months. Visit intruder.io/darknet

3:06

to get this

3:08

exclusive discount. That's

3:11

intruder.io/darknet for 20% off

3:13

your first three months.

3:21

This episode is sponsored by Shopify. Some

3:24

things in life are no brainers. You always

3:26

choose the window seat over the middle seat.

3:28

You go to restaurants, have the free breadsticks.

3:30

You outsource business tasks you hate. But

3:33

what about selling with Shopify? From

3:36

the launch your online shop stage to the

3:38

first real life store stage all the way

3:40

to the, did we just hit a million

3:42

order stage? Shopify is there

3:44

to help you grow. And running a

3:46

growing business means getting insights you need

3:48

wherever you are. With Shopify's single dashboard,

3:50

you can manage orders, shipping and payment

3:52

from anywhere. What I think is cool about

3:55

Shopify is it really doesn't matter how big you want to grow.

3:58

They have a huge list of integrations and

4:00

third party. apps that are going to help

4:02

revolutionize your business. You want to

4:04

integrate on-demand printing or accounting or chatbots?

4:06

Shopify's got it covered. Sign up

4:08

for a $1 a month trial

4:11

period at shopify.com/darknet. All

4:13

lower case sets. shopify.com/darknet.

4:18

Go there now to grow your business. No matter what

4:20

stage you're in, shopify.com/darknet.

4:30

Today I have the absolute pleasure to

4:32

speak with Jim Browning. Jim was

4:34

the first person I ever saw do scam baiting, and

4:36

I was blown away that someone even does this sort

4:38

of thing. Scam baiting is just

4:41

out of the town. He tries to bait

4:43

scammers to scam him, and he records it

4:45

for YouTube, and it's really quite amazing to

4:47

watch. So it's still

4:49

just connecting? I've kind of answered

4:52

texting for a long time because I said-

4:54

I don't know why. Your computer and internet

4:56

is working really very slow because it

4:58

got infected with the virus. Oh,

5:01

the virus thing? Yes. Yes.

5:04

Nothing to do with the virus. What happened now

5:06

actually? The alert which you got,

5:08

that is the security block alert, which

5:10

is coming from internet, because

5:12

right now you haven't know any

5:15

internet security. That is the

5:17

reason while browsing over

5:19

the internet, by mistake or

5:21

by accidently, you might

5:23

have a click any link which

5:25

was not secure. Okay? Oh,

5:28

I see. How did all this

5:30

get started for you? What's your origin story with

5:32

this whole scam thing? Well,

5:35

I wish it was a bit more like

5:37

Batman. You know, Batman has got this, you

5:39

know, an injustice done, and you know, these

5:41

after the Joker and all this sort of

5:43

thing. Very, very different for me. The

5:46

way I got started was probably

5:48

like most people, I

5:51

receive lots of scam phone calls, and

5:53

you keep hearing those incessant

5:55

phone calls. People pretending to be

5:58

Microsoft, pretending to Amazon. on

6:00

your bank and so on. And

6:02

most people know just to hang up those calls, but

6:05

I'm one of those people who

6:07

I love to dig a little bit deeper.

6:11

Because I'm an engineer, I'm a know

6:13

about computers, know about networks, and

6:16

I thought to myself, surely someone

6:18

is doing something about this, and

6:21

if they're not, maybe I can do something. I'm

6:25

sure you're familiar with the fake Microsoft

6:27

support scam calls. It's typically

6:29

where someone from India calls you up and says

6:31

you have a problem with your computer, and

6:33

it sounds something like this. Hi,

6:37

hello. Oh yes,

6:39

hello, I'm calling from Visa portal, and see, and

6:41

my name is Sandeep, Jim. And

6:43

they'll try to convince you that your computer

6:45

has a virus, and they can help, and

6:48

they'll ask for control of your computer to fix

6:50

it. But the thing is, you don't actually have

6:52

a virus at all. They just made up this

6:54

problem, and they wanna take your money.

6:57

And Jim finds this whole thing really fascinating, and

6:59

just can't stop thinking about this. I

7:01

really want to find out about what

7:03

makes the scam tick. So

7:08

Jim finds himself on these calls to

7:10

hear how it works, and

7:12

watch their whole operation. And

7:14

then he calls them out on it, like this. Oh

7:16

yes, I just need to inform you that we have

7:19

finished all the work with the computer now, and everything

7:21

is working fine with it. Right,

7:23

did you find any Trojans or

7:25

anything? Yes, we have

7:27

already removed all your network infections, and

7:29

also we have blocked them, so they

7:32

will not enter from now onwards. Right,

7:35

just that I was watching everything

7:37

you were doing, and also recording

7:39

what you're doing, and recording your

7:41

voice, because you've removed nothing

7:44

whatsoever from this machine. It was never

7:46

infected in the first place. And

7:48

all you've done- I'm sorry? It was

7:51

never infected with anything in the first place,

7:53

and you know that? So

7:55

you say that you've removed a Trojan.

7:58

Tell me what Trojan you've removed, and show me- evidence

8:00

of that then. Right

8:03

now we have already removed and everything is recordable

8:05

at our end as well. Yes. Yeah. Show me.

8:07

Tell me what I had. Tell me what Trojan

8:09

I had then. Like

8:12

we have removed all the Trojans. Yeah.

8:14

Show me one Trojan that you've removed. Okay.

8:22

Let me explain it to you. Like there were

8:25

Trojan horses in it. Yeah. Show me the evidence

8:27

of that. That's what I'm asking. But

8:29

how should I show you now? But they are already removed.

8:33

Because if it was something like oh

8:35

this particular tool and it would have logs

8:38

and it would show you in

8:40

the history what was

8:42

removed. Okay. There's nothing been removed here.

8:46

This is an anti

8:48

malware software. So go on then. Tell me

8:50

what software you use to remove any Trojan.

8:52

Bear in mind I've recorded everything you've done.

8:55

So are you going

8:57

to still stand by that story that you removed to

8:59

Trojan? So may I put the

9:01

line hold for one to two minutes? You

9:04

can do what you want but don't forget all of this

9:06

is going to be uploaded to YouTube very shortly. So be

9:08

very careful what you say in the next few minutes. Jim

9:11

is pretty good at catching them in a lie

9:13

and then he tries to get

9:15

them to explain themselves. And when

9:17

they continue denying it he reports them. Definitely.

9:19

What I will do is now that I've

9:21

got your IP address this one and

9:24

the timestamp which is Mumbai so

9:26

it's now 6pm. It's been running for a

9:28

few hours. This one though. I

9:31

can go to your ISP and

9:33

that's Tata Tele services in Italy.

9:35

They provide that IP address to

9:37

you and that's the one

9:39

you're using at the minute. So I'm going

9:41

to get them to identify exactly who you

9:44

are because I know your address isn't in

9:46

California. I know you're located in

9:48

India. Or I'll

9:50

probably just publish all of this

9:52

on YouTube anyway. So thank you

9:54

for choosing V-support. Thanks

9:56

for choosing Scammers in Mumbai.

10:00

Yeah, in my background

10:03

is that I have

10:05

been in IT really all

10:08

my professional life, all my working life.

10:10

Yeah, let's hear about that. What's the

10:12

specialty that you are in IT? Yeah,

10:15

so I guess up

10:17

until very recently I had a real job

10:20

as in a real normal

10:22

IT job. I worked for a large

10:25

company, should we say in the

10:27

UK, and part

10:30

of their specialty was dealing

10:32

with IT services and set

10:34

up. I have personally

10:36

supported an organization

10:38

with more than 200 or 300 people in it. So

10:42

I'm the kind of admin,

10:44

the sysadmin for a large

10:47

IT company. So that's my background. As

10:50

part of that, I'm also a programmer.

10:53

I'm a network engineer, but

10:56

I have no form of qualifications

10:58

in, for example, cybersecurity. Although

11:01

at this stage, I think I

11:03

could probably do fairly well in a

11:05

cybersecurity exam. But my

11:08

background is a normal IT

11:10

job. That's it. A lot

11:14

of times what these scammers will do

11:16

is type commands on your computer to

11:18

prove you have a virus, but

11:20

all they're doing is just showing you really

11:22

normal computer activity. And it doesn't prove anything.

11:24

In fact, one time I saw a video

11:27

of his where a scammer just typed on

11:29

the screen that the firewall is

11:31

damaged and is at 2%. This

11:34

camera was trying to say hackers are going to

11:36

soon break through and get everything. But

11:39

the thing is that firewalls don't have a

11:41

percentage. And it's great that

11:43

Jim knows a lot about IT and can

11:45

easily spot every one of these bad attempts

11:48

at showing him that there's a problem on his computer.

11:51

Type these things into your computer and look,

11:54

you've got hackers, you've got

11:56

viruses, you've got computer problems,

11:59

you're going to have to pay. me two, three hundred

12:01

dollars to fix that problem. Now

12:04

these scammers are not sophisticated at

12:06

all. Their scam is really basic,

12:08

but their method of collecting payments

12:11

is crazy ridiculous. What they should do is

12:13

just act like a normal company and set

12:16

up a website where you enter in your

12:18

credit card details and send the

12:20

money. But they can't do that because

12:22

payment processors will quickly spot and shut

12:24

them down and freeze their money. Maybe

12:27

even charge them a fee. So Stripe

12:29

and PayPal are just out of the question here,

12:31

which means they've got to come up with some

12:34

creative alternative ways to get money

12:36

from you. They will get you

12:38

to buy a gift card. They won't use the

12:40

word gift card. What they say to their victims

12:42

is you've got a security problem.

12:45

You're going to have to solve it with

12:47

a security card and you'll have to go

12:50

to your local Walmart or whatever to get

12:52

the security card and they

12:54

won't use the word gift card if they can avoid

12:56

it. But of course, whenever you

12:58

go in there and you're outside the store, they will

13:01

say, right, I need you to go in and buy

13:03

an Apple card or an

13:05

eBay card or whatever it is. And

13:08

as soon as you read out that

13:10

number, that's as good as them taking

13:12

the value of that card because they

13:14

can launder that almost immediately. Yeah.

13:17

So I'm curious on that. How do they launder

13:20

it? Because if you give someone an eBay card,

13:22

they're not going to buy something on eBay, they're

13:24

probably selling that for pennies on the dollar. They

13:27

do exactly. And they'd be lucky to

13:29

get maybe 50 percent of the actual

13:31

value of the card. But what they

13:33

do is they take those numbers and

13:36

there is quite a well, shall

13:39

we say, a black market for gift card

13:41

numbers. There are legitimate

13:43

websites like Paxful, for example,

13:46

where people will buy Google

13:48

Play cards, eBay cards, you

13:52

name it, any sort of gift card. And

13:54

they will give you 50 percent of the value

13:57

and they will mark that up and they

13:59

may. correctly or

14:01

indirectly buy items from

14:03

those stores. So

14:05

yes, absolutely. You're gonna lose half

14:08

the value, but if you're

14:10

a scammer you have completely, cleanly

14:12

washed that money because there's almost no

14:14

way of getting money back when someone's

14:16

bought a gift card and it's

14:19

been used. This

14:21

always seems surprising to me. To convince your

14:23

victim to hang up the phone, go drive

14:25

to the store, buy a gift card, then

14:27

drive back home and call the scammer back

14:30

up to give them the gift card details.

14:34

I just think you're gonna lose your victim every

14:36

time in that process. And on

14:38

top of that, they're only getting half the value that's on

14:41

the card, but this seems to

14:43

be pretty effective. These scam centers are making

14:45

quite a bit of money this way and

14:47

I guess this means that even

14:49

though the scam is hilariously bad

14:52

and the method of collecting money

14:54

is ridiculously complex, the

14:56

thing that makes this work is the numbers,

14:59

the relentless attempts at scamming people.

15:01

If they try over and over

15:03

and over and over, they'll eventually

15:05

get people to pay them. Now

15:09

of course some victims don't want to

15:11

send gift cards, so the scammers say,

15:13

that's fine, there's another way. Send us

15:15

cash. They actually persuade people

15:18

to go to their local bank and

15:21

withdraw cash and

15:23

they will say, I'll instruct you in a moment

15:25

what you do with the cash. So they generally

15:27

get the victim, take the cash home and

15:29

then they'll say, and this is

15:31

typically for a bank type scam, they'll

15:34

say we're gonna create a new account

15:36

for you and you need to send

15:38

that money to a secure facility and

15:41

they will say, look you need to put

15:43

the cash into pages of

15:45

a book. So between pages of a

15:47

book, wrap that in silver foil and

15:50

they will actually get you then to go

15:52

to the nearest FedEx or post

15:55

office and mail

15:57

your cash to an address

15:59

and it's a money me over the trash. That

16:02

sounds even more bizarre. Have these

16:04

victims never paid for anything in

16:06

their life before? In what

16:09

world is it normal to wrap cash up in

16:11

pin foil and stuff it in a book and

16:13

then ship it somewhere to get your

16:15

computer fixed? Like I don't

16:17

want to be victim-blaming here. But

16:20

come on, how colorblind do you

16:22

have to be to not

16:24

see these giant red flags? One

16:26

of the scams that Jim sees often is

16:29

called a refund scam and it might start

16:31

out with a phone call. That sounds like

16:33

this. Hi, we are calling you from your

16:35

computer maintenance department. If

16:37

you remember, you have a contract with us for

16:40

computer support and services, unfortunately.

16:44

We are closing the business so

16:46

you can give us a call for

16:48

the refund of the amount you paid to

16:51

claim your refund. This

16:53

is a real voicemail or phone call. People

16:56

are calling for this and calling up the number to you

16:58

and me. That

17:00

phone call sounds ridiculous, doesn't it?

17:03

It's a crappy, robo voice and

17:05

it's not fooling us. But

17:08

just think about the mechanics of this

17:11

call. They are clearly using some text-to-speech

17:13

software, right? I don't know why,

17:15

but they are using a terrible version and

17:17

have terrible English. But technology

17:19

is rapidly improving. There is way

17:21

better software out there today. And

17:24

I just wonder, you

17:26

know, someday the scammers are going to upgrade and

17:29

use the good stuff. Let

17:31

me demonstrate. Here's what I'm going to

17:33

do. I'm going to improve this whole scam attempt. Are you ready?

17:36

First, I'm going to take the text that

17:38

they said in that call and ask Chat

17:40

GPT to rewrite this but make it sound

17:43

more like a natural English speaker would say.

17:46

Cool. Now take that and make it sound even

17:48

more casual, like something you just hear on a

17:50

phone call or something. Okay,

17:52

that looks good. Now

17:55

I'll run this through a

17:57

more modern text-to-speech software. Okay,

18:01

it's done. Let's take a listen to this

18:03

call now. Hello. Sorry to bother

18:05

you. My name is Sarah from the

18:07

computer maintenance department I need

18:09

to talk with you about your support contract with us.

18:12

Here's the thing. We're closing the business.

18:14

I know it's a bummer I'm sorry,

18:16

but here's the good news You'll be

18:18

getting a refund for the amount you've

18:20

already paid us whenever you have a

18:23

moment. Can you call me back? I

18:26

Want to get this refund to you as soon

18:28

as possible. Hope to chat with you soon You

18:33

see how much better it is with modern

18:35

tools and seriously that took me two minutes

18:37

of just using automated tools to fix it

18:39

up The audio went from

18:41

stupid computer maintenance department to scary

18:44

I know it's a bummer and

18:46

maybe you can still spot that

18:48

that's AI generated, but

18:51

would your grandparents think that I Improved

18:53

it because I want you to be

18:56

aware of the tools that scammers have

18:58

at their disposal today If

19:00

they wanted to and I want you

19:02

to think about how much better their scams are going to

19:04

be in the future We see

19:06

that they're using text-to-speech software today And

19:08

it's just a matter of time that

19:10

that text-to-speech software sounds really

19:13

convincing and then what? What

19:16

red flags would you notice in this audio

19:18

to make you think it's a scam? Now

19:20

you've really got to think well hold on

19:23

do I actually have a support contract somewhere?

19:25

Who are these people let me call them

19:27

up and find out and now

19:29

you're on a phone call with a

19:31

scammer a position you really don't

19:33

want to be in and You

19:35

can see how this whole thing is going to get trickier

19:37

and trickier in the future The

19:41

scam is what you call a refund

19:43

scam so they'll pretend

19:45

to be a big organization typically Amazon

19:47

and The conversation

19:49

will start off with they say they're

19:52

going to refund this charge, which you

19:54

know They think the victim will know

19:56

nothing about Okay If

20:00

I'm the victim, I'd be like, okay, I

20:02

have no memory of this charge. So yeah, go ahead,

20:05

refund me and see you later. But

20:07

it's trickier than that. Here's one

20:09

of the actual scam calls that Jim captured. We

20:11

can easily send you the money into your account

20:14

within a five to 10 minutes and you will

20:16

get your amount right back right now. Okay. All

20:19

right. So do you do online banking

20:21

then? So which bank

20:23

do you do online banking? This

20:25

victim mentions Mid Oregon Bank. Just

20:28

go ahead and log into your bank. Log

20:31

into your bank, West and

20:48

then they'll ask to take control of the victim's computer. Once

20:52

they have control of the victim's computer and

20:54

can see their online bank balances,

20:57

then they'll say they're initiating the refund for

20:59

whatever, say $300. And

21:03

since the victim is logged into the bank's

21:05

website, what the scammer will do is edit

21:07

the victim's account and then they'll ask to

21:09

take control of the victim's computer

21:11

and then they'll ask to take control of the

21:13

victim's computer. So if you

21:15

go to the website, what the scammer will do

21:18

is edit the webpage in the

21:21

browser to make it look like the money was just

21:23

deposited into the account. But it's a fake deposit though.

21:26

It just looks like the money went in, but the

21:28

scammer just faked the whole transaction by editing the HTML

21:31

on the victim's screen. But

21:33

here's the tricky part. The scammer

21:35

will put in the wrong amount for the refund. If

21:39

the victim was expecting a $300 refund, the scammer would instead

21:43

put in the wrong amount for the refund. So the

21:45

scammer obviously knows that he's overpaid this victim. So

21:48

the key to this scam is how they get the money.

22:00

back again. Our scammer comes up with

22:02

a solution. Sir, I just got

22:04

a mail from my head server and

22:07

unfortunately that you got extra

22:09

amount in your account by mistake release

22:11

sir. So sir will you please refund me

22:13

my money back? Inevitably the victim

22:15

asks how he can refund the money

22:18

surely they can just take it back

22:20

themselves. Oh sir I can tell you

22:22

like I can tell you

22:24

sir what you have to do to refund my money

22:26

back to me all right let me have a speak

22:28

with my manager okay sir let me have a word

22:30

with them. A few moments later there's a proposal. I

22:32

have a word with my manager sir and

22:35

they said there is some financial institution where

22:37

you can send our money back to us all

22:39

right. So do you know

22:41

any Apple store near from your place? Yes

22:43

he said Apple store he wants his victim

22:45

to go to an Apple store in order

22:48

to get his money back. Do

22:51

you don't know? Okay let me find Apple

22:53

store for you sir hold on for one

22:55

minute. He searches on the victims PC for

22:57

the nearest Apple store. Can you see sir

23:01

there is a place called simply Matt do you know

23:04

this place? He

23:06

spends the next few minutes explaining

23:08

that he's going to need $5,000

23:10

worth of Apple gift vouchers. Jim

23:14

says he's seen scammers also try to get

23:16

people to send back the money using Zelle

23:18

and bank wires too and some people have

23:20

lost quite a bit of money to these

23:22

refund scams. It really does look

23:24

convincing when you look at your bank balance and

23:26

it shows $5,000 more

23:29

than what you were expecting and

23:31

the victim could just refresh the page and the whole

23:33

thing would reset but the scammers are really good at

23:36

preying on the victims goodwill

23:38

you know and the

23:41

victims will give back the money which

23:43

is a pretty jerk thing to do to

23:46

exploit the goodness in people. You

23:49

said that up until recently you had a

23:51

real job is this now your your full-time

23:53

job is content creator? It

23:56

is yeah so as of just over a

23:58

year and a bit to go. I

24:00

give up my full-time job, my IT

24:03

job, and my full-time

24:05

job is now making YouTube videos and

24:08

going after scammers. So it sounds

24:10

like this is something

24:12

you're really passionate about, to leave

24:15

your career behind, go right into chasing

24:19

after scammers and exposing them. Is

24:21

that true? This is your passion? Oh,

24:24

for sure, yeah. It's definitely a passion. I

24:27

can't stand scammers. That is my little

24:30

tagline, if you like, on my YouTube channel.

24:33

I can't stand scammers. The

24:35

thing about you, Jim, though, when I'm watching

24:37

you and I'm listening to

24:39

you, your voice is just so calm and

24:41

cool and I never hear passion in there

24:44

and I never hear things like I can't

24:46

stand scammers. You don't even

24:48

have inflection when you say that. You're just

24:50

like, I can't stand scammers. But

24:54

this is the thing. I really don't. Maybe it's

24:56

something to do with my Irish accent or whatever,

24:58

but honestly, when it

25:00

comes to scams and scammers,

25:03

I'm now devoting my life. But

25:06

it is for that reason. If

25:08

you watched what I

25:10

do, if you listen to the calls

25:12

I hear every single day, you

25:15

can't help not going

25:17

after these guys. I

25:20

build up a bit of a hatred for them,

25:22

but it probably doesn't come across in

25:24

the way I make the YouTube videos

25:26

or my inflections or anything else. But

25:29

in a lot of ways, that helps me because if I

25:32

appear calm, if I try

25:34

to think it through, if I try

25:37

to rationalize what

25:39

I'm doing, it gives

25:41

me in some way a bit of strength to

25:44

try and combat these scammers because I

25:46

like to think I've got a level head when it

25:48

comes tracking these guys down. And

25:51

I think that's why I've been as

25:53

successful as I have been. Yeah, you

25:55

have a unique approach that you're

25:58

not sensationalizing it. what I loved

26:00

about it actually, honestly, is, you know, there's

26:02

kind of been a trend of people doing

26:04

things similar to you now, and they're making

26:07

it into a big game and

26:09

lots of excitement. They're trying to get the

26:11

other person to just lose their mind, you

26:13

know, and start screaming back or something. And

26:15

you're always very calm and... And

26:18

of course there's room for that. You

26:20

know, I encourage everyone to be a

26:22

form of scam bidder. If you can

26:24

waste someone's time who you know is

26:26

trying to steal money from you, it

26:28

means you're not stealing money from your

26:31

parents, grandparents, whatever. So absolutely

26:33

there's room for everyone. I encourage everyone

26:35

to do what I do. Maybe not

26:38

quite as far as I go, because,

26:41

you know, it could land you in trouble. And, you know,

26:44

but there's nothing wrong with wasting a

26:46

scammers time. He's

26:48

encouraging everyone to waste scammers time. And that's an interesting

26:50

idea, I think. Imagine if every time you got a

26:52

call from one of these scammers, you instantly got excited

26:54

and you're like, oh boy, this is going to be

26:57

a fun call. And of course you don't give

26:59

them access to your computer or send them money, but what

27:01

could you do to waste their time?

27:03

I say someone should just create an app on my

27:05

phone that's AI driven that I could just pass the

27:08

call over to it and it acts like me. And

27:10

it talks to the scammers for hours, keeping

27:12

them going just a little longer, like maybe

27:15

there's really long loading screens or web pages

27:17

aren't loading right or something. And things just

27:19

keep timing out and they have to start

27:21

all over again. And you know, there

27:23

are a few scambators out there and one of them is called

27:25

Kitboga. And I did see him

27:27

dabbling with a AI bot tool to try

27:30

to waste scammers time. But

27:32

as Jim spent more and more time with these

27:34

scammers, something really fascinating

27:37

happened to him one day. He

27:39

somehow ended up controlling one

27:42

of the scammers PCs and

27:44

they sent Jim in a whole new direction.

27:47

The very first time that I was able

27:49

to connect to a scammers computer was

27:51

that the scammer actually

27:53

gave me his user ID and

27:55

password to connect to him. And

27:59

then he would switch sides. So there

28:01

was a period of time where

28:04

if the scammers were using a bit

28:06

of remote access software called TeamViewer, if

28:09

they were using TeamViewer and the

28:11

connections were coming from India, TeamViewer

28:14

noticed that a lot of them were

28:16

scams and they actually

28:18

banned the entire country for a period of time.

28:22

And during that time they

28:24

wanted to keep the scams running so what the

28:26

scammers would do is say, well

28:28

you connect to me and there's a little

28:30

bit of software internally

28:33

that says switch sides with partner

28:36

and then they would connect back to

28:38

the victim supposedly. So I

28:40

was actually given the scammers

28:43

username and password so I can connect to

28:45

their computer. That must have been the

28:47

first time you did that, that must have been such

28:49

a wild moment. It was

28:51

unbelievable because what you can do is exactly

28:53

what the scammers do which is as soon

28:55

as you make that connection you

28:58

can lock their keyboard and mouse and blacken

29:00

their screen. So I

29:03

knew how to do that because I'd seen it so

29:05

often so this was like a real

29:07

gift for me. So I

29:10

connected to them, locked them out of

29:12

their computer, started to download all the

29:14

files to try and figure out who

29:17

this was. Now just beside communicate you

29:19

see the option which says connect to

29:21

partner. Yeah okay. Hey what are

29:23

you doing? I can't

29:26

see communication. How are you

29:29

still there? Hey you mother. Well

29:31

you're the one who's scamming aren't you? And

29:34

of course because their computer is completely locked

29:37

and black screened they're not really quite sure

29:39

what goes on you know they maybe hadn't

29:41

encountered this before so I

29:43

knew that my time was probably limited so

29:46

I grabbed as much as I could from, I

29:48

could download all their files they weren't seeing any

29:50

of this and I was able to work

29:52

out exactly who they were. the

30:00

only time he hacked into a scammer's

30:02

computer. He does it practically every video

30:04

now. He's figured out so many different

30:06

ways to get in to the scammers'

30:09

computers. You just heard one way

30:11

he does it, and he won't tell me any

30:13

of the other ways that he gets into these

30:15

computers because he says if he tells us, then

30:17

the scammers are gonna hear this and

30:19

fix it and he'll lose access. So he

30:22

keeps his little hacking method secret. But

30:25

my mind cannot help but start to brainstorm

30:27

ideas on how you could hack into a

30:29

scammer's computer. So let me just

30:31

think out loud here for a minute. Okay, so

30:34

when you connect, like when the scammer

30:36

connects into Jim's computer to do that

30:38

remote support, right? That scammer is

30:40

gonna be coming from a specific IP and Jim

30:43

can probably see that, right? If he

30:45

does Wireshark or something, he can capture that

30:47

IP and then he's got their public IP.

30:50

And from there, could he

30:52

then like port scan that IP and look

30:54

for open ports and then try to find

30:56

some exploits or vulnerabilities to hit those ports?

30:59

Maybe, maybe that is possible.

31:02

Another thing is if they're using like some remote

31:06

desktop software, is

31:08

there a bug in that software that Jim can

31:10

exploit to reverse the connection? I

31:13

don't know how he does it, but even if I

31:15

hit the nail on the head, Jim's not gonna admit

31:17

to how he hacks into their computers. No, and

31:20

I probably never will simply

31:22

because scammers will learn

31:25

from that. Unfortunately, I watch my videos just

31:27

like a lot of other people do. And

31:30

I don't wanna reveal that as a secret, but

31:33

suffice to say, a lot

31:36

of it is social engineering as

31:38

opposed to some zero day compromise

31:40

of the remote access software that

31:43

I'm using. So I'm far more

31:45

of a social engineer than a

31:47

hacker, if that makes sense. We're

31:50

gonna take a quick commercial break, but when we

31:52

come back, I'm gonna play you some of my

31:54

favorite clips from his channel and you're not gonna

31:56

wanna miss this. This

32:00

episode is sponsored by NetSuite. When your

32:02

business reaches a certain size, cracks start

32:04

to emerge. Tasks that used to

32:06

take a day, take a week. You have

32:08

too many manual processes and you don't have

32:10

one source of truth. If this

32:12

is you, you should know these three numbers. 36,000, 25,

32:14

one. 36,000,

32:18

that's the number of businesses that have upgraded

32:20

to NetSuite by Oracle. 25,

32:22

NetSuite turns 25 this year. That's

32:25

25 years of helping businesses do more

32:27

with less. Close their books in days,

32:30

not weeks, and drive down costs, one.

32:33

Because your business is one of a kind,

32:35

so you get a customized solution of all

32:37

your KPIs in one efficient system with one

32:40

source of truth. Manage risk,

32:42

get reliable forecasts, and improve margins.

32:44

Everything you need, all in one place. Right

32:47

now, download NetSuite's popular KPI

32:49

checklist, designed to give you

32:52

consistently excellent performance, absolutely free,

32:54

at netsuite.com/darknet.

32:57

That's netsuite.com/darknet.

33:01

To get your own KPI checklist, visit

33:04

netsuite.com/darknet. Jim

33:11

is known for hacking into scammers' computers

33:13

and exposing them, and it's really quite

33:15

wild to watch. He has over 100

33:17

videos on YouTube now, and many of

33:20

them are exactly this, and it's amazing

33:22

just to hear the scammers' reaction when

33:25

he tells them some detail

33:27

about them that he shouldn't

33:29

know. For instance, there's one where he

33:31

hacked into someone's computer in the call

33:33

center and got a list of everyone's

33:36

names and their fake names.

33:40

This is one of my favorite videos, so let me just play a

33:42

clip for you from it. Hello?

33:45

Hello. Hello. Yeah,

33:47

hi, sir, my name is Carolina

33:50

Fernandez. I am calling you

33:52

from the Microsoft. Oh, hi,

33:54

Priya. Hi. I'm

33:57

a ghost. Don't call me an idiot. My

34:00

name is... Ghost. I

34:08

don't understand. You tell me. You already

34:11

tell my name. I

34:13

know. You're Priya. I'm

34:16

a ghost, you see. Priya. Please talk

34:18

to me. Hello.

34:25

Hello. Hello.

34:30

Yeah, who's this? Hello. Who's this? Yeah.

34:33

Do you know my name? I don't know.

34:35

What's your name? I love this part.

34:38

You can hear this guy's brain just breaking

34:40

real time. What is your

34:42

name? I'm talking about your

34:44

computer. You have it with this computer, right?

34:47

I do, but I don't understand why

34:49

you can't tell me your name. At

34:52

this point, the entire call center is listening

34:54

in on this call. Like, what is

34:56

happening here? They even have them

34:58

on speakerphone and this new lady jumps on the

35:01

call. Hello. Yes, hello.

35:03

Who's this? Yes. Hello. Who

35:05

am I talking to? Yes, who

35:07

am I talking to? Hi, this is Mary. I'm from

35:09

the headquarters

35:11

of Microsoft Security Department. Tell

35:13

me what happened. Mary,

35:19

are you sure your name is Mary? Yeah,

35:22

definitely. I know my name. I'm very sure

35:24

for it. Are you getting a

35:26

little bit hot,

35:28

Susmita? Sorry,

35:32

no. You're listening. You're speaking to me and my name is Mary.

35:37

Now, Priya picks the phone back up

35:40

and she's really curious and wants some answers. Can I request

35:42

you, sir? Just a word request.

35:47

Can you please tell me, sir, how do you know the name that

35:49

likes you? Bria,

36:00

Shushmita, like this Indian name.

36:03

Where are you getting from? Did

36:06

I get that right? Because I was just guessing. No,

36:11

do you are using some

36:14

technology or anything? How do you know

36:16

the names? I'm

36:18

just very good at reading people's thoughts

36:20

over the phone. And I

36:22

get this aura. I'm like a girl. Really?

36:26

Yeah. It's quite impossible

36:28

that how do you know

36:31

the name by hearing their voice?

36:34

Just simply because whenever

36:36

you speak to me, I can pick

36:38

up on vibes. And I

36:40

kind of know you create like an aura around

36:42

you. I'm a little bit like a ghost. Okay.

36:46

Yeah. I'm from Microsoft.

36:49

And you are talking about a widget like,

36:51

right? Priya, please don't do this to

36:53

me. You don't really work for Microsoft,

36:55

do you? Sir,

36:58

my name is not Priya. I'm

37:00

not Priya. Again, you made

37:02

a mistake. Okay. But you confirmed that

37:05

to me earlier and you said your

37:07

friends were Suspirita and Mimi. You

37:10

told me that earlier. You've

37:12

already confirmed that. Yes. And then

37:16

you can use another name for me. Well,

37:19

is Priya not your name? No,

37:22

I'm not. Oh, Carolina

37:24

Fernandez, you're sticking to that, are you? Yes,

37:29

I'm Carolina Fernandez. Carolina Fernandez? Why don't you

37:31

use the Indian name, Pocky? Right.

37:35

Okay. Well, what if you want Carolina? I don't

37:37

really mind. So what's wrong with my computer? Sir,

37:42

your computer is completely infected by

37:44

some hackers. That's why we

37:46

are receiving some warning signals from your

37:48

computer. Okay. Okay. Okay.

37:52

And that's point of time. So we

37:55

are calling you to make you

37:57

aware about your computer problem. Okay.

38:00

Okay, He could

38:02

have avoided the yeah, I still

38:04

don't. Wanna know? He's a joy? Some

38:06

know what, Some. Hello! Hello,

38:10

sorry your colleagues listening, and but I

38:12

can hear talk as well, houses on

38:14

of uncertainty, ah yeah, no, she wasn't

38:16

very good. Like for you

38:19

sir may know who argue.

38:22

I just told to i'm you

38:24

can call me ghost is. Like

38:27

that's kind of the way I feel.

38:29

I get this aura around people. I

38:31

can tell who's around him. I can

38:33

tell just a little bit faster. How

38:35

long have you been working there factory

38:37

of this? I don't soon working there.

38:41

That. I'm working and middle of. A

38:44

fake Microsoft or. So.

38:47

Thick Sector Five. Why? You don't

38:49

expect to find your sector? Ah,

38:52

Salt. Licks. It defies. You

38:55

heard. Hello!

39:02

Please. Don't hang up. And

39:05

no, No. No, I'm

39:07

here. I'm. Yet here I'm here. What's

39:09

the weather like? there? Rather,

39:15

Than. What's the weather like in Kolkata?

39:20

You tell me you know everything about me.

39:22

A favor. Ten minutes. Thirty

39:24

eight A breather. Like my

39:26

sister's father's name, it's raining.

39:30

Yeah. I don't know what my father's name? I

39:32

dunno for this. your father proud of you what

39:34

to do to does he think he works Microsoft.

39:39

Yes, of course. But

39:41

you don't work for Microsoft to to tell him that.

39:44

You just tell me wanting why you. Are

39:48

Not our mothers? Tying

39:50

to you know we give us this aura.

39:54

i'm trying to kind of work out why you

39:56

do your the scamming stuff that's really what i

39:58

wanted to know Then

40:01

why are you wasting your time? Can't

40:03

you get like a different job that doesn't

40:05

mean money? And how do you know the name? How

40:08

do you know the name? I know every week's name. Do

40:10

you know another name? Yes, everybody. How many names do

40:12

you know? Everybody. Tell

40:14

me the name. Everybody. Tell me my

40:16

colleague's name. I'll tell you one more

40:18

name. One by one. Will I tell you one

40:21

more name? Yes. Suini.

40:23

Yes. Suini. Oh my

40:26

god, Suini. And

40:32

tell me another name? No, no, no. Look,

40:36

I get this from before. Any

40:38

male names? Well, apart

40:40

from Abjit. Any male names? Yeah, apart from

40:42

Abjit. So

40:45

I do respect your talent, okay? Can you please tell? Yes,

40:47

I'm here. Can you please

40:50

tell me who is beside me right now?

40:56

On each side. In

41:00

my left-hand side? I

41:04

think that's Mimi. Hello?

41:07

Did I get that

41:09

right? Hello?

41:11

Hello? Okay.

41:14

If you want to be quiet, everybody,

41:16

can you tell me? Did I get it right? Hello?

41:22

Okay. If you want to be quiet, everybody, can you tell me? Yes, I'm here.

41:25

Did I get it right? I'm so excited. I'm so

41:27

excited about you so. Did I get it right though?

41:29

Where are you? Did I get it right? Tell me

41:31

who is. Wait, wait, wait. Can you tell me properly?

41:33

You keep asking me questions. Can I ask you one thing? Did

41:37

I get that right? Did

41:39

I get that right? I

41:41

can never tell. Is Mimi on your

41:43

left? And

41:46

the right-hand side? In

41:48

my right-hand side? It's coming

41:50

through to me. I'm not sure. I'm pretty

41:52

sure that's just Mita. I

42:01

love it. Jim caused such chaos in

42:03

that scam call center. He told them

42:05

their real names, their location, even the

42:08

name of the company that employed them.

42:10

And they passed this phone around to at least

42:12

five different agents to talk to him. And

42:15

of course, any information that Jim does get

42:17

from hacking these scammers, he reports it. So

42:19

like if he sees that they use a

42:21

certain service, he'll report that to the service

42:23

provider that scammers are using their product and

42:25

this is their user ID. And he's

42:27

gotten some of them actually banned from using certain

42:29

software, but they can just like make a new

42:31

company and then register the software again under a

42:33

new company name. And

42:36

sometimes when these scam centers make new

42:38

company names, they even get their

42:40

company listed by the better business bureau, and

42:43

then even get some people to make fake

42:45

reviews about their company. So

42:47

if you can find this, he'll definitely report

42:49

that to the better business bureau. And he'll

42:52

do everything he can to slow down these

42:54

scammers and waste their time. Once

42:57

he got into a scammers computer and grabbed

42:59

all their files, and in there was a

43:01

plane ticket for a recent trip. So Jim

43:03

had this guy's real name, his travel details.

43:05

And from there, he could look the guy

43:07

up on Facebook and find his friends and

43:09

family. And yeah, when these

43:12

scammers call him up and

43:14

have no idea that Jim has all

43:16

this information on them. It's

43:18

quite a riot to watch the

43:21

whole thing unfold. The question does come

43:23

up though. And I'm sure you've answered this 1000 times,

43:26

which is like, hold on a

43:28

second hacking is illegal. You

43:30

can't just go hack people's stuff. And

43:33

here you are hacking into someone

43:35

else's machine. What's going on

43:37

here? Where's your justification? Where's your moral compass or

43:40

ethical framework in this way? I

43:42

mean, the moral bit is quite easy

43:44

for me because I quite

43:47

deliberately let the scammers attempt to

43:49

scam me that they I

43:52

cannot, I don't have the technical

43:54

expertise, so we say to arbitrarily

43:57

hack into anything. can't

44:00

do it. I'm not able

44:02

to do that. A lot of people that

44:04

you've spoken to on this podcast probably

44:07

would be able to do that. I cannot. I

44:10

have to rely on a scammer

44:14

connecting to me and trying to steal

44:16

money from me. And that's the only

44:18

way that I can ever access

44:20

their computers. They have to try to

44:22

steal money from me first. So

44:25

this is a really nice ethical line

44:27

you've painted yourself like, okay, you know

44:29

what? Unless you walk

44:31

into my home and get onto my

44:33

computer and attempt to steal money from

44:35

me, I'm not going to

44:37

do anything to you. And once they do that

44:39

and you open your door to

44:42

allow that to happen and you see that,

44:44

okay. I mean, I'm not, and I hate

44:46

to be no one as a hacker because

44:48

that always has quite negative connotations. And I

44:51

hate the term because it just has all

44:53

of that baggage. But that

44:56

is true. And every single person

44:59

that I feature on any video on

45:01

YouTube has at some point connected

45:03

to my computer and they don't forget

45:06

scammers don't always make it

45:08

clear that what you're typing out

45:10

gives them access to my computer

45:13

because they will quite deliberately say,

45:16

just type this on your command line.

45:18

When people question, well, what is this

45:21

thing that you're getting me to download

45:23

and run? And it's in fact a

45:25

remote access tool. They

45:27

will not explain that. So already

45:30

there is a remote

45:33

access connection, which is

45:35

a sort of hacking attempt

45:37

because the scammer doesn't make it clear

45:39

to the victim. They are taking

45:42

access of your computer and

45:44

they are not making it clear. Obviously,

45:47

they're scammers. And I

45:51

just go a little bit further to say,

45:53

well, okay, you're trying to misuse

45:56

my computer. So

45:58

in turn, I'm thinking you're

46:01

now fair game for me to do the same

46:04

to you So the only

46:06

people and I've said this a number of

46:08

times and other interviews as well The

46:10

only people who could ever

46:13

have a problem with what I do Are

46:16

the people who try to steal money from

46:18

others? Okay, and if

46:20

they ever want to Raise

46:23

a legal complaint or whatever Please

46:26

bring that on because I what I

46:28

will have done is record How

46:31

I managed to get access to their

46:34

computer and the answer is because

46:36

they were trying to steal money from me Now

46:39

that's not a defense on its own

46:42

But it just means that if I

46:44

ever have to defend myself for any

46:46

reason I have a

46:48

good reason as to why I have

46:50

access to their computer and

46:52

it's just Because of this theft that

46:55

they're attempting. There's almost no

46:57

recourse that they can have I mean,

46:59

I'm assuming you haven't had any legal

47:01

complaints that you've had that

47:03

seriously take care of. Yeah the

47:06

only complaints I've ever had are privacy

47:09

complaints on YouTube scammers don't

47:11

like their faces or voices

47:13

or documents

47:16

displayed on YouTube and tough

47:23

You Okay,

47:28

so my absolute favorite video of Jim's

47:30

is when He hacked into

47:32

an entire call center and could watch everything that

47:34

was going on there Wait first

47:36

before we get into this story. How

47:39

do you typically find these

47:41

scammers? Yeah, I have my email

47:43

address on YouTube and a lot of people just

47:45

simply email me saying hey have you seen this

47:47

pop-up or I've just started from go from this

47:49

number and Or

47:52

have had this email and it's a

47:54

fake invoice or I my grandparents have

47:56

just been scammed use the phone I

47:58

get all of that all the time. But

48:01

actually, in a lot of ways, I don't even

48:03

have to use that because I'm on

48:06

what's called a mugs list. So in

48:09

the past, I have pretended to pay

48:11

scammers because remember this bit where I

48:13

say I actually need the scammers on,

48:15

I give them fake information

48:18

including credit card details. And

48:20

if you work your way onto a list

48:23

of people who they think they've scammed in

48:25

the past, they will call you

48:27

again, again, those lists are like gold

48:29

for scammers. So

48:31

the end result of that is

48:34

I get so many phone calls directly

48:36

to my home phone number that I

48:38

don't need anyone else's input. I'm

48:41

already in the middle of a load of scams.

48:44

And honestly, I there's nearly too many to cope

48:46

with. So what do you

48:48

have like 16 different phones over there? I

48:50

do literally. I mean, I have

48:52

one phone service with 10 different phone numbers

48:54

in the UK. And I

48:56

have something similar with us phone numbers of I've dropped

48:59

a lot of those recently from the number. It just

49:02

it has nearly got to the point where I just

49:05

can't, you know,

49:07

have an evening free of scam

49:09

phone calls. Okay,

49:13

but this story doesn't start with an

49:15

inbound phone call. Instead, someone told

49:17

Jim about a Malvert. This

49:20

is an ad on a website which has

49:22

malware on it. Basically, if you went to

49:24

a website, you would hear this important

49:26

security message. Your

49:29

computer has been locked up. Your

49:31

IP address was used without your knowledge

49:33

or consent to visit websites that contains

49:36

identity theft virus. To

49:38

unlock the computer, please call support

49:40

immediately. Please do not

49:42

attempt to shut down or restart your computer.

49:45

Doing that may lead to data loss and

49:47

identity theft. The computer

49:49

lock is aimed to stop illegal activity.

49:52

Please call our support immediately.

49:54

Now this was just an ad on

49:56

a website, but it had some malicious JavaScript

49:58

in it which Maximize the

50:01

browser, showed this giant warning, played

50:03

this audio on repeat, and

50:05

then made the mouse disappear, which made it

50:07

seem like the screen was frozen. It's

50:10

not actually a virus, though. You can

50:12

just tap on Control-Alt-Delete and close the

50:14

browser, and all is fine. But to

50:16

someone who doesn't know better, this could

50:18

be scary, and they might call the

50:20

number to get help. So

50:23

Jim called the number and said

50:25

that his computer was infected, and

50:27

the scammers immediately tried gaining remote

50:29

access to Jim's computer, and

50:31

tried to scam him for money. So

50:34

that means, in Jim's mind, they

50:37

crossed the line, and it was

50:39

time for him to try to hack them back. The

50:44

way that I get access to the reverse access to

50:46

that, I'm not going to that part in detail, but

50:49

suffice to say that when

50:51

I did get access, I

50:54

got access to just one PC, and

50:57

it was from a supervisor.

51:00

And I was able to watch what that supervisor was

51:02

doing, and one of the things that he was doing

51:05

was watching CCTV. So

51:08

I could see the IP address of

51:11

the server that he was using. It

51:14

wasn't an internal server, it was

51:16

an external one. And

51:19

when he logged into it, he

51:21

logged in with the username of admin,

51:24

and a password of eight characters. And

51:27

for the particular CCTV system that he was

51:29

using, I did a Google search

51:32

of what is the default password

51:35

for this system. And

51:38

would you believe they were still using

51:40

the default password? I

51:43

guess you could call that hacking. But

51:46

I could see the IP

51:48

address, the username, and I

51:50

could have just tried the

51:52

default password, and I was straight

51:54

in. Admin123 was his

51:56

password to protect this

51:58

scam operation. Okay, so

52:01

we got into a supervisor's PC in

52:03

a scam call center, but then from

52:05

there was able to get into the

52:07

CCTV system. Now this scam call

52:09

center had a lot of cameras. The supervisor could

52:11

watch all the scammers do their calls and go

52:14

on break and go outside. And there was even

52:16

a camera in the boss's office. But

52:18

that wasn't it. The supervisor also had

52:20

the ability to listen in on the

52:22

calls. In fact, all of these calls

52:24

were being recorded with some software. It

52:28

was gold dust for me because they had

52:30

records of all their calls. I

52:33

could see it on which server they were using.

52:36

And I could directly download these

52:39

things because I had access to

52:41

that scammers' supervisor's scammers' computer. So

52:43

I managed to download nine months

52:46

worth of calls, about 70,000

52:48

separate calls. Holy

52:51

moly, 70,000 calls? And

52:55

this is a much bigger operation than I thought. And

52:58

Jim started going through this and was able

53:00

to match up some of the time codes

53:02

of the CCTV footage and the recorded calls.

53:05

And could essentially watch the scammers as they

53:07

called these victims and listen in on the

53:09

calls. It's quite fascinating to

53:11

watch because sometimes the scammers are like

53:13

playing video games or looking bored. But

53:16

this also means he's starting to identify

53:19

what they look like, where

53:21

their desk is, where they sit in the room, and

53:24

how this operation looks from the

53:26

inside. On top of

53:28

that, on the supervisor's PC, there was a

53:30

list of victims, which included the

53:32

amount that was stolen from everyone and their

53:35

names. It was quite a find.

53:38

And just imagine having this access, being

53:40

in Jim's position. I

53:43

mean, if I was in that position, I'd just like put

53:45

the computer down and take a walk around the lake

53:47

or something like that, right? Like, what do you do?

53:50

What do you do with all this? Like

53:53

he would open up his computer in the morning and would

53:55

have live cameras of this

53:57

scam call center on one monitor watching

53:59

everything that was going on and then

54:02

on the other monitor he could tap into

54:04

the phone calls and listen to them live

54:06

as they were trying to scam victims. We're

54:08

calling support. My name is Owen. How can

54:10

I help you today? I

54:13

sent an important security message. Making it so

54:15

my computer is being shut down. What

54:19

were you doing on the computer when

54:21

you helped these masses? The

54:23

computer would call me immediately without your

54:26

knowledge. Can you

54:28

lower down the volume of your computer?

54:31

He pretty much had full supervisor

54:33

access to this whole scam call

54:35

center and could watch and listen

54:37

to anything. But what do

54:39

you do with that access? Like it's really

54:41

tempting to just call him up and

54:44

be like, hey hey, I can see

54:46

you scammer. I can see you wearing

54:48

a hat and playing video games. I

54:50

got you. Yeah, it's so tempting that

54:52

whenever I am watching

54:55

live on the CCTV, I know the

54:57

number that they're using the victims to

54:59

call that day. So I can call that number

55:02

and I'll be speaking to somebody in

55:04

a room that I can see on CCTV. Hello?

55:07

Yes, sir. Yeah, so what's all this

55:09

about stopped services then

55:11

when they should be running? I don't get

55:13

it. Yeah,

55:16

sir. You're ready to go ahead and get it fixed

55:18

and there will be a one-time charge, okay? I

55:22

don't always know who I'm speaking to and sometimes if the

55:25

room is full, it can be quite

55:27

difficult to work out which agent. There may be 20, 30

55:29

agents in the room and I can't always work out who

55:31

I'm speaking with. And there's four cameras. Each

55:35

corner of the room has got a camera. And

55:37

what I do was actually invite the scammer

55:40

onto a computer. I had my

55:42

desktop background set to a purple or a green color.

55:44

And then what I would do is

55:47

look around the cameras and look for that green

55:49

screen or that purple screen. And then I

55:53

knew, ah, right, there's the guy that's who

55:55

I'm talking to. And sometimes I had to do that

55:57

just to work that out. out.

56:01

And the really, really

56:03

tempting thing would be to say to

56:05

the guy, Hey, that's a nice check shirt

56:07

you're wearing, or, or, you know,

56:09

stop playing Pac-Man whenever you're speaking to me,

56:11

you know, can you can you stop doing that?

56:13

But I couldn't give the

56:16

game why I couldn't be just as

56:18

obvious as that. Although it was incredibly

56:20

tempting to do that. Yeah. And, and

56:23

I mean, 70,000 calls with a whole

56:25

list of victims

56:28

here. This,

56:30

this is too much for one person to process

56:32

all. So what did you end up doing with

56:34

this access? So

56:38

I kind of figured out I was really on

56:40

to something quite big at that stage. And I

56:44

thought I would bring it to the attention

56:47

of more mainstream media, specifically,

56:50

the BBC, I had

56:53

never had contact with the BBC until

56:55

that point. But because

56:57

I had personally tried to close

56:59

down a lot of scam operations

57:02

and been pretty unsuccessful about it.

57:04

So I have previously gone

57:06

to the police in India to say,

57:08

here's a scam call center on your

57:10

doorstep. Here. Here's

57:12

where they're located. I was able to get that

57:14

sort of information, but nothing really ever came of

57:16

it. And I thought, perhaps

57:19

I'm going about this wrong. Perhaps what I

57:21

really need is more mainstream

57:24

media involved. So I got in

57:26

touch with really

57:28

a general purpose BBC email

57:31

address. And before

57:33

too long, I was

57:35

reached out by a team called

57:37

panorama panorama, or like a

57:40

very long running documentary program, where

57:42

they cover all sorts of current

57:45

affairs issues. But this particular team,

57:47

we're interested anyway, in

57:49

scam phone calls. And

57:51

as soon as I get in touch and said, Look, this

57:53

is what I have, of course,

57:55

that team were were very, they wanted

57:57

to work with me from that point.

58:02

The BBC has more resources than Jim. They

58:04

can parse through this massive trove of

58:06

data quicker and started putting pieces

58:08

together even more. And together they

58:11

built quite a detailed understanding of this

58:13

whole scam operation. They figured out the

58:15

name of the company, its address, who

58:17

owns it, the employees who work there

58:19

and the victims and how much money

58:21

this whole place was making. And again,

58:24

it was all clearly documented with the

58:26

video footage and the recorded calls and

58:28

the files that they got from that

58:30

supervisor's computer. They had a ton of

58:33

evidence and they even reached out

58:35

to the victims to let them know they

58:37

were scammed. I

58:39

feel angry, angry and

58:41

upset. Angry

58:44

that someone could do that. Knowing

58:48

that there's nothing wrong with

58:50

the computer just to extort

58:52

money from you. I

58:55

feel upset with myself that I failed for it.

59:00

With all this proof, it was time

59:02

to learn who is

59:04

leading this operation. We've

59:07

identified the man behind the

59:09

fraud, Amit Chawen. But

59:12

Amit Chawen's not an ordinary businessman.

59:16

The hacked footage includes recordings

59:18

from the CCTV in his

59:20

office. Okay, this

59:22

is super interesting. There

59:28

was a CCTV camera inside Amit's

59:30

office, the head boss of this

59:32

whole thing. And it's the

59:35

only camera that actually had sound on.

59:37

And so there's hundreds of hours of

59:39

him talking on the phone and having

59:41

meetings with people. And in those

59:43

meetings, he's scheming up new ways to scam

59:45

people and basically admitting to all this criminal

59:47

activity on camera. That's

59:50

extraordinary. Well with all

59:52

this evidence and hand, the BBC reporter went to

59:54

India to try to meet with him. I

59:57

want to meet Mr. Chawen, but he's away

59:59

on a luxury. holiday in Thailand. So

1:00:04

we can only reach him on the phone. Hello.

1:00:10

Hello, is that Amit? Yes.

1:00:13

Hi, Amit Chon? Yes.

1:00:16

I want to get your comment please on

1:00:18

allegations that you're scamming people in

1:00:20

the UK out of thousands

1:00:23

of pounds. What would you like to

1:00:25

say to that Mr Chon? Oh, I

1:00:27

don't think so. There's any case like

1:00:30

that. There's no such

1:00:32

cases, but I'll talk to my lawyer first and

1:00:34

then we'll get back to you.

1:00:36

Well, it was true. There was no such

1:00:38

criminal case against him. So the BBC reporter

1:00:41

went to the police and asked, Hey, why

1:00:43

don't you crack down on these scam call

1:00:45

centers more seriously? And here's what the Indian

1:00:47

police said. This crime is a difficult crime.

1:00:50

It's difficult to crack because we don't have

1:00:52

a victim. We don't have accused. We don't

1:00:54

have anything. It's very difficult to link the

1:00:56

accused with the victim. Well,

1:00:58

in this particular case, they did have

1:01:01

victims and the BBC recorded the victim's

1:01:03

testimony to hear how they got scammed.

1:01:05

So when the BBC published this story

1:01:07

and when Jim publishes YouTube videos, it

1:01:10

couldn't be ignored by the police. They

1:01:13

had victims, they had evidence, they had the

1:01:15

address, they had the name of the boss.

1:01:17

It was a very easy case to

1:01:19

process. So the Indian police raided

1:01:22

the scam center. The police

1:01:24

did their raid. They picked up

1:01:27

whatever computers they could. They went

1:01:29

to the boss's home address and

1:01:32

he lived in like the most luxurious

1:01:34

accommodation you could imagine, something like $6,000

1:01:36

a month to

1:01:38

rent the space, which is completely unheard of

1:01:41

if you're in Delhi where he was. And

1:01:43

what I had expected

1:01:46

was that this would be such

1:01:48

an easy case for them. There

1:01:50

would be no problem. Ultimately,

1:01:52

the guy who ran the thing would be

1:01:54

locked up. But that was

1:01:56

very far from the truth. And

1:01:59

what actually happened was... was number

1:02:02

one, it took about a year for

1:02:04

the trial to even come up then.

1:02:06

COVID kicked in, so it was delayed

1:02:08

by another year. But eventually,

1:02:10

whenever the case did go to

1:02:12

trial, the

1:02:15

police never actually

1:02:17

followed up on any of

1:02:19

the evidence that was given to them or

1:02:22

that they had collected. So

1:02:24

they had scripts about

1:02:26

scams from the boss's

1:02:28

computer. But they didn't,

1:02:30

for example, follow the money

1:02:33

trail from the victims to the boss.

1:02:35

So they could very easily, if they

1:02:37

had any kind of incentive

1:02:39

to do so, they

1:02:41

could have easily gone to PayPal and

1:02:43

say, we need evidence

1:02:45

about what happened with this particular

1:02:47

PayPal account. They never asked for

1:02:49

that. They never followed

1:02:52

up on any of the things. In fact,

1:02:54

what they actually relied on was

1:02:56

the one laptop that they managed to pick up.

1:03:00

Obviously, because the documentary had gone out,

1:03:02

the YouTube video had gone out, all

1:03:05

of the computers were immediately

1:03:07

wiped before the police actually arrived. So

1:03:09

they only really had one laptop to

1:03:11

go on, and that

1:03:13

wasn't enough for them. And

1:03:16

any of the independent evidence

1:03:19

of scams, the 70,000 phone calls, the

1:03:23

video footage of the scams actually happening

1:03:26

was never presented. In fact, what

1:03:28

they said was, well, that

1:03:30

YouTube footage could have been done by AI

1:03:34

or that YouTube footage could have been faked.

1:03:38

And it looked like

1:03:40

the judge just accepted that. So

1:03:43

there was no pressure whatsoever

1:03:46

to present anything which linked

1:03:48

the boss to any

1:03:50

of that scam victim money. And

1:03:54

that is just a travesty because

1:03:56

I couldn't have handed it on

1:03:58

a plate anymore, clearly. to

1:04:00

the police or indeed the BBC

1:04:02

could have handed the same evidence to the

1:04:05

police. But the police never

1:04:07

came to speak to me, never

1:04:09

came to speak to the BBC

1:04:12

or follow up with any of

1:04:14

the evidence that I presented in

1:04:16

the video whatsoever. They just didn't

1:04:18

bother. And I can

1:04:20

only imagine that's for one of two reasons.

1:04:23

One is they're desperately incompetent or,

1:04:26

and which I think is the more likely reason, they've

1:04:29

been paid off because the guy who was

1:04:31

in charge of this is the equivalent of

1:04:33

a multimillionaire as a result of those scams.

1:04:36

And unfortunately in India

1:04:39

corruption is rife. So

1:04:42

I don't know for sure, but I

1:04:44

would imagine that's what happened. Well,

1:04:47

there you go. That's

1:04:50

disappointing. Indian authorities

1:04:53

seem to not care about

1:04:55

scam centers there. It's

1:04:58

illegal, but they say they can't prosecute

1:05:00

unless they have the victims. And since the victims are

1:05:02

far away in another country, they just don't have enough

1:05:04

evidence. But even when the

1:05:06

police are given the evidence wrapped

1:05:09

up with a bow by Jim and the BBC, and

1:05:12

are even introduced to the victims, they

1:05:15

still don't take serious action on

1:05:17

this. So despite

1:05:19

Jim's huge efforts of dismantling

1:05:21

this whole industry, it looks

1:05:24

to me at least that it's

1:05:26

only going to keep growing since

1:05:29

these criminals can scam victims

1:05:31

all day with impunity.

1:05:36

Are there other situations? I mean, you've been doing

1:05:38

this for nine years now. This

1:05:41

probably was one of them where you had

1:05:43

this huge database of victims

1:05:46

and all this camera footage and stuff. Are

1:05:49

there other situations where you have to just

1:05:51

do a long stare out a window and

1:05:53

take a walk around the lake or something,

1:05:56

whatever you do, and just think about what

1:05:58

do I do with this situation? I'm

1:06:00

in. What

1:06:04

are some of the difficult questions that you're

1:06:06

asking yourself? Well,

1:06:09

I mean, we've covered the moral

1:06:11

one and I never have a

1:06:14

problem with that one for the reason I've just

1:06:16

described, but equally it's

1:06:18

actually quite harrowing listening

1:06:20

to victims actually

1:06:23

getting scammed because there have been

1:06:25

times that I have tried to

1:06:28

intervene and I'll have

1:06:30

gone as far as because the scammers typically are

1:06:32

on the phone with their victims all down to

1:06:34

their cell phone and they're going

1:06:36

out to buy gift cards or they're going

1:06:38

out to Bitcoin ATM and the only way

1:06:41

that I can try

1:06:44

to get that scam stopped is if

1:06:47

I can warn a neighbour, if I know

1:06:49

they're going to a certain gift card store,

1:06:51

I will call that store and say,

1:06:53

there's a person about to come in, here's their name,

1:06:56

they're about to buy $500 worth

1:06:58

of gift cards, could you

1:07:00

please stop them? And

1:07:04

that's, it's incredibly

1:07:06

difficult to watch when

1:07:09

stores, for example, warn the victim, but

1:07:12

they unfortunately, they trust the

1:07:14

scammer more than the person in

1:07:16

the store talking to them and

1:07:19

it can be very difficult to listen to that.

1:07:23

When people go to a Bitcoin

1:07:25

ATM, the

1:07:27

store manager has tapped them on

1:07:29

the shoulder and said, you're being

1:07:31

scammed up. That person who says they're

1:07:34

from customs or not

1:07:37

who they say they are and if you

1:07:39

put money into that Bitcoin ATM, you are going

1:07:41

to lose it. They've actually

1:07:43

explained that they're being scammed, but

1:07:45

yet they trust the scammer

1:07:47

more and they've moved on to the

1:07:49

next Bitcoin ATM and I've had that

1:07:51

happen right in front of me and

1:07:54

it's incredibly difficult to watch that because

1:07:56

that could be my

1:07:58

grandmother, my grandfather. your

1:08:00

parents. It's someone's relative yet

1:08:04

you can't do anything about it. You try

1:08:06

your best but there are some people who

1:08:08

are just going to be scammed. There's very

1:08:10

little to be done about it and that

1:08:12

is very hard to listen to. It is

1:08:14

very hard to watch it. Can I just

1:08:16

do one last quick question? Sure, yeah, absolutely.

1:08:18

Have you ever visited India or do you

1:08:20

ever plan to go? Actually

1:08:23

I would love to see India.

1:08:25

I'm honest about that because I've

1:08:29

spoken with Karl Rox with my partner in

1:08:31

crime when it comes to all the drone

1:08:33

footage and so on. I

1:08:35

actually admire India

1:08:38

as a country and I'm not just saying

1:08:40

this to kind

1:08:43

of justify me sliding

1:08:46

off people in India when they're

1:08:48

scamming. This is a country

1:08:50

that I genuinely would like to see and

1:08:53

I do intend to go there. I will be

1:08:55

at some point in Delhi. The

1:08:57

nice thing about my YouTube channel is I

1:08:59

don't show my face so I'm not that

1:09:02

scared about going. I

1:09:04

probably would stand out a little bit

1:09:06

if I went to Kolkata or Kolkata

1:09:09

but Delhi I think would be quite a

1:09:11

place that I could easily go

1:09:13

to. A

1:09:23

big thank you to Jim Browning for coming on

1:09:26

the show and telling us all about the scam

1:09:28

baiting he's been doing. You can watch all his

1:09:30

videos on YouTube by just searching for Jim Browning.

1:09:32

This episode was created by me, the fickle finger,

1:09:34

Jack Resider. And this episode was edited by the

1:09:37

wisdom feather Tristan Ledger. Mixing done by proximity sound

1:09:39

and our theme music is by the mysterious break

1:09:41

master cylinder. Someone asked me the

1:09:43

other day, what's an ethernet? And

1:09:46

I said, oh, that's what

1:09:48

you use to catch the ether

1:09:50

bunny. This is Darknet Diaries.