A computer consultant in Queenstown managed to exact revenge on a would-be scammer, hijacking his computer system, wreaking havoc and collecting data that he plans to pass on to Spark and other service providers.
DeepFocus Ltd owner and director Eden Brackstone said he fielded two or three calls a week from overseas-based scammers and usually tried to ''have a bit of fun with them'' by impersonating Home and Away character Alf Stewart and wasting their time for as long as possible.
But on Monday afternoon the scammer, whom Brackstone believed was based either in India or Africa, called him and wanted to use TeamViewer to screen-share.
That was a first, so Brackstone granted access in a ''controlled environment'' because he could lock down his systems.
He started screen and audio recording, narrating what was happening, and kept the scammer, who purported to be from Spark technical support, on the phone until he had the information he needed, including his password - ''123456''.
Brackstone then decided to give him a taste of his own medicine.
''There was no hacking involved - he essentially gave me the keys. All I did was walk through the door.''
The scammer, who Brackstone called a ''colossal idiot'', forgot to end the session, so Brackstone had ''full, unrestricted access'' to his computer.
Once he saw he had been inactive for about 10 minutes, he went to work and set about collecting as much information as he could.
He also proceeded to ''disable and delete their data and systems in an effort to disrupt their destructive activities''.
In short, he formatted the scammer's hard drive, or, in layman's terms, deleted everything on the computer, including his personal information and ''pirated movies''.
He killed all active calls other scammers were on, re-set the scammer's home screen and, finally, placed an internal call to another party. When it was answered, music blared down the phone, letting them know their system had been compromised.
''At that point I was wrestled for control.
''Unfortunately, my efforts to call them again or re-establish the connection have not been successful, but I'll keep trying.''
While ''some people might frown upon what I did with that access'', Brackstone was unapologetic.
''I'm sure someone, somewhere would take issue with the fact I may have compromised this gentleman's livelihood ... but they do worse to people every day.
''At the very least this gentleman will be very upset to see his hard drives ... erased and his colleagues will probably be pretty p...ed off with him, considering he let a victim into their system.''
Brackstone said he had ''no idea'' what, if any, consequences he might face, but was in contact with Spark and planned to hand over some of the information he collected that might be of use to them, and other service providers, to try to mitigate against the scammers.
He said any calls out of the blue from a provider alerting them to a security threat were, ''in 99.9% of cases'', scams.
''The call list that they have going is a few thousand calls per day ... and they emulate a variety of different ISPs and telco providers. They can pretend to be anybody.
''It's just down to the end user to exercise caution and critical thinking and establish whether it's actually real or not.
''But in 99.9% of cases it's not, so if anyone calls and says your account's being hacked or compromised ... you should pretty much hang up immediately.
''If it's legitimate it will not be an out-of-the-blue phone call or email; it'll be something that you're expecting, that you've initiated, at least in part.''