Sam Black

Sam Black at

Two 30 minute calls, both interesting.

First, standard stuff, fairly dull.

Except they couldn't work out how to use copy&paste in the `cmd` terminal; I think they kept having the terminal selected when they hit CTRL+C, thus ending their "scan", and because they hadn't actually copied anything, the subsequent CTRL+V didn't work.

They did seem to get fairly annoyed about that, and told me they were scanning all the devices on the network, hence why it was stopping.

They then started poking around the running processes and services, and I though the jig was up when they highlighted the Spice-VDAgent process used for `libvirt` support.

No, they just carried on, and tried to setup unattended access in TeamViewer, and got incredibly annoyed when it asked for a password.

Whether it was the annoyance or knowing I was intentionally winding them up, they tried to `syskey` my machine.

`syskey` controls the Windows user database encryption, and allows putting a password on it, and on next boot the password is required to allow people to log in.

As you can imagine, the scammers do this to either extort money for the password or purely out of malice.

It is, of course, completely ineffective against a virtual machine with snapshots.

When challenged, they were adamant they weren't putting `syskey` on my machine, and just needed the admin user password to run their tools, and were more annoyed when I told them they were trying to `syskey` a virtual machine I could have back running in 5 minutes.

The second call was also standard, `eventvwr`, hand off to senior supervisor, show me more errors, except they couldn't work TeamViewer, and couldn't get remote control.

Working around this, they tried the AnyDesk website, and the "Unable to connect" error message was nothing to do with the `hosts` file having `anydesk.com` as 0.0.0.0.

We visited the W3C validator again, and they then asked me to log into my email and bank sites.

I would have happily complied, except I can't remember the password for the dummy email address I created, and `accounts.google.com` also resolves to 0.0.0.0, for some unknown reason; probably those pesky hackers.

The bank site also didn't like my "HiScammers!" login, and the scammers didn't like me reading the news article about TalkTalk scam callers.

Amusingly, the "senior supervisor" disconnected from the call, but didn't hang up, and me continually saying "Hello" seemed to have tricked their call handling software into thinking I was a new call, and I had the same lady launch into their spiel about being from TalkTalk, except I seemed to have really broken it as another person joined the call; they hung up when they realised.

4/10 for being the first to try `syskey`, and 3/10 for the amusing call mishap, no swearing though.

Wouldn't use again.