Procedure on reporting Online Crime

ColinM9991

Hi, Recently I have been victim of online theft & blackmail from a phishing scam.

I have gathered all information, contacted all companies involved by service-usage (Example: the OVH Montreal data center was used in an attempt for the person to cover up his tracks), PayPal are also aware of this & currently have their own investigation going.

Recently I have found this persons ISP & contacted them to report him, this is from the person deciding to move away from knocking off Teamspeak or game servers and instead attempting to target money; a lack of competence has resulted in him leaving an entire trail, but they are requesting that I talk to local authorities; whom I have already contacted and said straight out that they have no idea about technology and told me to "Go on the website this fella is on and complain to them".

It seems there is absolutely no support for something like this in Ireland, and although my ISP deliver a good service; they have no idea what I'm even talking about when I phone their technical department and discuss my problem along with all evidence I've gathered & what networks or servers have been used by analyzing Wireshark and viewing certain packets in a virtualized machine. It reminds me of a time when my network was receiving a Denial of Service attack and I contacted my ISP, to see if they could refresh my lease because my external IP address NEVER changes, but my ISP told me to contact Microsoft to change my IP & I had to even explain what a Denial of Service attack is.

So, for an abrupt ending; I would simply like to know what service is in Ireland that I can contact to report this and seek some legal action against somebody in a different time-zone.

Spear

The Garda Fraud unit encompasses the computer crime section too:

http://www.garda.ie/Controller.aspx?Page=29

ColinM9991

I will contact them tomorrow by phone and see what the situation is.

The monetary loss was extremely little, although one account which I'm currently waiting to regain access to has a value of $2,000 which the person has attempted to blackmail me in to giving him money for.

Are there any alternatives in getting his ISP to act on the information I have given them if the Fraud unit decide not to deal with it?

pah

Hi Colin, the biggest problem with this type of crime is jurisdiction. From reading your OP it seems the suspect is based in another country? What kind of access did he gain to your systems? It may be covered by section 9 of the Theft and Fraud Offences Act 2001


There is also an offence of blackmail under section 17 of the Public Order Act

CyberCrime legislation in Ireland is poor and probably won't improve anytime soon. It's all a little broad and ambiguous.

You say the monetary value was quite small? While a crime is a crime regardless of the amount, it is unlikely that an international investigation would be launched in the matter. Are you confident that you know which country he was in? It may be possible to make a report to the authorities there.

When you say you want legal action, do you mean from a criminal or civil angle?

You could report it through hotline.ie as a financial scam but I don't know how far they would go with it.

ColinM9991

The computer access was nothing at all, it was essentially a program I launched, from his accomplice in a phishing attempt, which sent him a file located on my machine belonging to Google Chrome that stores all of the "Saved Passwords".

The monetary value from PayPal was very little, but the blackmail was an attempt to get me to send him money to regain access to an account which has a value of $2,000 if sold & an email address which was linked to a job which contained a lot of customer details.

I am 100% confident I know what country he is in from all of the research I have done, I also know that his IP address is a genuine residential network which I have already contacted his ISP with.

The legal action I am looking for is essentially to have him taken off his ISP's network and to have his outstanding services with OVH terminated as his usage of their network goes against their TOS + anything his local authority will do for such a crime.

At some point tomorrow I'll make a phone-call to his local police department to explain the situation and see what they're recommending or even if they're willing to act on the information.

ColinM9991

Update on this:

Can't get through to the Fraud department regarding this, I'll be trying again throughout the day, I'll also make the long-distance phone call in a few hours to compensate for the time difference.

To mention here just to show how absolutely dreadful the service from Microsoft is; so far I have regained access to my account by Google, I have unlocked my Facebook, I am back working Tech Support, Malwarebytes even gave me a coupon code for a 3-PC Premium license key and this wasn't anything to do with Malwarebytes apart from me sending them the executable along with log files.

However, Microsoft on the other hand, after 3 days of telling them the same thing over and over again, are more or less giving me the polite way of "We don't give a ****". Apparently after 4 years of usage alongside PayPal, eBay & other trustworthy & reliable sources, Microsoft cannot verify that I am the account owner. Now to take this even one step further, despite the fact that I have told them MANY times that the attacker has put his OWN email as the reset option, a Microsoft employee has UNLOCKED my Hotmail account which was previously locked on request, and he has sent a Password Reset link to the ATTACKER who now has access to my Hotmail account again.

As bad as things are in this country in terms of Cyber Crime and what not, this "Support" (If you would even call it that) is absolutely dreadfully frustrating, the only thing that's gotten me in good humor is how quick & professional businesses like PayPal & Google responded, I think I know now which businesses & companies ACTUALLY care about their customers and that can take a few minutes out of their day to actually use what information is in front of them.

Kur4mA

ColinM9991 wrote: »

Update on this:

Can't get through to the Fraud department regarding this, I'll be trying again throughout the day, I'll also make the long-distance phone call in a few hours to compensate for the time difference.

To mention here just to show how absolutely dreadful the service from Microsoft is; so far I have regained access to my account by Google, I have unlocked my Facebook, I am back working Tech Support, Malwarebytes even gave me a coupon code for a 3-PC Premium license key and this wasn't anything to do with Malwarebytes apart from me sending them the executable along with log files.

However, Microsoft on the other hand, after 3 days of telling them the same thing over and over again, are more or less giving me the polite way of "We don't give a ****". Apparently after 4 years of usage alongside PayPal, eBay & other trustworthy & reliable sources, Microsoft cannot verify that I am the account owner. Now to take this even one step further, despite the fact that I have told them MANY times that the attacker has put his OWN email as the reset option, a Microsoft employee has UNLOCKED my Hotmail account which was previously locked on request, and he has sent a Password Reset link to the ATTACKER who now has access to my Hotmail account again.

As bad as things are in this country in terms of Cyber Crime and what not, this "Support" (If you would even call it that) is absolutely dreadfully frustrating, the only thing that's gotten me in good humor is how quick & professional businesses like PayPal & Google responded, I think I know now which businesses & companies ACTUALLY care about their customers and that can take a few minutes out of their day to actually use what information is in front of them.

I'd also advise hitting up social media channels and technology media outlets as soon as you can to rally some support. Drop Microsofts name and whoever else is not helping and you'll see some response sharpish I bet.

dbit

I presume you have Doxed the hell out of him ? easy ways to get back .

ColinM9991

dbit wrote: »

I presume you have Doxed the hell out of him ? easy ways to get back .

I have, received multiple names etc but somebody sent me info today which has a very strong chance of it being him, it comes from before a time where he thought/thinks he was/is an "elite" hacker just because he has a picture of Kali on one of his profiles.

I contacted his local police department yesterday and they told me to contact my local authorities who will then contact the Canadian government regarding this; got a call back from the Garda Fraud section today but it was a receptionist checking in to see if I got a call-back from the voice-mail I left; still waiting for the real deal.

@Kur4mA; that's the plan really, I've given Google, Malwarebytes & PayPal props where they deserve it; Hotmail don't like to blend with the crowds though so it's almost impossible to even get a hold of them and when you do they just blatantly end the phone call or finish the live-chat session.

The whole plan behind this isn't to do anything illegal with the information I have of him as that would just land me in as much hot water as him, the plan is to let him know he chose the wrong person for his first actual attack which wasn't on a game server like all of his previous attacks, and that he isn't as hidden as he thinks he is or would like to be, especially when using the same online-persona for 5-6 years thus leaving one gigantic trail.

Spear

I have no doubt that at the first knock on the door from a cop, your would be master criminal would crap himself so hard he'd pass out. As such it's worth pushing on with it.

dbit

ColinM9991 wrote: »

I have, received multiple names etc but somebody sent me info today which has a very strong chance of it being him, it comes from before a time where he thought/thinks he was/is an "elite" hacker just because he has a picture of Kali on one of his profiles.

I contacted his local police department yesterday and they told me to contact my local authorities who will then contact the Canadian government regarding this; got a call back from the Garda Fraud section today but it was a receptionist checking in to see if I got a call-back from the voice-mail I left; still waiting for the real deal.

@Kur4mA; that's the plan really, I've given Google, Malwarebytes & PayPal props where they deserve it; Hotmail don't like to blend with the crowds though so it's almost impossible to even get a hold of them and when you do they just blatantly end the phone call or finish the live-chat session.

The whole plan behind this isn't to do anything illegal with the information I have of him as that would just land me in as much hot water as him, the plan is to let him know he chose the wrong person for his first actual attack which wasn't on a game server like all of his previous attacks, and that he isn't as hidden as he thinks he is or would like to be, especially when using the same online-persona for 5-6 years thus leaving one gigantic trail.

Personally if it was me and i knew i was getting no satisfaction then id make it my business to be invisible . If its good for me its good for him too. Recently had the same thing from a Chinese hacker on my ftp . No one on either side of the borders were willing to help.

ColinM9991

Spear wrote: »

I have no doubt that at the first knock on the door from a cop, your would be master criminal would crap himself so hard he'd pass out. As such it's worth pushing on with it.

Exactly what I'm looking forward to. I wouldn't bother so much if he didn't think he's an elite invisible hacker.

dbit wrote: »

Personally if it was me and i knew i was getting no satisfaction then id make it my business to be invisible . If its good for me its good for him too. Recently had the same thing from a Chinese hacker on my ftp . No one on either side of the borders were willing to help.

Other alternatives will be looked at once I have all accounts back in my reach and when I find out whether any officials are going to do something about it.

ColinM9991

Another update:

I've typed up my report and included all evidence I have with any online names he uses (both real & fake) & online alias's or nicknames.

I have to hand it in to my local Garda station and they'll take a full report there too and thus file it with Interpol.

I'll be handing this in at some point tomorrow so will let everybody know what the next update is.

dbit

@ 1.45 in https://www.youtube.com/watch?v=8EI7p2p1QJI

ColinM9991

dbit wrote: »

@ 1.45 in https://www.youtube.com/watch?v=8EI7p2p1QJI

:P

Information handed in with a statement & signature, they're handing it up to Dublin who will contact me if they need anymore information following what I've given them so far in my 8-9 page report of evidence & suspect information.

Following that it'll be going to Interpol, Liam Neeson is probably the one taking the case :P

dbit

I suppose as its today :- you have to do it in that low monotone voice for Movie adds " They took his email ,........ Now he wants it back . ! :-P.

ColinM9991

Got all of my accounts back as of today, apart from Hotmail whom I gave the number of my local Garda station to contact so they know I'm not bull********, along with Dropbox links of images which basically contain IP addresses used by this person to connect to my Google account

Let's hope they pull their heads out of their asses.

ColinM9991

Yep, one week later and still the same old **** from what seems to be the most incompetent company in the world.


Here's a Reddit link I posted to raise some awareness on this too, as previously suggested
http://www.reddit.com/r/hotmail/comments/318nxi/hotmails_dreadful_support/