Tuesday, December 9, 2014

Remote Support

This is a story about a potential huge security breach that affects anyone who may use a computer in their home and should be taken into consideration for yourself as well as friends and family.

A little over a year ago, I received a call from an unknown number where the caller represented themselves as Microsoft.  The caller, who spoke in a broken English dialect, indicated that there was a problem with my computer and that I should log into it right away.  Almost immediately I was skeptical of the caller’s intentions to help me as I understood that as a computer technician myself, I knew that my computer was in exceptional shape and that I would not be in any real danger.  I decided that I would play along until it got too serious as I expected the call would go in that direction.

The caller that I worked with was exceptionally clear on the steps I needed to follow and actually presented himself in a way that would make anyone believe that they were in a legitimate role and actually trying to help.  He asked me to go to my computer and power it on if I had not done so already.  As it turns out I was off from work that day and was at home with the computer already on.  The caller asked me to go to my start button, the Windows button that is in the lower left hand corner and continued to give me instructions to open a command prompt.  He asked me once the command prompt was open, to type out the following command:
netstat -n

Without going into great detail, the netstat command displays network connections for your computer.  One of the fields in the results is named “Foreign Address” which he asked if there were any numbers for me when the results came back.  Well of course it did because one is generally connected to the Internet.  He indicated that, with giving no evidence mind you, that those connections were to China and I was in the process of being hacked.  Well, Probably not!

I believe at this point anyone would feel that they were in serious trouble and would be open to any help that could be given.  Although in fact I or others were in not trouble whatsoever at this point, the trouble would begin now.  The caller indicated that they could help stop the hacking from China and that there would be a few additional steps.  The caller had me open an internet browser go to the website of one of the popular remote tools, such as TeamViewer, Join.me or GoToMeeting.  I continued to go along with this rouse and downloaded and subsequently installed the tool as requested.  At this point it was clear to me that he would gain control of my computer shortly and have the ability to do anything he wanted to by way of having free remote access to my computer.

It was at the point that the caller was about to remotely connect to my computer, that I decided it was time that this charade should be stopped.  We were at the point that in TeamViewer, I believe that the program had installed and presented a number that a remote person, using the same program could get access to your PC.  I stopped and began telling him of my IT experiences, what NetStat was doing, what he was about to do and why I had to stop him.  Before I hung up on him, I told him that he should divert his seemingly good computer and customer service skills in a positive direction, as opposed to hijacking people’s computers.
In the weeks that would follow, I believe I received at last one more call from this person or one of his co-conspirators, attempting to gain access to my computer.  If this was happening to me, I became concerned about others out there, who may be more na├»ve when it comes to computers and networking.  At a local festival, I happen to notice a detective at a display booth for our police department.  I asked him if there was anything law enforcement could do as I was not sure what kind of crime this was, but seemed like one nonetheless. Based off his response, it was kind of a dead end as it was my understanding that they were somewhat helpless in this regard.  This article is basically meant to be a warning to others as I am not sure if there is another forum to alert others of this what I call attempted computer hijacking.  

 In summary, here are the points I wish for those to remember:
  • Microsoft (or Windows as they call themselves sometimes) will not call you!
  • Never give remote access to your PC to anyone you do not know.
  • The best prevention is to hang up on these people as soon as possible.

No comments:

Post a Comment