Damn you, computer “hackers”!


My mom got scammed online earlier this week. This is the second time in a year that someone close to me has gotten burned by a scummy, sleazy, no good, prey-on-the-weakness-of-others-rather-than-get-a-real-job jackass. And it is so annoying!

In this case, the person that hooked my mom didn’t do any real damage. But it inconvenienced her and I for a few hours this week. And that really sucks. And, if it was worse, it would have taken me a bunch of hours more to rebuild her computer from scratch and get it reconfigured to the point where I wouldn’t have to field tech support calls from her for the next two months asking me where her missing icons or browser shortcuts have gone.

So… here’s what happened:

She ordered some stuff from Amazon.ca a few weeks ago and her order was taking forever to be delivered. She wanted to call amazon to inquire about her order. So, she opened a web browser and typed amazon.ca phone number in the default search bar. When she pressed enter, she received a google search results page that showed a bunch of options for amazon.ca customer service. This included a malicious (bad) customer support website. Unfortunately, my mom clicked on this link, and that’s where the fun began.

The link she clicked on was a phishing page (as per wikipedia: Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.). The link she clicked on went to a compromised website. The website had been designed to look exactly like amazon.ca and it had a blurb on the page with their phone number.

Unwittingly, she called the number on the malicious webpage. The helpful customer service rep (let’s call him Nedry, named after the inept hacker from Jurassic Park) that answered informed her that her amazon account had been red flagged. Nedry said someone else was trying to get into her account. He said not to worry though as he could help find out who it was and clear it up for her.

Nedry then instructed her to go to a website (citrixonline.com – a legitimate website with a legitimate app) and download an app so that they could connect to her computer. This first app wouldn’t install on my mom’s super old computer. This almost stumped Nedry, as he had to call on his supervisor to help up his game and keep my mom on the hook. His supervisor suggested using LogMeIn123 instead (another legitimate website and app). Luckily for Nedry, this second effort kept him in the game.

Once my mom downloaded and ran LogMeIn123, she connected with Nedry and gave Nedry control of her computer. LogMeIn123 provides the ability for you to share your screen with someone else and then that person can do anything on your computer.

And this is where Nedry really got to show off his stuff. Here’s what he did:

  1. He opened a terminal window and continued to show my mom what was wrong with her computer by typing these commands:
    1. ping http://www.amazon.com
    2. top
    3. netstat -n
    4. ifconfig
    5. All of the above commands spit out a bunch of fancy stats and other confusing data to the uninitiated. Nedry showed my mom some of the data and explained that it was the virus taking hold and making a mess of things.
  2. He told her that she had a bad virus on her computer. He said she had something called Torpig. He opened a web browser and went to the Wikipedia entry for Torpig. He read enough of that entry to my mom to really scare her.
  3. Then he used google to search for a website called “geektyper”. He then opened the site directly: GEEKTyper.com – Hacking Simulator. The tagline for this website is “HACK LIKE A PROGRAMMER IN MOVIES AND GAMES!” It has a subsite (geektyper.com/scp) that looks SUPER legit if you’ve ever seen a scary hacking movie.
  4. He even showed her THE GUY that was doing this to her computer!
  5. The he told her that this virus was so bad that it was everywhere in her house: it was on her computer, it was on her TV, it was on her ipad – it was on EVERYTHING!

Quick side note: I’m actually really impressed with Nedry so far. As far as social engineering goes, this guy is making all the right moves… If you’re trying to hack my mom.

And this is where things went downhill for Nedry. He had been laying things on really thick up to this point. He had my mom convinced that something bad was happening. He had ratcheted up the drama sufficiently to scare my mom. But now he had to go in for the close. This is the part of the scam where he brings home the bacon.

He explained that my mom would have to take her equipment to a local computer repair shop. But not just any shop would do. Nedry told my mom that she would need a “Level 6 Certified Anti-Hacking Network Professional”. (This sounds pretty serious! I work in IT security and I’ve never heard of these guys! They must be really hardcore!) Luckily, one of these technicians is located quite close – in Ancaster! However, my mom would have to take all of her equipment to him – her computer, her TV, her ipad, EVERYTHING. This was really stressing my mom out.

But then, like a white knight, Nedry offered to come through in the clinch: he said, but wait! There’s another way. Are you over 45? My mom said yes. He said you’re in luck! He has an offer for people over 45. He can help you remotely to fix your problem and you won’t have to take your equipment anywhere. (what a guy – this Nedry certainly seems like a super hero, doesn’t he!)

And it was at that point that my mom made me proud (kinda, even though she’d already given up control of her computer to this goon): she said, “no, I will get my son to look after it.” As soon as she said that, he got nasty and said, “I’m not helping you. I’m done.” My mom asked him to take all of the stuff off of her computer and Nedry replied, “Turn it off. I’m done.” Then he hung up.

Poor Nedry… he thought he had caught a live one and was just reeling her in. But at the last second, she cut the line and escaped. He must have been pretty pissed because he had spent so much time reeling her in. I almost feel sorry for the guy. Almost.

That’s when my mom called me. At that point, I told her to unplug the computer from the wall and I’d come by and see what had happened.

I stopped by today and replayed what happened to my mom based on her story and the evidence on the computer (web browsing history, system logs, diagnostic info, etc.). I was able to restore her computer without a great deal of effort, but I’m still debating on rebuilding her computer from scratch just in case Nedry did or installed something that I didn’t catch in my analysis.

Regardless, Nedry certainly messed up my mom’s week (no computer from Monday until Friday as she waited for me to come check out the damage), and it messed up my Friday night too to take care of this mess. So yeah… thanks Nedry, wherever you are.

Is there a lesson to be learned from this? For sure… there are at least three:

  1. Be careful where you go on the internet: Make sure the sites you visit are legitimate. Check the URL in your browser – if you’re trying to find amazon.ca’s customer service phone number, make sure the URL of the site is amazon.ca.
  2. Don’t let people you don’t know connect to your computer: No matter what! When in doubt, everyone knows someone who is computer savvy and who can help out in a pinch (spouse, cousin, grandkid, neighbour, etc.). Even if you have to pay some kid in your neighbourhood $20 to check it out, that is money well spent if it helps you avoid being scammed.
  3. When in doubt, walk away: If you find yourself stuck in the middle of an uncomfortable scenario like the one I described above, just walk away. Hang up the phone, turn off the computer and call your local tech-savvy friend to help you out. And, if you’re worried about offending the person, just mention that your <friend, son/daughter, neighbour, etc.> knows this stuff and you want to check with them. I’m pretty sure the person on the phone will get belligerent, which is a great indication that you’re talking to someone you shouldn’t be.

And note that this scam also occurs as a cold call from time to time. Someone will call you claiming that they know your computer is infected. Don’t fall for that one either! Again, use common sense and don’t let these scammers into your computer. If you’re nervous, call on your local techie to talk it through with you.

These people are relentless. They succeed with their scams often enough that it is a very lucrative trade for these scammers. And they can be quite convincing. But the best defense against them is awareness and common sense. That’s why I’m sharing this – I battle this kind of scammer every day in my day job and I’m getting really tired of it. Their techniques are so low tech and they aren’t even very good – they simply circle the pack and pick off the naive people using smooth talk instead of using sophisticated hacking skills. Awareness is a great defense and this is part of my way of fighting back against these folks.

So yeah… it was a bit of a wasted night for my mom and I. I would have rather sat with her for the evening and visited. Instead, I spent three or four hours piecing things together and documenting this story to share with you.

But I did get to stop in for a visit and I got a Swiss Chalet dinner out of it so I guess the evening wasn’t a total bust. 🙂

How about you… have you been scammed by these people? Did you get caught up in it or did you avoid getting scammed? How’d they affect you? Do tell in the comments below!

Talk soon!

Todd

 

Advertisements
About

Author, Geek, CF fundraiser & Cancer Survivor. My wife & kids, faith, baseball, infosec & devops are a few of my favorite things.

Tagged with: , , , ,
Posted in infosec, technology
2 comments on “Damn you, computer “hackers”!
  1. Ryan says:

    Thanks for sharing this fantastic story Todd. It was really encouraging, and I’m very impressed by your Mom. And luckily for you, you live nearby to come assist your Mom; my Mom is a 4 hour flight away, and for some people, their Mom is/ are on another continent. These scum prey on the unsuspecting, instead of using what appears to be half decent tech skills, to legitimately earn a living like the rest of us. And yes, a Swiss Chalet meal is not a bad trade-off! 🙂 – Ryan (former CanWest)

    • Todd Dow says:

      Thanks for the comment Ryan! (and nice to hear from you too!) I know… these people can really make a mess of unsuspecting people. And yes, I do feel fortunate to live so close to my mom. I know that some other people aren’t quite as lucky. Hope you’re well!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: