Friday, 1 February 2013

Security breach probe

A walk into town for the seven thirty coach to London freshened me up nicely. The man charged with dispatching the coach had a smartphone rigged to scan passengers' tickets. Those printed from an internet booking contain a QR code which can confirm the place assigned. Official National Express tickets don't (yet), so require visual checking and a photo taken, I think. The two add up to the number of seats available. An interesting development. I commented on the innovation to him, but he remained unsmiling. Obviously it was too early in the day for him to rejoice in anything.

My brisk awakening didn't prevent me from snoozing for a while on the coach, before saying the Divine Office, then writing a blog post and a brief report during the journey. I remembered to stow my BT wireless dongle in my little laptop case. It worked a treat on the M4, only on the last leg through West End London, did the signal get wobbly in between high buildings. 

I was with my sister June by midday, cautiously going over her compromised computer to see in which ways it had been interfered with by the IT telephone scammer of last Friday. I found 'system optimiser' software that she'd been tricked into paying for installed, also 'Team Viewer' a reputable program which enables secure remote access of another computer, both on the date of the call. Funnily enough, last year I considered installing this to allow me to troubleshoot her computer problems remotely, but I didn't, as I had no experience of how to use it securely.Its presence meant that someone could access her computer and install things on it remotely while it was on without her knowing.

Once it and its settings were uninstalled, I connected to the internet, updated the anti-virus, performed a scrupulous scan of the system, taking three hours. There was nothing malicious detectable. The anti-virus program log showed it had last updated before the scammer called, finding nothing malicious to quarantine. June's bank account had been debited for the software sold to her fraudulently, but she'd just received a letter informing her the amount had been refunded to her account. Well done NatWest!

Certainly, some clean-up work had been done, as browser history and the recycling bin were unusually empty. There were few redundant files and links to files scattered around as usual. On the surface, some sort of job had been done to justify the remote access visit as a 'client service' - except that it wasn't asked for, and was achieved through an outright lie. The remote access portal had not been removed, and  Gmail password handed over by trickery. Free access rights to my sister's computer could then be sold on by the invader to anyone wanting to add it to their botnet, or use it as a spam server.

June said that just before the scam call, she'd had an odd virus alert pop up. As there was nothing logged, I wondered what happened. Had the router been hacked to provide an opening through which to send an Instant Message fake alert via Google Chat, while she was reading emails? I wondered. Microsoft IM was banished from her computer long ago for (in-)security reasons. The router stores the phone number to access broadband, so it could provide the vital link for a scammer to call, once hacked. Or did one of the many circulating emails containing jokes and stories carry a nasty payload to open a hidden backdoor to her machine? Maybe I'll get to the bottom of it one of these days.

The best thing about the day was the arrival of our cousin Dianne to spend the afternoon with us. It was such a delight to meet up, as I haven't seen her since we dedicated her mother's memorial stone in Sunningdale churchyard two years ago. She's retired since then, so there was plenty of fresh delight in new life to be shared. The coach was packed on the way home, and on time despite the Friday evening rush hour crawl leaving London. I'm still mulling over June's router - I didn't change its administrator access password. She didn't have it. Hmmm. Not finished yet, maybe. A call to TalkTalk Care should be able to do something about that tomorrow.
  

No comments:

Post a Comment