One of the little companies that uses me for security stuff brought me one of their clients and the story is absolutely infuriating.
The victim retired some time ago, but they keep busy with a practice that is similar to their long term career. Their spouse died some years ago, they have a string of regulars that they work with, and this involves going on site a couple of times a month, for two to four days at a time. It’s all about transferring expertise to the next generation.
And the trouble all started with a guy posing as tech support from the victim’s ISP …
Attention Conservation Notice:
I go after this sort of stuff like a black lab who’s sighted one of those dastardly tree rats. The odds of actually catching them are low, but that has never discouraged me from trying …
The Scam:
Pretending to be tech support from Xfinity, a male speaking perfect American english called the victim, claiming their computer was showing signs of intrusion. The victim was directed to enter the private IP address of their ISP provided firewall. They did not actually log in, but this puts a big XFINITY splash on the screen, the tactic is used to legitimize access.
Next, the scammer directed the victim to download Anydesk, install it, and then give them the ten digit PC ID. They got remote access, then spent about half an hour asking questions and doing things that seemed like real support. The victim finally asked if they needed to sit and watch, the scammer said they could finish the work on their own.
Once they were alone they installed *something*, I’m not precisely sure what, but I think it might be a kinked version of Anydesk.
Remediation:
The PC involved is over eight years old, it’s running Windows 10, and none of the original install media could be found. It was determined that a new machine would entail less cost and risk than trying to reconstruct the old one. We picked out a “one liter” PC from Dell, it’ll be here in a couple days.
There are numerous small recurring charges and the business bank account balance sometimes crosses the $100,000 mark. I’m writing this while listening to the victim talk to their bank. We’re going to leave $1,000 for the small recurring charges, and the rest of the funds will be shifted to a new account.
Despite the illicit access starting Monday and my not being called in until Wednesday, there are no suspicious transactions. These scam operators specialize - the guy who makes the fake tech support calls probably sells the particulars of the access to another person who handles extraction. It’s both a national holiday and a busy time of year; when they finally get around to making an attempt there won’t be much available to them.
The victim has one phone and two PCs. The minimum for a Hexnode account is fifteen devices. They are going to pay for the plan, we’ll protect their three devices, and I get the other dozen to use with my “one of everything” tech support setup.
Pursuit & Capture:
The very first time I ever worked on something like this it involved Project VIGILANT. Someone’s elderly aunt got a frantic request from a grandchild traveling internationally and promptly sent them $3,500. The victim was in Toronto, the grandchild was in her dorm at college, and the scammer we traced to a coffee shop in London. Someone had a contact at The Met and we managed to literally get the guy pinched in the act. He was reportedly astounded, literally speechless while being taken into custody.
While we’ve got a phone number and some other details, I think they only thing we’re going to manage here is thwarting any theft. This pleases the victim, obviously, but I’m pretty sure the squirrel is up the tree, well out of my reach.
Conclusion:
Twitter had been a sticky, pernicious influence on my life for twelve years when Musk purchased it at this time in 2022. I have long wanted to do something else that did not require public exposure. The termination of free API access in April of 2023 was very freeing for me, it meant I could push the process that started in the summer of 2020 any direction I wanted.
This summer I found something to do that is utterly offline. Radio Engineering Fun isn’t just an idle hobby. Hexnode has been an annual adventure for the last three years. Now it’s going to stick and there are two other candidates for it that seem like they’ll sign up as well.
The world was already a dangerous place and I’m certain it will be much more so starting very, very soon. I seem to be in the right place at the right time, which has seldom been the case since 2007. This feels good …