Thursday, 30 January 2014

Remote Control

When I'm cleaning I take my entertainment in any shape and size. A month ago I got it in a totally unexpected form: a phone call.
With that obvious delay on a poor quality line, it felt entertaining the moment I picked up. It got even more so as the conversation started: I received this call, I was told, because my computer is in great danger!
Obviously bullshit, but I decided it's better to mess those trying to mess me up than continue cleaning. So I persevered, role playing the computer illiterate person the people on the other side were obviously after. Which computer, I asked; I have several. The Windows computer, I was told. Which Windows computer, I have several. And so I continued cleaning and chatting, while the person I was talking to was giving me instructions on how to help him clean my Windows PC (one of them) from the imminent dangers.
By now I was curious. What, exactly, were these con men after? Clearly they want to infect my PC rather than cure it, but how? I continued role playing, pretending to click here and there (and giving them a hell of a long wait while pretending to boot my PC up).
Eventually it became clear: they wanted me to let them assume remote administration for my Windows PC. Once they acquire that, they can pretty much do whatever they feel like with what will then be "their" computer.
This particular attack vector is not new under the sun. As security expert Brian Krebs points out here, remote administration is often the easiest way to hack someone else's computer resources. People tend to neglect this back door. That said, I was "impressed" by how brave these people were, calling me directly. I have no doubt they get to fool the occasional customer.
Keep watch of those back doors of yours.

Image by David Reeves, Creative Commons licence

No comments: