Hacking Pretty Easy Nowadays

[bernuli]

I had not been paying much attention so these were a surprise to me, but I guess events such as these are pretty common:

Both my Grandmother and Mom were subject to "internet exploits" recently.
My Grandmother received and email that looked like it came from my Brother telling her to buy some pills, and she did.

My Mom lost her yahoo password, and then Googled to get tech support. She found some number and called a 3rd party who had her start a Teamviewer screen session. The guy said he found the problem and she needed to pay Cisco $200 for the fix. As far as I can tell, all he did was startup a Terminal session, and run ping then netstat. He had screen access for 25 minutes, who knows what else he could have done.

My Brother received a cold call from someone saying he was from Microsoft. Was told his computer was infected and he should allow a remote session so they could fix.

While I myself still feel pretty safe using the internet, I now worry about family members, and will have to spend time educating them and perhaps securing their computers.

Just a reminder to you all, spend a little time with the fam and educate them.


B

[roadbloc]

Hacking ≠ Conning (although I'm sure its been used in conjunction at some point.) Unfortunately people seem unable to tell when they're being conned by services and software.

[phyrexia]

These are not internet exploits. They're social exploits. Social engineering, or conning, as roadbloc mentioned.

[fiddlestyx]

I wouldn't call this hacking, more like being conned.

Its amazing how people fall for these kinds of things. It's amazing how uninformed a lot of people are when it comes to using computers and the internet.

[Squilly]

Quote:

Originally Posted by roadbloc

Hacking ≠ Conning (although I'm sure its been used in conjunction at some point.) Unfortunately people seem unable to tell when they're being conned by services and software.

Thank you. I can't stand when people misuse the hacking term.

[boss.king]

Quote:

Originally Posted by Squilly

Thank you. I can't stand when people misuse the hacking term.

Would you say it hacks you off?

[Miss G]

Quote:

Originally Posted by bernuli

My Mom lost her yahoo password, and then Googled to get tech support. She found some number and called a 3rd party who had her start a Teamviewer screen session. The guy said he found the problem and she needed to pay Cisco $200 for the fix. As far as I can tell, all he did was startup a Terminal session, and run ping then netstat. He had screen access for 25 minutes, who knows what else he could have done.

This is exactly what happened to me today. My mom lost her yahoo password and apparently called a number that was pretending to be Yahoo. (I didn't find out til much later as she gave the phone to me telling me it was Yahoo but later I knew it wasn't.) Was the number 1-800-926-7048 by any chance? Unfortunately she uses my macbook pro so the scammer used Teamviewer on my computer. He did run netstat on my terminal. He was trying to get my mom to pay some money to get my macbook "fixed". When we did not agree to it he tried to transfer my files. I yelled at him and asked him what is he doing. I stopped the file transfer and he was like "just a minute. i'm ending the session." (uh huh, sure...) And after that he hung up...... I was completely flipping out about it and deleted Teamviewer off my macbook pro. Do you think he could have done anything more? My mac hasn't acted strange since it happened but I'm still freaked out. I can't believe these people are getting away with this stuff. I feel like I've been violated. They also asked my mom personal info (except for her ssn) that she didn't tell me about til later. Do you think they'll do anything with the info?

[TedM]

thats a bummer. The world is pretty sketch. This isn't hacking though, as most have pointed out. These traps are everywhere though.

[VenusianSky]

Actually, traditional hacking techniques are far more difficult than ever. Finding and exploiting unknown software vulnerabilities to gain access to data is far more difficult than tricking someone into just giving the data. DoS attacks on personal computers isn't of much interest. Hackers realize that making some individual's computer inoperatable is pointless these days and was only funny back in the nineties. They have since moved on to target networks of large systems and infrastructure.

[bernuli]

Quote:

Originally Posted by Miss G

This is exactly what happened to me today. My mom lost her yahoo password and apparently called a number that was pretending to be Yahoo. (I didn't find out til much later as she gave the phone to me telling me it was Yahoo but later I knew it wasn't.) Was the number 1-800-926-7048 by any chance? Unfortunately she uses my macbook pro so the scammer used Teamviewer on my computer. He did run netstat on my terminal. He was trying to get my mom to pay some money to get my macbook "fixed". When we did not agree to it he tried to transfer my files. I yelled at him and asked him what is he doing. I stopped the file transfer and he was like "just a minute. i'm ending the session." (uh huh, sure...) And after that he hung up...... I was completely flipping out about it and deleted Teamviewer off my macbook pro. Do you think he could have done anything more? My mac hasn't acted strange since it happened but I'm still freaked out. I can't believe these people are getting away with this stuff. I feel like I've been violated. They also asked my mom personal info (except for her ssn) that she didn't tell me about til later. Do you think they'll do anything with the info?

I'll find out what the number was.

Were you watching the session as the scammer was connected?

I am pretty paranoid so I formatted the hard drive and installed a clean version of Snow Leopard. It didn't seem like anything malicious was installed during the Teamviewer session, but would rather not take the chance. My Mom's user was admin and was setup with no password (not by me). So the scammer (now upgraded to hacker) could have installed pretty much anything.


B