Security
Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
Security
Once upon a Social Engineering Attack
Jan 13, 2014

hacker.jpgI was attacked a few months ago, and I thought I would share the experience with you, so you would know what to look out for. This was a REAL social engineering attack that, if successful, could have wiped out my bank accounts. Technically, it was a failed attempt, but an attack nonetheless.

 

A few months ago, I got a call from a scammer trying to get me to do stuff on my home computer.  The villain had no idea who I was, or that I knew anything about computers.  I acted very concerned and played along with the scam.

 

They said they were from "Norton" (which was a dead giveaway that this was a scam) and that they detected suspicious activity on my computer.

 

To convince me that I had something strange on my computer, he had me do a NETSTAT command at my c: prompt. (You can actually try this command yourself at your c: prompt.  It really does nothing more than give a list of TCP connections on your windows system.)  The second column is labeled "foreign addresses" and he told me that those were foreign countries attacking my system. I had to put him on mute so he couldn't hear me laughing.

 

He told me not to worry and that he would take care of me. Then he said that I must go to a certain website.

 

I won’t mention the website here since it is most likely still malicious. I did not go there at the time either, but went there later (with all scripting off). The site had very helpful tips on preventing malware and listed multiple Symantec products. Very good scamming. There was even a 1-800 help desk phone number on the site (I called the number later and it went to an apartment finding service in Florida. The person who answered was very confused why she was getting all these tech support calls.  Again, a fake and stolen number. These villains have no boundaries).

 

Every single link on the web page would download an .exe file. Running the .exe through virustotal.com to see what it was, it came back that it was not malicious. Hmmmm.  The executable was called AA_v3.exe, which is from a real company www.AMMYy.com. It is a legitimate application used to allow remote control access for helpdesks. A great use for helpdesk employees to take control of someone having issues with the computer.  If I had gone any further with this villain however, they would have simply had me install the RAT (Remote Access Tool) and had their way with my system once they got my IP address (which was already on my screen due to the NETSTAT command).

 

While all this was happening in real time, I told the scammer that I was very concerned, that I wanted him to help me but someone was at the door and to hold on.  I put the villain on mute and called the local police department.  I had a cop (a former Silicon Valley high-tech employee himself) listening on my cell’s speaker phone while the villain was on my home speaker phone (a cobbled together conference call, but it worked). Then I acted naive throughout the process and had the scammer tell me everything I should be doing.

 

Before too long, I told the scammer that his line was being traced (a little white lie on my part), that the police were listening on the line, that he was busted and a pathetic human being for his social engineering attempt. I asked if he understood what was happening…he said “yes” in a little voice knowing he had failed and then hung up.

 

Another unnerving thing occurred when I was debriefing with the police. The cop mentioned that it would be a waste of time to take a report since no crime was actually committed.  If you think about it, all the villain was doing was “selling me something.” even though it was free. Until money actually moved out of my accounts, the local police’s hands were tied and they don't really have the expertise to follow up. Since it was not planned before, they could not trace the call either. Maybe I simply called the wrong law enforcement agency.  But who would you call in the heat of the moment?

 

So that puts the onus on us to get the word out. And make sure people are aware that such attacks are going on. 

 

Please let your families know that this scam is real and ongoing. Once the villains get their victims to install the RAT through a very convincing social engineering effort, they have access to everything on that system and most anything that system can access—including people’s bank account information.

 

Be safe out there!

Jan 17, 2014
Juniper Employee

Geeze Louise, incredible story.

 

I think it will be a long time before we get ahead of this kind of intrusive activity. Thanks for sharing this; I will be passing this on to my friends and family.

Feb 21, 2014
MaeltorRSI

The LEO is rght though.  No crime was committed because you were smart enough to know what was going on.  That is the real problem; our laws haven't caught up to the modern environment we live in.  Attempts to update our digital legal frameworks that have been floated have all failed because they were terrible in every way (think SOPA, PIPA, etc).  

 

You would have had to actually gone through with the WHOLE thing and let them compromise your system, and (most importantly) probably move/remove money or steal and abuse your personal information.  This is obviously something you weren't going to do, so there is nothing that can be done but exactly what you did which is hang up.

 

This happens to people I know all the time.   

Top Kudoed Members