Saturday 21 December 2013

E-mail hackers = evil scum

Without doubt, the criminal scum who attempt to rip off normal people through computer fraud will spend all eternity burning in the hell of their belief system. And if they don't believe in an after-life then I'm sure we can devise a hell especially for them.

I'm slightly peeved with these toe-rags as I've just spent several hours helping a friend to recover from an e-mail account hijacking.

Over the last year or so I must have had a dozen e-mails from friends and contacts with the usual sob-story that they're in Nairobi/Istanbul/Cairo/Casablanca or wherever and have been robbed/lost their money and tickets/been arrested and need some financial assistance. Most of them have been yahoo or btinternet accounts. It's a well known problem and seems to be almost inevitable for yahoo mail users, even the careful ones.

This one was unusual as it was a gmail account, which tend to be a lot more secure (or can be).

The hijacker was a bit nastier than usual as well.

The sequence of events:

  1. They managed to log in to the gmail a/c
  2. They changed the password
  3. They set up a 'reply-to' to a yahoo a/c with the same user name that they'd just set up.
  4. They sent out the begging letter to all the contacts in the address book
  5. Then they deleted all the mail in the a/c and emptied the trash - although they left the address book intact
  6. They also managed to get into his Facebook a/c and changed the password on that too.

Friend then gets lot of calls and e-mails telling him he's been hacked, and made the mistake of googling for assistance, and ended up talking to some dodgy company in India who used Teamviewer to control his machine and showed him the terrible things that were there and frightened him somewhat. (They weren't there I hasten to add). He agreed to pay them the £130 they wanted to clean up his machine. Luckily the bank stopped the payment! Total scammers, and presumably the same nice folk who phone little old ladies and claim to be from Microsoft and offer to remove the virus from their computers. What are the Hindus like for punishment in the after-life?

He then reported the issue to Google and got his password changed using the 'security questions' so he had his account back, minus all old e-mail.

He also reported the matter to the police (which will undoubtedly result in a series of worldwide dawn raids and arrests within days, if not hours - well, possibly in some parallel universe)

He also got all his credit cards changed.

Wisely he then asked me for advice and we've spent several hours sorting things out.

For reference, this is what we did.

  • Firstly, check his gmail a/c to see if any other nasty surprises had been left, like filter, forwarding etc. Only obvious thing was that a reply-to address had been set up, and has now been removed.
  • Then contact Google to see if they can recover his deleted mail. There's an excellent summary of how to report problems and get mail recovered at

    https://support.google.com/mail/answer/78353?hl=en
  • We filled out the form and within 10 minutes the mail was all back. Serious "thank you very much" to Google for such fast work. (I suspect they have to do it quite frequently...) 
  • Looking at the mail discovered some messages from Facebook about changes of password and e-mail a/c (to the new dodgy yahoo a/c), so then had to do a forced reset of the FB password and e-mail a/c. Not too stressful, although the option to recognise people in photos was useless!

Meanwhile we're wondering how it had happened in the first place. Checked that AV was up-to-date on friend's main laptop and ran full scan, completely clean. Ran different AV to doublecheck, and about to run Spybot as well. So probably not something as obvious as a keylogger. If they'd done that I think they may have tried high value attacks like bank accounts rather than a standard scam that's unlikely to work, and grabbing FB contact lists.

We chatted about his recent activities. Did he use an internet cafe or a strange computer? Could someone have shoulder-surfed when he logged in in public? And he travels a lot, in some slightly dodgy places (including Nairobi - where he met a nice lady who offered him TWENTY SIX MILLION US DOLLARS). He travels with an old laptop, and remembers using some unsecured public WiFi spots. We decided that was probably it - shoulder-surfing or unsecured WiFi with some nasty goings-on on the server.

That was actually quite encouraging, as he'd been worried that someone had hacked his actual laptop - but it doesn't seem to be that. (The nice lady in India who should go and get an honest job suggested that someone had hi-jacked his IP address - I'm not sure how that would work.)

So, we then looked at how to stop it happening again.

First off, we turned on Google 2-factor authentication. This is a seriously important step, and really everyone with a google a/c should use 2-factor. It's simple - when you try to login from an unfamiliar computer google will prompt you for a second, one-time pass code. It can either send it as an SMS to a previously agreed primary phone, or it can make a voice call to the phone, or you can install an app on a smartphone that generates a code that changes every 60 secs (like the good old SecureID tags that I used for remote dial-up loggin to Eagle Star many years ago). Some other services offer 2-factor, and everyone should use it whenever possible.

Then we looked at the issue of possible hi-jacking of a WiFi session. He's now going off to install VPN software (I suggested Hide My Ass Pro) which will create a secure connection over even an unsecured WiFi network. I've used it, and it works with Windows and Android devices, and I assume a whole lot of others. It has other uses too, but well worth the $60 p.a. (special offer) if it prevents a repeat of something like this.

That seems to be it. I'm not sure how effective it would be to report the dodgy yahoo a/c to yahoo.

We had a look at the gmail account history, to see if we could get an IP address for the soon-to-be-spit-roasted one, but we'd left it too long. Pity. Can one book a drone strike on an IP address anyway, or do they want a grid reference? (That's a question for you, NSA)

A useful lesson (or two) to us all. Mainly a) use two-factor authentication and b) don't use unsecured WiFi

Hopefully this particular scammer/hacker/little shit will shortly have an accident that wipes out all their savings on medical bills, without actually being life-threatening. May they live a long and miserable life of anticipation of the hell-fires that await them when DEATH finally comes to take them.

Thursday 12 December 2013

Companies in the community

We've been in business for over a decade now, and from the beginning we've been aware that there is more to being a small business in a rural area than screwing every penny possible out of every customer. In the big city you may get away with it, but living and working in a small community really makes it obligatory to contribute to that community in whatever way we can, whether as individuals or as businesses. That may be something as simple as paying for an advert in the village school's calendar, but in our case it goes further: we're always happy to contribute our professional skills to local community groups at reduced costs or even for nothing. From a pragmatic point of view this sort of pro-bono work may help to generate a bit of paid work by spreading the word about the company, and in rural areas reputation is everything: very few small businesses just look in Yellow Pages when they want a web developer - they go by word of mouth recommendations (or at least they do round here). That's one factor of course, but on the whole we do it because we actually want to - we want to get involved with local groups and businesses - they're our neighbours, after all.

One recent project comes to mind: Siop and Caffi Cynfelyn.

Siop Cynfelyn is a community enterprise (Cwmni Cymunedol Cletwr) that has taken over the site of a local petrol station/shop/cafe in the village of Tre'r Ddôl on the A487 that had been empty for several years. In May 2013, after a lot of hard work by a team of volunteers, the café and shop were re-opened to the public. It's grown steadily since then, staffed mainly by a team of dozens of volunteers, and is now in the process of applying for grants so that the group can buy the site and completely redevelop it. Our initial contribution to the project was an offer to develop a website (a freebie of course) to keep locals up-to-date with the project plans. That then evolved into a site aimed at advertising the activities in the shop and café and progress on the project. It was then added to with a private area for managing communication with the volunteers and to maage a general customer mailing list. Although the site was developed with our standard content management tools, we're still doing most of the content editing as well.

Of course in this case our involvement didn't stop there - somehow I'm now on the management committee and I also seem to be doing a couple of shifts a week making excellent lattes for the customers and standing behind the till (a strangely slow piece of advanced computer-based technology. Why does it take 7 seconds to calculate that there is £4.00 change from a £5 note when buying a £1.00 loaf? Very odd - I think there's a little demon in the box writing down the details of each transaction with a quill pen.)

You can see the website at www.cletwr.com


The managers have also been busy, and set up a Facebook account, which helps to spread the word

...and of course, if you're on the A487 between Machynlleth and Aberystwyth at any time, why not pop in for a cuppa and a slice of cake, and a chance to buy some excellent local produce - choose the right time and you might even meet Santa Claus