Another Spectrum

Personal ramblings and rants of a somewhat twisted mind


1 Comment

Come on then, I dare you…

I am reasonably tech savvy. I worked in the I.T. industry for 35 years providing technical support in the banking and retailing sector, and although I retired from the industry almost 20 years ago, I have retained an interest in it, and in computing in general.

So when my Spam filter catches an email such as the one below, I sigh, knowing every claim made is absolutely false. I don’t need to fear that there might be a chance that what I view online will be disclosed to anyone I might (or might not) know.

While I prefer to keep my online browsing preferences private, there is nothing that would be terribly embarrassing or worse if others were to discover them. And to ensure that I don’t stumble across websites I’d rather not see, my home network makes use of DNS filtering through OpenDNS.

It’s not perfect. I stumbled upon copies of the Christchurch shooter’s live streaming of the event when it appeared on popular social media sites in the days after the incident, even here on WordPress. But for me personally, I appreciate the high level of selective filtering it provides, so the chances of any user on my home network being able to view an online pornographic video are remote.

Leaving aside the remote possibility of anyone watching porn from my home network, let alone my computer, and for the benefit of the scammer, here’s why the email can safely be ignored:

Hello,

Hello to you too. If you had access to my computer as claimed further below, I’d expect you to know my name, and to use it to prove the legitimacy of your claim. Using a salutation without my name is the first indication that you really know nothing about me

As you may have noticed, I sent this email from your email account (if you didn’t see, check the from email id). In other words, I have fullccess to your email account.

No you didn’t. Spoofing the from address is an extremely simple and trivial process. Every email client (even Outlook Express)  provides an easy means of doing so. Besides, a quick check of the email header, provides all the information I need to know that the message originated somewhere other than my own email account. In this particular case you relayed your email via a Yahoo mail server located in the USA.

I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions.

Really? Even on the very remote chance that I accidentally came across an “adult” site and that the site contained malware you had inserted, the odds of it being code that could infect my computer are orders of magnitude smaller. I don’t use a popular Web browser and I don’t use a popular operating system. While no operating system is perfect, any vulnerabilities discovered in Linux are patched almost immediately. This is one of the advantages of using an open source operating system. So unless your code is targeted specially towards Linux, and is using some as yet unidentified vulnerability that you discovered more than a year ago, it’s simply not possible to install malware at the operating system level.

The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won’t even notice about it.

Even in the extremely remote chance that malware has been installed, and that it had managed to gain root access when my logon user ID hasn’t, nor do any of the applications, including web browsers, have root access, your claim that the malware was capable of manipulating my camera and microphone is laughable, You see, there needs to be a camera or microphone for you to manipulate. There isn’t. But ignoring that inconvenient truth, shall we continue?

I also have access to all your contacts.

Aside from having access to a nonexistent camera, your malware, you would need to have an intimate knowledge of my operating system, and the software installed. Your malware would have to know what software I use for my contacts and where on the system the information was stored. Give me that information and I might believe you.

Why your antivirus did not detect malware?
It’s simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it.

As I run Linux on my computer, I have no need for antivirus software. You also clearly don’t understand what a signature is. It is not something within your malware. It’s something antivirus applications create from information gleaned from malware. It doesn’t matter how much your malware modifies bits of its code, the antivirus folk are clever enough to figure out how the modifications are made and build in a suitable method of identification. And as you have been sending me identical messages for more than a year, I have every confidence that if in fact there was any malware at all, every antivirus application would have long ago figured out how to identify it. So I have every confidence that even if I did run a version of Windows or MacOS, which I don’t, I would be well protected by any antivirus program I chose.

I made a video showing both you (through your webcam) and the video
you were watching (on the screen) while satisfying yourself.
With one click, I can send this video to all your contacts (email, social network, and messengers you use).

I’m rather fascinated by your claim. In fact I look forward to viewing said video. I’ve looked and looked, but for the life of me, I cannot find this web cam. Can you enlighten me?

You can prevent me from doing this.
To stop me, transfer $989 to my bitcoin address.
If you do not know how to do this, Google – “Buy Bitcoin”.

My bitcoin address (BTC Wallet) is 1Hmn2KAK2Z3VjkpMz26nmh9KVAV6KqYiYp

If you have access to my computer, could you not have simply accessed my bank account and my credit card details?  The username and password for my online banking are stored in encrypted form within my web browser and surely it would be a trivial matter for you to obtain it, especially if you have access at the operating system level. You wouldn’t even need to decrypt the password. With your supposed knowledge it should be a trivial exercise to fool the browser into decoding it for you.

After receiving the payment, I will delete the video,
and you will never hear from me again.
You have 48 hours to pay. Since I already have access to your system
I now know that you have read this email, so your countdown has begun.

As it’s been close to 9000 hours since I received your first email, and I have received around to 200 subsequent messages, why should I believe this 48 hour deadline is any more final than all the others? It’s quite obvious that you have no idea whether or not I have read your message. The most common technique for knowing if an email has been read is by embedding web link to a transparent 1 x 1 gif. My email application does not display linked images by default. I have to explicitly enable it for each message. The other common technique is to include a flag requesting an acknowledgement when an email is read. My email application is configured to never send an acknowledgement. Besides, I read the contents of your email from within my online Spam filtering system control panel, which, not being an email client, can not open links nor send acknowledgements.

Filing a complaint will not do any good
because this email cannot be tracked.
I have not made any mistakes.

You fail to understand how emails are sent. I can tell exactly the last server and location that the message passed through before it arrived at my mail server (yes, I have my own mail server). Armed with that information and the cooperation of email server hosts, I can track the message to a vpn and beyond, or to a compromised computer. I’ll concede that I’m unlikely to find your identity, but that’s of little concern.

If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts.

Well, as you can see I have shared it. Come on then, send the video. I dare you.

Take care

Of what?

Some further details for those still reading: Some of the messages contain a username and password that I possibly did use many years ago, but not in the last ten years. Over the three decades that I have had online access (does anyone remember NCSA Mosaic?), I have been notified a few times that a website I use has been hacked and and there’s a remote chance that user credentials might have been compromised. This is the most likely source of the user credentials included in some of the scam attempts. In most cases, they have been sites that I had stopped using, but even in the two cases where I am still an active user, I’m not particularly concerned.

You see, I never use the same username and password on more than one site. Yes folk, I’m one of those nerds that use a different user ID and password for every website, and for every computer login. Perhaps I’m fortunate in that I also own several domain names, and can create an unlimited number of email addresses. So even though a great many websites now require an email address as the user ID, I can still create a unique email address/user ID for each and every site.

What the scammer probably doesn’t realise is that every Spam filtering system worth its salt, now recognises such messages as Spam, and will have done so for many months. The intended recipient is unlikely to even see these blackmail attempts.


25 Comments

(Not) Windows Support Desk

[Ring ring. Ring ring]
ME: G’day. This is Barry
CALLER: Hello this is Windows support. I’m calling regarding a problem with your computer.
ME: Oh? what kind of problem?
CALLER: Do you realise that your computer is generating a lot of Internet traffic that is related to viruses and malware?
ME: No. Is that bad?
CALLER: Very bad. You can get into a lot of trouble if you let it continue.
ME: Bugger! So what should I do?
CALLER: That is why I am calling sir. So we can repair your computer and make it safe. Just follow what I tell you to do. Do you understand?
ME: yes
CALLER: OK. Please turn your computer on.
ME: It’s already on
CALLER: Ok. Hold down the Windows key, press the “R” key and release the Windows key.
ME: What’s the Windows key?
CALLER: Do you see the key at the front left of the keyboard? It should have the letters CTRL in it.
ME: Yes
CALLER: Well the to its right should be the Windows key.
ME: Oh you mean the one with a kind of wriggly 4-paned window one it?
CALLER: That’s the one. Hold it down and then press the “R” key then release both keys. Got That?
ME: Yes. [pause] Done it.
CALLER: Ok. Now type in E V E N [unrecognisable] [unrecognisable] W R
ME: Sorry my hearing’s not the best. Can you spell it out again please?
CALLER: E for echo, V for victory, E for echo, N for November, T for tango, V for victory, W for whisky, R for Romeo.
ME: [pause] Ok. Now what?
CALLER: Click Ok.
ME: I don’t see an Ok button. Should I just press Enter
CALLER: What? Ah, yes, just press Enter. Then tell me what you see.
ME: Nothing
CALLER: Huh? What do you mean nothing? Can you describe exactly what you see on your screen.
ME: well, I mean Nothing happened. The box that I typed E V E N T V W R into is still sitting in the middle of the screen.
CALLER: Do you have any other programs running?
ME: Yes, I have my email program, a web browser, a word processor,and a [Caller interupts]
CALLER: [cross tone] You must close all programs completely. Do you understand? I want just the desktop like when you first start your computer. Am I clear?
ME: No need to be so short. If you wanted a clean screen you should have said so at the beginning. Now, when you say “Like when you first start your computer”, do you mean before I log in or afterwards?
CALLER: [sounding flustered] Before. No, I mean Afterwards.
ME: [sounding doubtful] Ok. Hang on a mo.
[long pause]
CALLER: Hello? Hello, are you there sir?
ME: Yes. I was just closing down everything. I’m ready now.
CALLER: [speaking slowly and deliberately] Ok. Hold down the Windows key, and while holding it down, press the “R” key. Then release the “R” key and then the Windows key.
ME: [short pause] Ok, Done.
CALLER: Has a box appeared?
ME: Yes
CALLER: Type E V E N T V W R into the box and then read out what you have entered.
[slow typing can be heard]
ME: Done. I’ve typed in E for echo, V for victory, E for echo, N for November, T for tango, V for victory, W for whisky, R for Romeo
CALLER: Very good! Now click the Ok button.
ME: Like I said before, there’s no Ok button.
CALLER: [pause] What buttons to you see?
ME: There are 3 buttons: “Preferences”, “Close”, and one that is greyed out with the label “Launch”.
CALLER: Does the box have a title at the top?
ME: Yes.
[silence]
CALLER: Well?
ME: Well what?
CALLER: [exasperated] What it the title?
ME: Oh sorry. “Application Finder”
CALLER: And you got there when you pressed the Windows key and the R Key – are you Sure?
ME: If you mean the R key between the E key and the T key and below the 4 key and the 5 key and above the D key and the F key, then, yes, I am sure. If there’s another R key somewhere else, you’ll need to direct me to it.

The above conversation is the beginning of a 31 minute 17 second session I had with a guy that was trying to “help” me fix a “serious problem” on my computer. After several more unsuccessful attempts to run Event Viewer, he tried another approach:

CALLER: I want you to click on the Start Button.
ME: Where do I find the Start Button?
CALLER: At the bottom left hand corner of the screen
ME: There’s no button there
CALLER: [sounds like he’s talking with clenched teeth] There is a bar that runs along the bottom of the screen. On the left side there is a button that says “Start” or it has the Windows logo on it. I want you to click on it.
ME: Look mate, I’m telling you there’s no bar along the bottom of the screen and there’s no button with Start or the logo on it. I’d tell you if there was. Are you sure you’re qualified to be doing this?
CALLER: You little sh*t! Do you know how much trouble you can get into by messing around with Windows Security Office? You don’t want to f*ck with us.

Usually these types of calls end abruptly when I question the qualification of the caller, but this was a new approach. He clearly thought I was a young person trying to be smart. He then went on to explain how I could be banned from the Internet for life for knowingly distributing malware; that my telephone would be monitored, and as distributing viruses and ransomware was regarded as terrorism by the authorities, I’d be put on the terror watch list and the No Fly list, and so would my parents. He then threatened to set the wheels in motion unless I cooperated fully, and asked me again to click the Start button.

I gently explained that I was in fact 69 years old, and as I have autism I often take instructions too literally, and rather than assuming my screen looked exactly like his, he should ask questions that would lead him to understand how my computer is different. I then gave the example of Instead of being rude when I said I didn’t have a Start button, he could have enquired what I do to start up a program.

This seemed to calm him down and we spent another 20 minutes or so as he fruitlessly tried to lead me through installing a remote desktop, a key logger and backdoor, and finally an attempt to install TeamViewer. If only he had bothered to ascertain what operating system was installed on my computer, he would have had a much easier time. My home has been Microsoft Windows free for almost 15 years. Our 2 desktops, a laptop and our media and backup server all run variants of Linux.

Eventually it dawned on him that I might be leading him on and he directly asked if I was wasting his time. So I told the first porky of the evening. I mentioned that New Zealand was a member of the Five Eyes Spy network and I had been using delaying tactics so that his precise location could be identified. It was just a matter of deciding whether to use the local law enforcement agency to arrest him, or the Internet Rendition Unit to whisk him to a jurisdiction where Internet crime is better dealt with. The decision would be made within 24 hours. At that point he hung up. I have no idea if he believed any of the lie, but I hope he sweats for a few hours at least.

I don’t like lying and on the rare occasions I do, I always feel physically uncomfortable afterwards. But on this occasion I actually feel good.