[sf-lug] Argh! [OT - mostly]

Michael Paoli Michael.Paoli at cal.berkeley.edu
Mon Mar 23 00:58:33 PDT 2015


Argh! [OT - mostly]

<soapbox>
Okay, not exactly on topic, but ... don't you hate it when ... 8-O !
... the friend's 'n family support call :-/ ... and it's not Linux or
Unix :-( (though some of this, too, would be likewise applicable to
Linux or Unix - though not as common a scenario).

So ... browser messed up - fairly probable it's compromised (and maybe
the whole damn excuse for an Operating System (OS) ... but what else is
new for some 'o *those*).  So, ... what does the person do?  They call
their ISP ... okay, that's within reason ... and relatively amazingly,
their ISP was fairly helpful (though all indications thus far is that
the problem(s) have zilch to do with the ISP).  ISP, after relatively
valiant attempts (like about an hour on the phone, and using their
tool/software to remotely access the OS on the computer, etc.) finally
'gives up', and hands 'em off (gave phone number) for Google - as, well,
the initial complaint was that Chrome was quite broken (well, if Chrome
can't get the Google home page, but Firefox can (or at least appears
to), it kind'a implicates a Chrome issue).  Well, ... then stuff happens
("oops").

Oh, and in case one is curious, the "Chrome" failure as this person
reported it to me - essentially couldn't get to the Google home page -
apparently giving a 404 error and complaining about page not found
and some cgi or cgi bin error [and me thinks home page hijack?  and
how long ago, and how much has been how thoroughly compromised and/or
generally screwed up since whenever that happened].

Person writes the number down, calls, ... number no longer in service.
Maybe ISP gave 'em wrong number, maybe they didn't hear it clearly and
wrote it down incorrectly, maybe they couldn't read their own writing,
whatever.  So, ... then they use this same computer to search for
something approximating "Google technical support number".  Keep in mind
this is being done from a quite possibly compromised machine.  So,
FireFox browser happily gives them a number - and purportedly for
Google Tech Support (color me suspicious and concerned).  So, said
person calls that number they were presented with, spends about an hour
with someone on the phone, who, ... walks 'em through remotely
accessing their computer :-/ ... after about an hour(!) of that, then
they report the problem is more serious and they want payment for
further work / corrective actions.

So ... then said person has the relative sense to call me.  Uhm, yeah,
... I look up the phone number they called for what they believed to be
"Google Tech Support" - I couldn't find that number hardly anywhere ...
and the trace of bit I did find didn't seem to be pointing to any kind
of legitimate tech support - Google or otherwise (though I did also try
calling it - a toll-free number - didn't quite make out what it was,
but it answered as "[something] independent tech support" ... the
call-in pattern and ringing also sounded like it probably transferred
from the incoming number to some other number to ring, before it was
answered.  Also did sound likely of a particular foreign accent - but
could be pretty much anywhere on the planet, not that that's especially
relevant (zero distinguishable accent would not be any assurance
in-and-of-itself).

Anyway, back-tracking a bit - checking, searching - looks like the
first number the person tried to call for Google, which they got from
ISP, somewhere along the line they got one digit incorrect.  Likely
typo or misread (rather than misspoken or misheard).

Moral(s) of the story: don't trust data from untrustworthy/suspect
sources (e.g. screwed up OS ... okay, especially when that's how the OS
ships!  :->).  Verify - notably when dealing with potentially suspect
information, use appropriate out-of-band means to check (e.g. have
someone else look it up not using possibly compromised OS, open a phone
book (endangered but not quite extinct yet), etc.)

And yes, unfortunately unsuspecting users will be duped.  And yes,
unfortunately there are those buggers out there that will take
advantage and dupe 'em.

And yes, I tried to convince said person to go with Linux, but no, they
quite insisted on that *other* OS, ... yet I *still* get the calls, ...
ugh.  Yeah, ... earlier rounds (same computer, same OS), have included,
e.g. walking through removing toolbar from hell (or close to it) from
browser ... ugh.

So yes, highly disappointing that such folks are out there in such
numbers, to take advantage of the unwary.  And very annoying that some
highly prevalent OSes out there, are damn poor at defending themselves
against malware and the like - leaving themselves as relative sitting
ducks on The Internet, and for most novice users of computer on The
Internet.  And yes, unfortunate most novice users aren't quite adept at
securing themselves (or their full of holes like swiss cheese OS) from
The Internet and others that would likewise, and especially through
such, take advantage of them.  Anyway, lot to be said for be careful,
cautious, wary, verify, etc.  Also lot to be said for making OSes much
more secure, intuitive, and harder to unintentionally do
dangerous/hazardous things - while still being easy/convenient to use -
particularly for "most" users.  And yes, some fair portion of this is
also applicable to Linux/Unix/BSD and the like.

So, too, most failures aren't that simple.  It's not "merely because
so-and-so did (or didn't do) X", or "such and such" failed.  But very
often the case of a variety of contributing factors, e.g.: Internet -
pretty much global accessibility; quite a number 'o "bad actors" on The
Internet, and though somewhat policed, to a large extent, not well
enough and such may not, and perhaps never, be feasible; OSes with more
holes than swiss cheese certainly doesn't help; many (most?) typical
users not rather to highly well understanding the risks, and how to
reasonably defend their systems and themselves against the many, and
especially prevalent hazards; and too, often lack of sufficient
suspicion by users regarding the hazards they're dealing or potentially
dealing with.

Oh, and yes, many computers with Microsoft OSes are often dumped
because they've been compromised and it's not cost/resource effective
for owning user to get that issue/problem corrected - rather they dump
it and buy a new computer (Microsoft OS typically comes pre-installed
on computer, for most typical home / small business consumers, they
don't buy computer and install OS, but rather purchase computer with
pre-installed OS - heck, that's even typically the case for most major
corporate customers - though such larger customers typically
(re)install/(re)image the computers with OS installation of what they
prefer and how they prefer it configured, etc., before they put those
computers in service).

Defense in depth ... the end user is often both first, and last, line of
defense.  E.g. (hopefully) prevents (common) social engineering attacks,
often makes/influences the purchase decisions, and (hopefully) also
recognizes when things are suspicious and/or have already gone horribly
wrong.
</soapbox>





More information about the sf-lug mailing list