Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
The systems of protecting computers and networks are becoming more perfect every day. It’s harder for hackers to find a way to access data on someone else’s computer. A man remains the weakest link in cyber security. Not without reason 95 attacks on computer systems and networks begin with phishing ones. An example of such an attack observed in the last few months is mass mailings of infected Office documents. Thus, hackers try to intercept control on Windows and MacOS computers.
But this article will tell you about another type of attack. The specialists of Digital Forensic Corp. investigated several similar incidents. Subsequently, the collected evidence was given to the police to detain hackers.
The attack began quite unusually. There was a call in our client’s apartment on early Saturday morning and a voice in the receiver said: “Hello. Team of TeamViewer is calling you … “.
Then a touching story was told that TeamViewer company had stopped its work and partially returned the money spent on the purchase of TeamViewer services.
After that the client was asked for the details of the account to which the company could return the money. After a while, a voice in the receiver said: “Ooops. We have transferred you more than it is necessary. Let’s check.” Our client gave the intruder the remote access to his computer on TeamViewer and opened the online banking page. And they made sure together that he had received more than $ 2000 to his account. After that, the intruder offered our client to return some of the money. Our client went to the bank to put money on the intruder’s account. The intruder was left alone with the client’s computer. When our client returned, he found out that there was no more money on his bank account.
What had happened?
What was the caller doing on the client’s computer while he was away?
What kind of information was stolen from the computer?
To answer this question our client sent his iMac to Digital Forensic Corp. where it was studied by specialists of cyber security and incident response.
TeamViewer’s log files were analyzed, the History of the Web Browser and some other artifacts were studied. The description of what had happened was made based on the analysis.
LIST OF ACTIVITIES DURING THE ATACK
As soon as the intruder #1 gained access to the client’s computer, he gave a command to disable logging immediately. Then he gave the intruder # 2 remote access to this computer.
Then TeamViewer was set up to ensure that the intruders had the opportunity to connect to this computer at any time. Although the attackers did not have access to the computer’s camera, they heard all the sounds in the room through the microphone.
The intruders got access to the client’s bank account and e-mail using a computer. They also looked through several files. Probably the intruders searched for confidential information or passwords.
In addition, in the attack process, the intruders repeatedly tried to delete the log files, and attempts were made to install a remote control application that would work in the hidden mode. However, these attempts were unsuccessful.
Conclusion
In this article we considered an example of an attack when a well-protected computer system could not prevent the theft of money from its owner. TeamViewer and its employees are not involved in this attack. The intruders could use the names of other well-known companies and social networks instead of TeamViewer. And such cases are also known to us.
To prevent theft of funds and some information that can be later used by intruders for extortion don’t allow strangers any remote access. Don’t give them service codes, credit card numbers, ID numbers.
Authors:
Igor Mikhaylov & Oleg Skulkin
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now