Tag: tucson

Common Online Scams and Cyber Crime: Microsoft Pop-ups

Wesley Schaeppi

Almost everyday I work with individuals who are victims of attempted internet scams. More often than not the attempt can be thwarted by immediate action and remediation. In some cases, the scam is successful and profits the Cyber criminal.

In this article series I will describe a few of the scams witnessed. From fake Microsoft pop-ups, faux Apple support numbers, and phishing attempts, I hope this series proves to help those who are targeted.

Microsoft Pop-Ups

One of many fake Microsoft Pop-ups

What are they?

These are pop-ups that claim to be Microsoft support, often supplying a phone number for you to call. They often include loud noises and alarms to induce panic in the user. In some situations it will also prevent you from closing the pop-up by preventing you from clicking the ‘X’.

Why?

The goal for the scammers is for you to call the phone number provided. When you call they will usually instruct you on how to grant them access to your computer to fix the issue. This usually entails a fee of around $300. After bringing some prompts on your screen and developing a very intriguing story on how hackers are infiltrating your computer, you may be inclined to pay up.

What do I do?

First, do not panic and do not give your card information to anyone. If you have given them credit card or banking information, call the respective bank and report that your account has been compromised, reporting any fraudulent charges immediately.

If you are on the phone with them, hang up and turn off the computer (if they are actively controlling it and you have given them access).

Stuck at the pop-up?

Attempt to use the hotkey to close the current window, you can do this by holding the ‘Alt’ key and pressing ‘F4’. This should close the current pop-up window and allow us to continue. If not, attempt to open task manager using ‘Ctrl’+’Shift’+’Esc’ and close the applications/processes associated with your web browser (Internet Explorer, Microsoft Edge, Firefox, Chrome). If all else fails, shutdown/restart the computer.

Next, we need to clean up some things in our web browser. The pop-up is probably still residing in our history, or recently opened tabs. We want to minimize the risk of receiving that pop-up again.

Follow one of the following guides; Reset Internet Explorer, Microsoft Edge, Firefox, or Google Chrome

NOTE: Resetting your browser will remove extensions and add-ons but will not remove bookmarks or passwords.

Now we want to remediate any damage done, or remove any malicious files on our system. My recommendation is to use some free software supplied by Malwarebytes. Run a scan with the following and feel free to remove them afterwards if you choose.

Download, install, and scan with both Malwarebytes Anti-Malware and AdwCleaner from this page; malwarebytes.com

NOTE: Malwarebytes Anti-Malware will start with a free 14-day trial of their premium subscription, but may be changed to their completely free version.

Summary

Luckily in most cases, these scammers are not very skilled, they follow a script in hopes of easy money. Any damage done can usually be reversed. Take some time to practice safe internet use with this article from getsafeonline.org

As always, stay safe and be on the lookout for future articles from IT Wes. Thank you!

Coming soon..

Common Online Scams and Cyber Crime: Fake Support Phone Numbers

Common Online Scams and Cyber Crime: Phishing Attempts via Phone Calls & Emails

Cryptocurrency, Blockchain, and Security

Wesley Schaeppi

Cryptocurrency provides a means of trading assets on the Blockchain. Blockchain is a distributed, irrefutable, digital, public ledger. It attracts many people due to the fact of being peer 2 peer, allowing an individual to trade assets directly with another person across the globe.

Why is this valuable? Everyday we hear of a new hack on a centralized entity, or we hear of malicious actors within these systems. Think of; Equifax, Wells Fargo, Target, TJX Companies.

Equifax compromised 143 million Americans. Wells Fargo had a malicious practice where they created as many as 3.5 million bogus financial accounts. The Target hack compromised 40 million consumer credit/debit cards while TJX Companies, 94 million cards.

Security and the economy are changing rapidly, people are unsure whether they can continue to trust these banks and large corporations.

Security and Encryption

When you create a cryptocurrency wallet, you are given a corresponding private and public key. This is asymmetric encryption and is the foundation in securing your assets. We will use the cryptocurrency Ethereum as an example.

If someone wants to send you some Ethereum, they will send it to your public key. After receiving the funds, you can now interact with your new found wealth by unlocking your wallet using your private key.

Every transaction is a hash, whether you are sending tokens to an individual, or interacting with a smart contract on the blockchain. Your private key signs a transaction request and creates a hash to publish to the blockchain.

Hardware Wallets

If you lose your private key, your funds are gone forever. Using 256 bit encryption, the odds of generating a wallet with funds, is virtually impossible. If someone knows your private key, or steals your private key, they can now steal all your funds.

A hardware wallet contains a secure element chip. An RNG, random number generator gives you a public/private key. It keeps the private keys stored on the device and does not allow it to be seen from outside of that device. Using a hardware wallet, it signs transactions on the device before sending the encrypted hash through your computer, then to the blockchain using your internet connection. This increases security substantially, as you could theoretically plug in your hardware wallet into a malware laden computer and securely make a transaction. Some people feel generating a wallet on any computer is a security risk, as your private key is exposed and prone to compromises of said computer.

Nodes, Storage, Mining, and Redundancy

Nodes are devices that store part or all of the blockchain. Anyone can host a node, this allows direct access to the blockchain without using other peoples nodes to process your transactions. Mining Ethereum or Bitcoin is proof-of-work, computers are set up to calculate hashes extremely fast, they submit their solutions, and get paid in return. Their payment comes from fees paid by other users, and new blocks that generate new tokens. Anyone can start mining, it is decentralized and can be set up relatively easily.

There are nodes and miners all over the globe, this provides redundancy. The network will still continue if people decide to take down their node or mining operations.

The blockchain is massive. If you wanted to host a full archived Ethereum node, you could expect to use over 700GB of storage. There are other options that only require anywhere from 100MB to 240GB. This is an issue, as the size gets larger it will dissuade users from hosting nodes, this leads to less decentralization and more centralization.

Attacks and Hacks

51% Attack

Signed transactions are put in to a pool of unconfirmed transactions. They await their mining savior to provide the computational power to find a solution hash and publish to the blockchain. It is possible for these miners to provide false, malicious solutions. This forks the network and now you have two different blockchains. If the malicious blockchain gains traction, it can potentially be the new ‘correct’ blockchain. All transactions that were processed on the old blockchain are reversed to a previous state, people will lose tokens and some will be able to double spend tokens they had sent previously.

Luckily, this is extremely hard to do. This requires 51% of the computation power of all miners. The amount of power required to do this attack is enormous. There is also a deterrent, if you have this much power, why not just mine like everyone else? You would receive rewards for your work. This is still a very serious issue and many smaller blockchains have been victims of 51% attacks.

Code is Law

Smart contracts are pieces of code, dApps (decentralized applications) published on the Ethereum blockchain. These can be interacted with by anyone in the world who has an internet connection. Anything published to the blockchain cannot be changed.

Parity has a multi sig wallet contract that was killed by an individual calling a ‘kill’ function on the contract. This was a fundamental flaw in the code that allowed one individual to freeze $300 million worth of Ethereum.

Similar to other applications, if your code is flawed, it has a vulnerability. Unlike other applications, on the blockchain, you can’t edit or update your code. This has put focus on developers to publish thoroughly tested, and proven code.

Conclusion

Cryptocurrency and blockchain has captured the minds of a generation. Developers all over the world are red eyeing projects that apply blockchain in numerous ways. Individuals imagine a world where we no longer need to depend on the corporations to handle our currencies and assets. We’ve seen what centralization provides and diminishes. Decentralized, it’s your choice.

REFERENCES

https://www.investopedia.com/news/5-biggest-credit-card-data-hacks-history/

https://www.usatoday.com/story/money/2017/09/14/equifax-identity-theft-hackers-apache-struts/665100001/

https://www.bloomberg.com/news/articles/2018-05-04/wells-fargo-reaches-480-million-settlement-in-class-action-suit

https://support.ledgerwallet.com/hc/en-us/articles/115005198485-About-hardware-wallets

https://ethereum.stackexchange.com/questions/143/what-are-the-ethereum-disk-space-needs

https://medium.com/coinmonks/what-is-a-51-attack-or-double-spend-attack-aa108db63474

https://medium.com/chain-cloud-company-blog/parity-multisig-hack-again-b46771eaa838

Windows Password Removal

Wesley Schaeppi 
Live boot to your Linux OS of choice (Kali and ParrotSH recommended as they have the tools pre loaded)
 
Secure boot may need to be disabled to live boot.

Open file/folder explorer and navigate to the Windows drive of host machine and navigate to C:/Windows/System32/Config

Right click and ‘Open In Terminal’

Enter command ‘ chntpw -i SAM ’

Follow prompts; Select ‘1’ to list and view users you can edit.

View the list and find the ID corresponding to the user you would like to make an Administrator or remove the password outright. (ID will look like “ 0f5 ”)
 
When finished making the changes needed, press ‘q’ to quit. You will probably need to press ‘q’ twice before you are asked to save changes to the SAM hive.

Press ‘y’ to save changes made

Restart computer into Windows to verify changes successful

Note: If you get a read-only file system error when executing the original command, do the following-

Boot to the Windows login screen, select to Restart and live boot into Linux on that reboot. This will prevent the file system from being Read-Only.
Windows Password RemovalDownload

Cloning With Macrium

Wesley Schaeppi 

Install Macrium Reflect on the computer you would like to clone.

Load Macrium and select the source drive you’d like to clone.

Uncheck the partition after the main partition C:/ D:/ (this is required when cloning from a larger drive to a smaller one, as Macrium will want to resize the last partition, it needs to be able to resize the main partition)

Select ‘Clone this disk…’

Follow prompts ( VERIFY YOUR DESTINATION AND SOURCE DISK ) and click finish.

Allow clone to finish, when finished power down and unplug original drive, install the freshly cloned drive and verify functionality.
Remove Macrium from the machine.

Potential Errors

When the original drive is showing signs of failure, you may receive an error when cloning.

MFT Error 6 etc.

The clone will fail, and Macrium will ask that you run chkdsk C -r

This may not work, it is best to run a chkdsk on reboot

Click start button and type ‘cmd’, right-click the ‘command prompt’ option and select ‘run as administrator’

In the command prompt type ‘ chkdsk /x /f /r ‘ and press Enter.
It will ask whether you want to run chkdsk on reboot, type ‘ Y ’ and press Enter.

Reboot and allow the computer to run a chkdsk.

After the chkdsk is completed, attempt your clone again.
Cloning With MacriumDownload