Fresh hell for TalkTalk customers: TeamView trap unleashed TalkTalk customers are getting caught up in the TeamViewer remote-control PC seizure storm. Customers of the ISP with TeamViewer accounts say they are being hit by opportunists trying to seize control of their PCs. Faced with this fresh assault on their long-suffering customers’ privacy, TalkTalk’s board will discuss the …
No evidence to suggest whether its TeamViewer or Talk Talk whether the ultimate fault lies. (Or possibly both).
Its entirely possible that the spike is just due to the number of Talk Talk consumers who have needed remote support, making them a stastically significant part of the TeamViewer attack.
Its also possible its due to an existing or new leakage from Talk Talk or a union with thier dataset and what ever is the source of the TeamViewer dataset.
Glad I un-installed TeamViewer a few months back due to its persistent nagging behaviour.
In fairness to TalkTalk (that stuck in the back of my throat a bit) - I've had 6 phone call attempts to "assist me with issues using TeamViewer" and 11 email attempts asking to add such and such a person on TeamViewer - I've never been a TalkTalk customer and the emails have come through Hotmail.
So I don't think it's just confined to them.
The emails generally go like this:
Hello,
UORetribution would like to add you as a contact in his/her TeamViewer contacts list.
To accept UORetribution as a contact please click the following link.
<URL removed just in case someone is that daft...>
"In fairness to TalkTalk (that stuck in the back of my throat a bit) - I've had 6 phone call attempts to "assist me with issues using TeamViewer" and 11 email attempts asking to add such and such a person on TeamViewer - I've never been a TalkTalk customer and the emails have come through Hotmail.
So I don't think it's just confined to them."
Well, in fairness to your poor suffering throat, the TeamViewer problem that's been in the news recently doesn't start with phishing emails that try (from the sounds of what you describe) to get you using it or whatever. That problem is people that already have TeamViewer installed, and someone manages to access it remotely - no phishing necessary.
So I think you're commenting on a different (if slightly related) issue.
"No evidence to suggest whether its TeamViewer or Talk Talk whether the ultimate fault lies. (Or possibly both)."
Or possibly neither. Just because a bunch of idiots manage to generate some self-reinforcing hysteria about something on the internet doesn't necessarily mean it's real. Here we have scammers phoning up pretending to be TalkTalk technical support, and you have some TalkTalk customers falling for it. There's no particular reason to think it goes further than that, particularly since TalkTalk customers aren't the brightest (otherwise they wouldn't be TalkTalk customers).
The whole TalkTalk + Teamviewer thing has been running for about a year now. We've been getting up to half a dozen calls a day from scammers using our old TalkTalk account details and suggesting they could help solve our technical problems - we only have to browse to "Teamviewer"...etc.
I've voted with my feet and left this dodo. The clowns include your full acount no. in their e-mailed bill notification to show its come from them despite the fact that the scammers have got it and quote it as proof that is TalkTalk making a phone call to you. The final straw was the daly calls from BT? , my ISP? etc. trying to get me to install TeamViewer. The blighters have obviously got your age/dob from the last of the 3 data losses by TalkTalk and work on the old and purportedly vunerable aged punters Their enthusiasum didoed somewhat when I told them I was using a laptop with BeOS and Net Positive installed on the laptop by my son. TeamViewer works in Mac, Windows and Linux enviroments but not BeOS. The guy went into orbit when I told him, operating system:BeOS., internet browser :NetPositve. TT are still having probs with their website today, infact its been funny for the last few days. Thank heavens I'm leaving these dodos behind!
I thought TeamViewer generated a new password each time, even if TalkTalk had saved the ID number (that doesn't change). Certainly that's how it's worked when I've used it, even when you have to reboot it (unless you use a particular setting) it restarts with a new password.
I'm pretty sure it is from a data leak on TalkTalk though. As my Mum got a call on her mobile, from people who knew her address and that she was with TalkTalk. In their case it was to fix her YouView box, which really was playing up at the time. There was a story that their call-out engineer database had also been breached.
Caller had a strong Indian accent, but then TalkTalk themselves use call centres out there - and many of their own staff don't have the finest english skills. This person manage to persuade her to download TeamViewer, but only in order to take her to the Western Union website to do a money transfer. I spent a while checking the PC, and that seemed to be all they did when in control of it, and she turned it off and called me when that came up, because nobody legitimate uses Western Union transfers and TalkTalk obviously already have her bank account details.
She's since been getting several calls a day to her mobile - so she used TalkTalk's withheld number blocking service. Which promptly blocked all the NHS calls to sort out her sister's cancer treatment, because the NHS annoyingly blocks caller ID. So the fuckers have done real harm - although I'd say that's equally the fault of the NHS (for that policy) and TalkTalk for not warning of the obvious consequence of their blocking. Also for not even allowing withheld numbers to go to voicemail - given that scammers and spammers rarely leave messages. What a fucking mess!
I'm a dutiful son. I did warn her not to use TalkTalk. But it was a couple of quid cheaper. I have quietly suggested she move away, but I think that was interpreted as an "I told you so", even though I was very careful to not even imply that I had.
Oh and I think TalkTalk must have got hold of some old 386 processors for their YouView boxes. The software's not actually that bad, but the fucking thing takes 60 seconds to boot, and sometimes 15 seconds just to load the EPG. Utterly crap company.
A teamviewer session ID only last for maybe 4 days at the most, certainly it won't be the same ID unless they have a full / host installed in which case they may have already been compromised.
I had my account lifted despite unique account details, but where it went pear shaped was some (not all) of my hosts had the password saved under my account. Once in my account, they went into the 'password saved' hosts and changed the TV passwords. Fortunatly all but 3 hosts are on domains so they couldn't get further, but the 3 were computers used to run 'information screen's. Looking through the logs they have been trying to regain access, but i'm now whitelisted and passwords cranked up to 10 as it looks like they are brut forcing the known ID.
Reason the passwords were saved are down to the way TV adds new host IDs to your account, so I will remember to remove the password after settings them up.
"
A teamviewer session ID only last for maybe 4 days at the most, certainly it won't be the same ID unless they have a full / host installed in which case they may have already been compromised.
"
Huh? I have the freebie TeamViewer and it still has same partner ID that it was issued with when I installed it 18 months ago.
"According to Valentino, very few people know her new number, although it is known to TalkTalk. It would appear that the scammers are catching up to her based on the fact she has a TeamViewer account."
Sounds to me like the scammers were routing through a TALKTALK leaked information list and Teamviewer was merely the remote support tool of choice. I know Teamviewer have had a hard time recently, but the fact these guys were cold calling armed with information I would be inclined to believe TT are at fault and not Teamviewer. The story is lacking details such as whether the PC was attached to someones Teamviewer account and there are some strange points, namely where Valentino says she refused to give them access to her computer but they 'did it anyway'.
"I've played along with a scammer, trying to do everything he asked me to do. I didn't tell him I was using a Linux box, with no internet access, it took about an hour before he finally twigged that he was being taken for a ride."
The one time I tried that it didn't work very well. I was at my parents place when I answered the phone, and when I started acting a bit dim the guy spoke to me by name: But not my name, my youngest brothers' name, which caught me off guard and ruined the whole thing.
And it's only now that I've put two and two together: My brother was a TalkTalk customer at one point.
(He often gives my parents' number as a contact number due to his mental health issues).
I wish I could remember exactly how long ago it was so I could correlate it to the TalkTalk HackHack - but the truth is while I'm thinking earlier this year, it may be that the timing of events in the news may be affecting my recollection.
"I've played along with a scammer, trying to do everything he asked me to do."
I've done this, except I was doing it with a virtual Win98SE box running in my memory, not on an actual computer. I was also being overly obtuse and obstructive in a combination of the worst users I have been subjected to whilst doing support.
He made slow progress through getting me to upgrade from IE4 to a later web browser (at arbitarily assigned dial up speeds) He gave up when after he'd got a version of the remote access software that would work on 98SE, uninstalled the AV, configured the fictional firewall it then caused a fatal exception of OE.
The poor bloke hung up at this point. My record is just shy of 45 minutes with having the first tech screaming and shouting and me and getting a transfer to his "manager".
Was a client of mine, about four years ago now, she was completely gullible fell for it all hook line and sinker. Had them going for 4 hours.
She is a sweet old dear, 36K dialup is all the nonsense broadband she ever wants, and refuses to upgrade. Could they talk her through a net install of teamviewer.... Not a chance! XD
"Valentino said she said “no” to his use of TeamViewer, but said that he took over control of her PC regardless."
Translation: "Valentino gave him the TeamViewer ID and password, and he took over control of her PC. Upon realising how gullible she had been, she said "Oh no! Can I blame this on somebody else? TalkTalk? Hackers? Dog ate my homework?"
I don't know how Talk Talk has conducted their Teamviewer connections in the past, but here's an example how the intruder might have gained access.
Normally, upon installation Teamviewer creates a unique ID and a 4 digit password that changes every time the TV application is restarted. (The ID can't be easily changed by the end user since it is generated from a MAC address)
If Talk Talk has a) customized the Teamviewer application to never randomize the password and b) enabled the host module to start at boot, and c) Talk Talk customer support has written down the ID and the password in the breached customer records then it is trivial for the hackers to invade computers without any user action.
The above is dependent on several conditions but I've seen worse decisions when managers are contemplating between ease of use and security. Is it possible that someone at TT has made those decisions? Yes.
additonal peices of information like the teamviewer id and password?
yes. exactly, so its just people being gullible.
someone random phones you up and you give them all your bank account details, passwords, date of birth and mothers maiden name. same thing.
this hasnt got anything to do with teamviewer. you may as well blame the telephone system for enabling the "hackers" to be able to phone them up or the internet for letting them be able to access their machines.
the claim in the article that the "hackers" remote controlled their pc without them telling them anything is bullshit
I don't normally appreciate customer blaming. However TalkTalk customers are probably fair game for blaming now. They have had their personal data compromised and the CEO subsequently demonstrated an astonishing level of complacency, ignorance of basic security and even ignorance of the Data Protection Act. Yet at the last count many of the customers affected have stayed with TalkTalk. What sort of a hint do they need to drop TalkTalk and go elsewhere?
And how many of them did want to leave but the TalkTalk shyster they spoke to told them it would be £200/£500/think of a number to break their contract mid term and just didn't have the energy/knowledge/gumption to tell LieLie to do one. Even if they did push on with leaving they would have risked ShitShit wrecking their credit history in revenge.
To put it another way: I agree with you but only in respect of people who've joined or renewed their contract with ShitShit since the most recent and high profile data breach (or they didn't leave as soon as their existing contract commitment ended after that breach).
I especially agree with you in respect of those who said "It didn't happen to me and they're cheap so it's a lot of fuss over nothing."
I've had a broadband company put an account default notice on me, after I forced them to close the contract.
I was able to make them cancel the debt collection and remove the note from my credit history as well - their excuse was that one part of the company did not get the update.
But yes, it is a bit of a hassle.
Unfortunately for people on a low income TalkTalk are good value for money.
My elderly parents are with TalkTalk and after last year's bad news stories they looked for an alternate supplier of phone/broadband. They mainly need international and domestic calls and a bit of web browsing. They didn't find one that offered what they currently get for the money they pay.
Would paying more to a different company protect them from the data breaches that affected TalkTalk? It's nice to think it would but I doubt it.
TalkTalk are not good value for money. They're cheap. There's a huge difference. I've not looked into it for a while, so don't know how much more you'd have to pay to get something better - and obviously if they're the cheapest, and money is tight, then you may be stuck with them.
But as well as costing less, they're also much less reliable. Certainly given the number of times I've had to go over to Mum's house and sort things out, and she's had engineers out 3 times in the last year or so - including a new router and YouView box. Their routers seem to be worse than the usual ISP crap, and their YouView box seems to have a 386 processor. Or possibly an abacus...
I've read the reports on Teamviewer being hacked and then this today about TalkTalk
I reckon it's coincidense, the phone scammers always try and use TV in my experiance
It has to be related to a phone scam, in some way or how are the 'hackers' getting IDs & PWs?
I use TV in relation to work and have over 400 customers, none have reported anything odd
Sounds more like TalkTalk customers are recieving phone calls from scammers and with a bit of luck already have TV installed.
In the final paragraph of the article, TalkTalk state that team viewer is installed on its customers PCs
" the spokesperson said, adding the firm is aware that TeamViewer is installed on the PCs of its customers."
Is the TV Database stored on a central server at TalkTalk and that equipment has been compromised?
I don't use this feature, but it would be useful if I needed unattended access, I suppose
Maybe that's the way it's been done!
talk talk definately DO NOT install tv on EVERY customers machine by default. this is bullshit.
they might use it for remote support if customer has a problem, so some of them might have it installed, im pretty sure they would use one time remote support though, rather than the hosted module or the full version.
this article makes no sense at all.
Left these guys when they got broken into last time. It was well past the end of my contract, so should have been easy matter to cancel. The call center operator spoke really poor English - not quite enough to do his job. He tried to convince me to stay, even though I had told him I defiantly wanted to leave. After a while on the phone, he told me everything had been candled and I would only pay one more months bill. Then they kept billing me for three months despite phone calls and complaints. It was only when I threatened to report them to offcom that they actually stopped taking money. I would never go anywhere near these people again - real pain in the back side.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
