Matthew Gamble's Blog » Other Updates

Phishing by Phone

mgamble — Wed, 13 Oct 2010 21:05:38 +0000

Today I had the most interesting experience – someone attempted to “hack” my PC by phone. Around 3PM I got a call from “9-1227″ who claimed they were from my “PC Support Department” who informed me that my PC was running slow due to “corrupt files” and that they could help me diagnose and fix the problem. The caller got me to open “Event Viewer” (I had to lie about where I was clicking since he assumed I was using XP) and then informed me that every “error” and “warning” inside there was a record of a corrupt file and that my PC was dying.

This is where the fun started as he thought he had an idiot user on the phone and told me he would connect me to his senior tech who would help me solve the problem. At this point I started capturing the RTP from my phone. Here’s the audio from that call transcoded from G729 to MP3. If you listen to the call, you will hear how I play dumb for the entire time while he attempts to get me to go to “logmein123.com” and enter a code to let the repair person “fix” my PC. I let them connect to an XP VM I had lying around for a few minutes and they started to download some spyware application, so I killed the VM when the download was about 50% complete. They then called me back several times to try to get me to reconnect, but I explained that I was having internet issues and kept getting “Page Cannot be Displayed” to waste more of their time. In the end, I think they spent close to an hour trying to get me to let them on my PC.

What amazes me is that the value of hijacking a single PC is worth an hour of some random hackers time – I’ve never heard of this type of scam before and I’m sure that if I was an average PC user who wasn’t technically savvy I might believe that someone from the “support department” of the “PC company” was calling to help speed up my PC. So if you have any non-technical users in your life alert them to this new trend before they let some random person access their PC.

PS – logmein.com – you need an abuse department.

Post your voice to twitter using CallTweet.com

mgamble — Thu, 07 May 2009 23:44:29 +0000

Over the past little while, I’ve been working on a new service that lets you use any phone to post audio updates to your twitter account. The service is called CallTweet^betaand it is now open to the public.

While many people enjoy using Twitter and other social media sites from “smartphones” not everyone has one and some find them too complicated to use. CallTweet lets you stay connected and “twittering” from any telephone, regardless of where you are. And since the service is powered by your voice, you can post messages longer than 140 characters.

It was really fun to build the site as I got to use the new Twitter OAuth API and continue to explore new and interesting ways to integrate the traditional PSTN into the web 2.0 world.

I hope you enjoy using it as much as we enjoyed building it.

Voice Over IP Peering Project

mgamble — Thu, 19 Feb 2009 22:33:22 +0000

As some of you may know, I’ve been working with a group of ITSPs in Toronto on a VoIP peering project. The project finally has a website (http://www.voippeering.ca), a wiki, and a mailing list setup for discussion.

Last night the group held the first meeting and the turnout was pretty good. While most people agreed on the techncial aspects of peering, there were many heated exchanges surounding the political issues an exchange would raise. I hope that over time we can work out a system that will actually let this dream become a reality. The idea of being able to do video, audio, and other multimedia calls across carriers is very exciting to me.