Questions Linger After ISP Blocks TeamViewer Over Fraud Fears (sophos.com) 87
Last Wednesday, for no apparent reason, the TeamViewer remote desktop application stopped working on the network of one of the UK's largest ISPs, TalkTalk. The apparent reason, as the investigation has found, are some scammers in India who have been abusing the application to make money. An anonymous reader shares a report: It's a popular application with remote support professionals and power users alike and so support forums soon filled with complaints from perplexed users who noticed that access was possible with 4G and some TalkTalk business connections but not home broadband. By Thursday, journalists dragged the truth out of the company that it had "blocked a number of applications including TeamViewer," which led to a joint statement confirming this on TeamViewer's website: TeamViewer and TalkTalk are in extensive talks to find a comprehensive joint solution to better address this scamming issue. We now know (as some suspected at the time) that the block was connected to abuse of TeamViewer by criminals based in India who had been using it as part of a tech support scam targeting TalkTalk customers. The BBC reported on this two days before the block, including the disturbing claim that the criminals had been able to quote stolen customer account data to make scam calls sound more convincing.
partial solution (Score:4, Interesting)
blacklist teamviewer connections from india?
Yes they can still use proxies, but anything to make their life more difficult... Like this:
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
yeah, and a lot of those fraudsters have already switched to other RA clients, just worked on a machine hit w/ one this weekend. (ughh, but hey, at least it wasn't ransomeware...)
Re: partial solution (Score:5, Insightful)
If TeamViewer is not going to deal with the scamming problem, take it to the next level and sever the connection.
faceplam.
The only reason they are using Teamviewer is that it works pretty good. The scammers could switch tomorrow to another remote support tool. Or a VNC based tool with a preconfigured reverse connection; hosted from anywhere, connecting to anywhere... they could even keep calling it teamviewer... they're scammers so honesty isn't a pre-req.
Teamviewer is not a 'hacking tool' and it is not a 'scamming tool' any more than a 'telephone' is a scamming tool. Or the TalkTalk ISP itself is. Blocking teamviewer because people are using it as part of the scam would be almost as idiotic as blocking these customers from reaching their banks. "Well if their bank isn't going to deal with the scamming problem, we'll just stop letting people connect to their banks online.. "
Better still TalkTalk should cut off the customers TalkTalk internet access -- that's where the real problem is anyway. Since TalkTalk apparently lost a bunch of customer data / records allowing the scammers to sound a lot more convincingly like they are calling from talktalk. Whoops.
I'm curious what you think Teamviewer should do about the problem. Or Microsoft. Or apple (because they aren't immune from a scam like this...) or even your grandma you stuck on linux mint or is the fact that your grandma can get scammed by someone pretending to work for TalkTalk while running linux mint somehow Torvalds fault?
Teamviewer (and VNC) run on all three platforms, and as long as the scammer doesn't say he's calling from "Windows" but instead is calling from their (Actual) ISP TalkTalk...
Not all equal (Score:2)
Blocking teamviewer as a policy at a business that is a user of a carriers service is a very good idea since it's not just the scammers you have to worry about. A carrier doing the blocking is not such a good idea since many of the
Re: (Score:2)
TeamViewer works well. If it's not running, then no security holes. Anyone who leaves it on all the time needs to learn to be more paranoid. It's easy to set up too even for someone without much technical expertise. I use it to fix problems on my mother's computer. VNC on the other hand I can't figure out, and all I wanted was to connect a linux box to my OSX laptop.
It's always running though isn't it? (Score:2)
Part of the problem with Teamviewer is that after being installed it usually runs after every startup so those security holes are always open to anything that can get as far as your PC. I keep on finding it running on machines where the user has not used Teamviewer for well over a year.
You probably had some problem such as firewall software in the way which made such an otherwise utterly trivial task difficult. It doesn't d
Re: (Score:2)
"Part of the problem with Teamviewer is that after being installed it usually runs after every startup so those security holes are always open to anything that can get as far as your PC."
Nope. That's only if you install the full teamviewer app; most people doing legitimate remote support with it with clients etc have the client run TeamViewerQS ("QS = QuickSupport); this (unlike the full teamviewer) only runs when it is explicitly run, only accepts incoming control sessions (intead of outgoing and meetings
Re: (Score:3)
blacklist teamviewer connections from india?
That would totally work -- except so many companies are outsourcing their legitimate support to India as well.
Re: (Score:2)
blacklist teamviewer connections from india?
That would totally work -- except so many companies are outsourcing their legitimate support to India as well.
Not seeing a problem here,TBH.
Re: (Score:1)
Re: (Score:1)
blacklist teamviewer connections from india?
blacklist India, period.
Back when I looked after a fairly large network, and after a month of fruitlessly sending f.tons of emails to abuse@addresses, I basically decided one morning, fsck it, blocked all known Indian net ranges (and Chinese, Pakistani and Indonesian ones as well into the bargain), then worked on letting individual IP numbers through on a case-by-base basis. It was amazing how very few (7, ISTR) were finally allowed.
I'm out of the IT game as a profession nowadays, but guess which country's
Lessons to learn (Score:5, Insightful)
It seems almost commonplace for websites or services to get blocked at an ISP level in the UK, and that fact alone seems more frightening than any increase in price that Comcast could throw at me.
Re: Lessons to learn (Score:5, Insightful)
It's really easy to change ISP in the U.K. You're not trapped like you are in the US.
Re: (Score:2)
Its got its own wikipedia article [wikipedia.org]
Re: Lessons to learn (Score:5, Interesting)
Talk yes. They do a lot of that but they're a bit busy right now with another minor issue so if you want an ISP that doesn't block your access to TeamViewer you have a choice of dozens. TalkTalk are a terrible ISP in any case and anyone who is using TeamViewer for anything should have more sense than to go anywhere near them.
Re: Lessons to learn (Score:2)
No idea. The impression I get here is that there are only two ISPs to choose from in many areas, hence the many complaints. If that's not the case then ignore my comment.
Re: Lessons to learn (Score:4, Interesting)
What happens is that in some very high population density areas the local governments have given Cable and DSL operators such strong unchallengeable monopolies that they never upgrade their services. Essentially those areas are stuck with bandwidths that were only average as much as a two decade ago. 1mbit DSL's and 3mbit DOCSIS's.
The complaints you see here are from people that dont even know which local government seat is responsible for granting the monopolies. They will cry for some national solution to their local problem instead taking even a moment to figure out which local politician needs to be voted out. A week or so ago I took a few such moments to post who the local politicians were in Seattle, a city that is almost 3000 miles away from me. It seems I care more than the complainers.
Re: (Score:2)
They will cry for some national solution to their local problem instead taking even a moment to figure out which local politician needs to be voted out.
You are looking at this the wrong way. No point voting someone out only to get another politician voting the same way. You need to work out who to vote in, not out. Then, of course, that individual has to do what they said they would when the were trying to get elected, be influential enough to sway the vote on a bill to change the status quo, and not hold unacceptable positions on other issues. I venture this might be a hard problem to solve with certainty.
Re: (Score:3)
In the US it really depends on the area.
My home town has one service provider, the city I live in now has two.
Re: Lessons to learn (Score:4, Insightful)
For instance, I live in the center of Atlanta, GA. We don't have the best selection down here (although, my apartment community is scheduled to get Google Fiber in the next couple months, so...), but there certainly is a "selection". It may be 2-3 choices, and none of them may be great, but there are signs that people are waking up to the need for more pressure on their local legislators to overturn laws and rules that forbid competition.
This is a slight tangent, but a huge amount of the "need" for NetNeutrality wouldn't exist if ISPs could actually be competed with. Startups and municipalities are, more often than not, hamstrung out of the gate by state legislature that all but outright forbids competition against large Telcos from a smaller, more local source. Instead of adding more laws to the books, I am more in favor of getting those anti-compete laws out of here, and allowing for enterprising city councilmen and business owners to create solutions that fit the needs of their communities.
Anyway, bringing this back on point: Yes, we do generally have a harder time "switching", as it were, but it isn't quite as bleak as some foreigners make it out to be sometimes.
Re: Limited choice (Score:1)
Re: (Score:1)
You know, that's a really, really, really stupid idea? That's how you end up with cable-tv. If you let the various providers block whatever they want at their discretion, you'll inevitably find yourself in the situation where you can't use ISP #1 because they block X, and you can't use ISP #2 because they block Y, and ISP #3 because they are blocking Z, so you either can't do what you want, or have to have three god damned subscriptions.
This whole "if they are not providing what you want, switch" bullshit h
Re: (Score:3)
With Net Neutrality gone under Trump there is nothing to stop US ISPs from unilaterally blocking whatever they dont like (remember when Comcast got busted for their attempts to mess with BitTorrent traffic?)
Re: (Score:2)
There is plenty. Example, I pay to utilize a program. If my ISP blocks access to that program, they're performing tortious interference of contract between me and the other company, and I can sue the hell out of them for it.
Re: (Score:2)
At which point the ISP brings up the contract you signed which says they can block any packets they feel like blocking, and you lose your lawsuit.
Re: (Score:2)
Uh, yea, unless you've been paying attention, most ISPs are not offering contract-based plans. Charter/Spectrum? Hah, they don't carry enough paperwork to hide the legalese. In fact they're advertising over the radios right now "No contract." So, yea, your whole idea's pretty fucked.
Re: (Score:2)
Uh, yea, unless you've been paying attention, most ISPs are not offering contract-based plans.
You confuse a ___-year commitment contract with contract in general.
I guarantee you signed a contract with your ISP, even if it does not include a length of service commitment on your part. In that contract, you agreed to pay them $X for internet service. If there was no contract, they could not send you a bill.
In that contract is a clause saying they get to block whatever they feel like blocking.
Re: (Score:2)
The ONLY paperwork I signed was specifically for the modem and service and billing. Nothing on that paperwork included any legalese. Not a single bit of fine print. I still hold the copy of the service receipt.
So if they block or throttle, it's their ass in court. Nothing of that sort is listed as a term and condition on any piece of paper I signed.
Block everything (Score:5, Funny)
The internet is always used by internet scammers. If you completely block the internet, it will eliminate all those scams!
Re: (Score:2)
Re: Preventing stupidity (Score:5, Funny)
The words of an expert in the field.
So, (Score:1)
Re: (Score:1)
The autism-hating, custom EpiPen-hating, Musk-hating Slashdot troll!
Sounds great...but misguided (Score:1, Interesting)
My neighbor keeps being taken advantage of by scammers in India and Eastern Europe. TeamViewer seems to be the tool of choice. I finally talked her into putting Linux on there (she doesn't really know what that means) and blackholed all DNS requests for every website I could find that is even remotely related to remote access. Many won't work on Linux but I'd rather not find out. Firefox is set to block add-ons. Life is much better now and she has no problem with her shiny new Linux system.
I wish there
Re: (Score:2)
It would be pretty interesting hearing the conversations that she has with potential scammers, and them guiding her to install executables and going through the system menus.
block facebook? (Score:4, Insightful)
Facebook is probably used for more fraud than TeamViewer.
Re: Help? (Score:3)
Ooh you're gonna get eaten alive Mr Troll
Re: (Score:2)
I think you can run it in Wine.
Re: (Score:2)
It's almost always the free version also, I'm sure if the only version available was a paid version or limited in the number of clients it could connect to it would reduce the number of scamers using team viewer.
You need to get a clue. (Score:5, Insightful)
FFS you moron.
'These scams are extensive, they all use phone calls, both cellular and land line, Blocking peoples access to the phone system is the only way to get the phone companies to sit the fuck up and listen and do something about it'
'These scams are extensive, they all target Windows users, Making the home use of Windows illegal is the only way to get Microsoft to sit the fuck up and listen and do something about it'
Probably over your head, but getting the idea?
Teamviewer is NOT the problem here - the problem appears to be that the ISP has had account data stolen, that is then being used to scam their members - and they are reacting by blaming one of the tools being used, almost certainly to cloud their own responsibility.
Yes, these scams are common and ugly. The ISP however could EASILY be blocking IP ranges of teamviewer, not just all access - ESPECIALLY as in this case it appears the scammers have data the ISP has lost.....
Re: (Score:2)
I agree with your point. Here is where we diverge:
'These scams are extensive, they all target Windows users, Making the home use of Windows illegal is the only way to get Microsoft to sit the fuck up and listen and do something about it'
You used that as an example of a bad idea, but I kind of like it. ;)
The real reason (Score:2, Insightful)
I just had one of these calls today (Score:5, Funny)
I answered in a very simple-minded voice, and told "Paul," after he explained that they're tracking all sorts of malicious traffic coming from my computer that I liked it that way. When he tried to confirm that statement, I told him I liked to share. By that point I was far enough off of his script that he gave up and hung up the phone.
I think next time I'm going to sound all cagey and worried that people were finding out about the kinds of malicious scripts I've been writing.
Criminals hacked master key? (Score:1)
This is time number#2 that folks reported random logins into PCs running TeamViewer. Reddit has more details as not phone scammers but another round 2 of PCs getting logged into with malware being loaded and logged off!
A flame war with asshats system administrators denying it because there is no proof in a company statement. But to me evidence says otherwise if reports keep coming back. I have stopped using it and recommend others to stay away. Crappy and odd it's only TeamViewer that has that issue
Re: (Score:2)
It's not only teamviewer. They used to use logmein too, until they stopped free accounts. There's another tool that starts w/ an S (splashtop?) idk but my mother in law just got hit w/ that one... Payed 250 to hand over the keys to her machine and then turn off her AV and firewalls have them download the free version of Norton from Comcast which interestingly didn't detect their malware, and installed malware to keep it from being turned on for anything but on demand scans. Luckily MWB found it. I'm in
i get it but (Score:2)
A joke too soon (Score:2)
Driven By Corporate Greed (Score:4, Insightful)
The fundamental issue here is that the ISP in question chose to outsource a portion of its Customer Service function to a deprived area of India - an area where they could hire trained staff to work for a fraction of UK wages [about 20-25%] and thereby increase their profits by a corresponding amount. There are zero benefits to the customer from having a call centre in India - the only ones who get to benefit are the Directors, Senior Management and shareholders of the company in question.
Up until March 2016 I received 2-3 such scam calls per week. Then one day one of the callers made a mistake and quoted a company-internal reference number from my telephone [landline] service provider. The quoted data was unique to me, only printed on my paper statement and unrelated to any other details about me. Armed with this [and a couple of related facts I managed to tease out of the caller] I got in touch with my telco's Fraud Prevention department and had a long discussion with one of their investigators. I asked that the person concerned cross-check their call database records from their call centre to see how many times my UK number was called, and on what occasions, and from which of their operators. I had enough information to persuade them that the attempted fraud calls were originating on their equipment - and suggested to the person that my telco's own call centre infrastructure was being used by a criminal group to perpetrate fraud against UK customers.
At first I received bluster and pushback, at which point I suggested that in the event my telco did not take the matter seriously, I would complain to my Member of Parliament, the UK telecoms Regulator and the press.
March 2016. Have not received a SINGLE fraudulent call since.
The issue isn't TeamViewer. The issue is that TalkTalk have put their profits before safe business practices. Clearly they don't protect their client data, they don't screen their employees effectively and - if they are anything like my Telco - they don't even know when their own call centres are being used to perpetrate boiler-room fraud.
I just wish that I could find someone in UK law enforcement willing to take this sort of thing seriously and start to see the large corporations prosecuted when their negligence endangers the safety of their clients. Unfortunately, until there are some serious fines handed down, or preferably until a couple of directors are jailed for breach of duty, negligence or malfeasance, this isn't going to change.