Solved need help understanding computer hijack

[Stimson]

A friend had his computer hijacked. If it happened the way he says I don't understand it at all, and the implications are very scary. Can anyone explain this?

Here's what he says happened: The phone rang and my friend (I'll call him John) answered. The caller (I'll call Crook) told John that he (John) was owed a refund on some fictional recent computer repair he'd had done. John realized this was some sort of a scam, but instead of hanging up kept on talking to Crook. Crook seemed interested intwo things, 1) in making sure that John was near his computer, and, 2) in keeping John on the line by giving him long pieces of information that he says were necessary for John to claim his "refund."

After a few minutes, with no more interaction than talking over the phone, a message appeared on John's computer indicating that it had been hijacked. Crook then told John over the phone that the computer was frozen and that John would have to pay to regain access to his computer. John said "no," (words tothat effect) and hung up (finally!).

Some additional info: --At no time did John give Crook any information about his computer, nor did John enter into his computer any information given by Crook.--John's internet and phone provider is Comcast. --John's OS is Windows (not sure which version). --Anti-malware software may or may not have been up-to-date, not sure. --Interestingly, Crook had someone with him in the same room while talking to John (I'm not sure how John knew this).

Here's another wrinkle that may be significant or may be a total red herring: In trying to regain access to his computer John took it to a local repair shop he had used before. They were completely unsuccessful in cracking the locked system. John then sent the HD only to tech-savvy relative who mounted the disk and retrieved the files.

So, please... what actually happened here? Is it really this easy for someone to gain access to another's computer? And what is the best defense to such an attack?

Thanksfor any enlightenment!

 

[RolandJS]

During the phone conversation, did user John type anything into the computer, answer any sudden email, go to any web site suggested by crook, etc.?

 

[alphaniner]

The whole situation seems outlandish to me, and with the way you've laid it out, it 'feels' like a riddle.

But taken at face value, my guess would be that the system was already compromised and Crook wanted John on the line and near the computer in order to put John in an incredibly uncomfortable - dare I say, emasculating - position in hopes he would be more compliant to the ransom demand.

The computer shop's inability to do anything is unsurprising even considering the relative could. But I'd classify it as a red herring, because we don't know the competentcy of the shop techs, or even how the drive/system was "frozen". If serious encryption had been involved, we'd have to consider the possibility that the relative was complicit...

 

[Stimson]

it was a dark and stormy night

Well, I'm glad I'm not alone in being abit incredulous.

RolandJS: John swears that while on the phone he did not touch his computer; was only standing nearby.

alphaniner: Yes, I know... sorry. I am feeling a bit Sherlock Holmesy. All that you say makes sense (though I'm pretty sure John's son was not in league with Crook). The reason I mentioned the second person with Crook was that I was imagining that individual as the true hacker, somehow using the phone connection to access John's computer as Crook kept John hanging on the line.

The one factor I did not mention for fear of its being given too much weight initially, is that John is, admittedly, not terribly computer knowledgeable. So,unless someone has any other ideas I will leave the thread open for a while longer before concluding that John's computer was already compromised before the mysterious phone call.

Thanks much for the responses.

 

[Wandering one]

An off the wall thought. Since the phone a lot of people use today is linked to your home WIFI could not the phone call be holding an unsecured router link open to access the computer?
Art.

 

[Stimson]

Wandering one: That is sort of where my paranoia was taking me but I don't pretend to understand the finer points of routing or networking -- especially re. Comcast! I do understand that an ill-maintained home wifi is an easy target for hacking.

But, is it possible that wifi might not even come into play? In my friend's case, the phone line plugs directly into to his router (perhaps this is always the case for Comcast -- I don't know). Couldn't a hacker just run the same sort of automated probe over an open phone line that might be run through a wifi connection -- searching for unprotected router access, absent firewalls,unchanged default passwords, etc.?

If so, seems like that would also be possible even in a case where the phone is not connected directly to the router, but where the router and phone simply use the same copper wire?

In other words, I'm wondering if it might be possible for an open phone line to also be providing hacker access to any router on the same line (just as a wifi signal might); and, thereby, to devices on the network ? If so,seems like that could explain this instance. I hope it's not that simple.

 

[alphaniner]

I was briefly a cable guy for Cox Communications, and the phone box was the first thing from connected from the drop. I assumed the same was true for John when you said his phone service was through Comcast. Is it VOIP then? That could change things a bit.

If you're interested in getting input from people who are more likely to really know this kind of stuff, you should try the Stack Exchange community.

 

[ignatzatsonic]

Isn't phone service through an ISP provider VOIP by definition?

If the phone connection was not involved, I'd have to assume that the system was compromised before your friend ever answered the phone--assuming his recollection as to what he did after answering the phone is correct.

If I have your phone number, I can do a reverse lookup and get certain info easily. If I was slick at that and determined, I'm not sure how I might leverage that info (your name, your ISP, your IP address, street address, relatives, and I'm not sure what else) to hijack your PC.

You'd be surprised and/or appalled at what is online and available as public record, just by having a full name and approximate location. Why, I have right here before me a 2013 mug shot of an old girl friend. Got a few cheap yucks over that. She was convent-bound at one time, back in the prehistoric era.


I'm sure there are plenty of bad guys whose living depends on leveraging that kind of info. All it takes is criminal intent and those people would be perfectly willing to see what they can wring out of a random phone number. Your friend's number may have been randomly chosen and just may have been a lucrative target by accident---1 out of 10 for instance, the other 9 leading nowhere to the hijacker.

 

[alphaniner]

Based on my experience I wouldn't have thought so if the ISP is also (primarily?) a cable provider. But then I really don't know how those boxes worked. Could have been stripped down cable modems for all I know.

 

[Stimson]

alphaniner: Good suggestion re. Stack Exchange. And the thought about VOIP may be quite relevant-- turns out my friend does have xfinity VOIP; not only that but they had a hard time getting it configured and working properly (?) about two months ago. Wikipedia has a great article (as usual) on "Voice Over IP," and does a good comparison with traditional systems, so I'll leave that.

There's obviously no way to determine here exactly what happened with my friend -- the computer may well have already been infected. I was mainly curious whether an attack aided by a voice connection made any sense at all. I'm still not sure but I now have more points to consider, I'll mark the thread solved.

In the meantime (recalling an anecdote of alphaniner's from a different thread HERE) I think I will not be inclined to stay on the phone with hopeful scammers just to mess with them, but will hang up ASAP in case they ARE busy trying to hack my router.

Thanks all.