My computer was compromised through team viewer this weekend

The company I used to work for in SA only used Bomgar (one of the only ones backed by MasterCard) to connect to clients' systems for remote support. It uses a separately generated token for each session. When connected, we'd often find Team Viewer had been installed, and would remove it instantly.
 
OP got off lightly. I got taken for 46k about a month ago. Also Team viewer / PayPal. Was a sickening feeling waking up to a bunch of transactions in my inbox.

wow! I am indeed lucky

If you don't mind me asking, how did you deal with this with PayPal? Did you get your money back at all?
My bank refunded me but i don't think PayPal is going to be impressed.
 
wow! I am indeed lucky

If you don't mind me asking, how did you deal with this with PayPal? Did you get your money back at all?
My bank refunded me but i don't think PayPal is going to be impressed.
Ye, they refunded every cent over a 6 day period. Probably as they investigated each transaction.
I subsequently delinked my accounts, and got a CC with a low limit for PayPal.
 
Just a bit of a warning. Over the weekend someone logged onto my computer while i was sleeping through team viewer and made fraudulent purchases with my credit card through paypal

They bought bonds on the online game Runescape for $60 - I imagine they were coming back for more as i caught them when they tried to log on again to try and cheat me out of my money for a 2nd time

Some info

I have a few devices linked to my T-V account they seemed to check all of them
all them had additional passwords required to connect to the devices
This happened to another one of my online buddies, he caught them trying to buy stuff off ebay

I have reported this to paypal and they refuse to help me as they say the payment was done securely - I have re opened the dispute
I have contacted my bank and they will get back to me

I have tried to find out if Team Viewer has been compromised but they flat out refuse to acknowledge this
What worries me, if you follow a stream of reports from users this week that the exact same thing happened to them

Id like to find out if someone has had similar experience over the last week or so
What the chances of me getting my money back is

Good Morning,

May I have your TV logs? Then we can determine how they got access?

It doesn't resolve your problem, but the the others can have peace of mind using TV
 
Ok, ill send you the events from roughly when i was breached until i stopped them - Hopefully get some time tonight to do this

Thanks to the guys that posted the articles - cant believe TV is still denying possible vulnerability in their software - I mean even users with STRONG passwords AND 2step verification being breached, something is definitely up
 
Good Morning,

May I have your TV logs? Then we can determine how they got access?

It doesn't resolve your problem, but the the others can have peace of mind using TV

I found this really funny.
"Hi please gimme your logs so I can breach you" is how I read it, sorry :)

Anyways,
Please don't mistake 2 Password authentication with 2 Factor authentication.
1 Factor = Something you know like Username/Password combo
2 Factor = Would then be something you posses, like a smart card, certificate, OTP, RSA-ID etc.
3 Factor = Something you are, which uses biometrics like eyescans, fingerprints or other.

http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

Not being a Know it all ;) just a lot of people (including myself until recently) make the mistake of thinking more passwords = multi factor authentication
 
I found this really funny.
"Hi please gimme your logs so I can breach you" is how I read it, sorry :)

Anyways,
Please don't mistake 2 Password authentication with 2 Factor authentication.
1 Factor = Something you know like Username/Password combo
2 Factor = Would then be something you posses, like a smart card, certificate, OTP, RSA-ID etc.
3 Factor = Something you are, which uses biometrics like eyescans, fingerprints or other.

http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

Not being a Know it all ;) just a lot of people (including myself until recently) make the mistake of thinking more passwords = multi factor authentication

Yeah - but in those articles people were definitely talking about 2-Factor (Using the TV App on a Smartphone generates the equivalent of RSA-ID (loosely speaking of course))

I've disabled TV on my primary machine in the meanwhile.
 
Last edited:
VPN + rdp :p

modified request - easy to use and setup :D

I need to be able to tell clueless family member/s to

1. go to Google,
2. type in "name of app" [while I do the same on my side]
3. read the [insert link number I identify on my screen] link to me
4. click on that link
5. when d/l complete, click on that down arrow next to the house icon in firefox [top right hand side of your screen]
6. read first item in that list - yes, click on that one
7. read the dialogs to me - yes, click ok, ok, ok, ok
8. Righto - we're almost there - now read me that number on your screen
9. You'll see a box asking you to allow me access - yes, click on that

Microsoft "ask for Remote Help" used to work quite well in this regard but I don't know if it's

a. Still available and
b. Works across Windows Versions
 
Can TV not just be run on demand, rather than left listening?
 
modified request - easy to use and setup :D

I need to be able to tell clueless family member/s to

1. go to Google,
2. type in "name of app" [while I do the same on my side]
3. read the [insert link number I identify on my screen] link to me
4. click on that link
5. when d/l complete, click on that down arrow next to the house icon in firefox [top right hand side of your screen]
6. read first item in that list - yes, click on that one
7. read the dialogs to me - yes, click ok, ok, ok, ok
8. Righto - we're almost there - now read me that number on your screen
9. You'll see a box asking you to allow me access - yes, click on that

Microsoft "ask for Remote Help" used to work quite well in this regard but I don't know if it's

a. Still available and
b. Works across Windows Versions
With a VPN you will tell them:
1) Open Internet Explorer and type in 196.11.55.XXX or whatever the URL of the VPN server is and he'll be greeted with this screen (oops, he'll have to type in the password - which you will give him - first before being greeted by this screen):
AT.JPG

2) Once he clicks, the client will download and install. He has to do nothing more!
3) You connect to the server as well - you're now on the same subnet
4) You connect via RDP to his PC
5) ???
6) Profit

:)

edit: forgot password to log into VPN Access Server!
 
Last edited:
Can TV not just be run on demand, rather than left listening?

Yes it can. Less convenient but that works.

How would you connect to remote pc then?

Pick up phone, dial family members number
"Hi, click on the at Blue and White Icon on your desktop warble warble indistinct voice - yes, that one"

:D

With a VPN you will tell them:
1) Open Internet Explorer and type in 196.11.55.XXX or whatever the URL of the VPN server is and he'll be greeted with this screen (oops, he'll have to type in the password - which you will give him - first before being greeted by this screen):
View attachment 366150

2) Once he clicks, the client will download and install. He has to do nothing more!
3) You connect to the server as well - you're now on the same subnet
4) You connect via RDP to his PC
5) ???
6) Profit

:)

edit: forgot password to log into VPN Access Server!

Thanks :D
 
/Pulls out hair in frustration as sister goes to her lounge, switches on her TV and says to me in a puzzled voice "but how is switching on the TV going to help you fix my computer??"

"Click on My Computer"
"How the hell am I supposed to reach your computer?"

"No, no, My Computer on your desktop"
"your computer is on your desk, not mine..?"
 
/espies old ZANetter...?

Lies, Rumors and vicious speculation ;)

@AfricanTech, there's a tradeoff between easy to use, easy to setup and security. Essentially you are handing the keys to your house to your local neighbourhood security firm. While it is in their best interest to keep you safe, it cannot be assured because they are not as invested in your security as you are.

Personally, I'm getting a small dual nic NUC/Mini-itx/micro serverto run pfsense on, for which there is oodles of supporting documentation and how to guides. With Dynamic DNS registration, creating a VPN into your home is as easy as pie.
Heck, you can even generate certificates on the firewall with which to authenticate your device(s) for VPN access. (Just use 2048bit or larger)

This is the best halfway for me, as it is easy to setup but I am also personally invested in keeping it and myself safe.

*Edit*
You don't even need VNC or any other product then. Just simple old Windows Remote Desktop will do.
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X