Blog    Tutorials    Old Articles    About Me

ALAN ZISMAN ON TECHNOLOGY

"The crime was done on my computer. But not by me!"      
 
By Alan Zisman
3 August 2014

Translated into Macedonian by Katerina Nestiv

The email I received late in June could have been the start to a detective novel:


"I am a Crown lawyer in New Westminster, BC.  I am conducting a prosecution against a woman suspected of committing an online credit card fraud scheme.  The transactions came back to her IP address.  She is claiming that someone logged into her computer remotely using LogMeIn and did the transactions in question.  Although I can find about a thousand youTube depictions of how LogMeIn operates from the perspective of the remote computer, I have searched fruitlessly for a description of what it would look like on her HOST computer if this was, in fact happening.  I am searching for local individuals who might be able to provide me with this expertise.
 
I was wondering if you might be willing to speak with me."

(For our US-readers - 'Crown counsel' (or Crown lawyer in the email) in Canada is the equivalent of District Attorney (DA) in the US - the lawyer acting for the government in a criminal case).

LogMeIn is a popular remote access service that until recently had both free and paid versions - now only paid subscriptions. It allows someone on a remote computer, either within a local network or across the Internet, to view another computers screen and control the mouse and keyboard on that remote computer, just as if the remote user was sitting right there.

My reply to the New Westminster crown counsel:

"Hi - in order for LogMeIn to be used to connect remotely to her computer a couple of things need to happen:

1) She - or someone with physical access to her computer - would need to install a piece of software downloaded from the LogMeIn website. That software would presumably still be installed on it and loading automatically at startup.

2) At the same time, an account would have to be set up with LogMeIn - initially there were free accounts but that's no longer the case. The account would include an email address and a password, the computer name, and an access code unique to that computer. Finally, a remote user - even if they had all that information - would also need to know a valid login name and password for the computer.

As well, if LogMeIn was installed and running without the owner's knowledge there would be a small icon running in the system 'tray' in the lower right corner of a Windows computer. It is possible that the computer owner wouldn't notice something new there, but it's one more thing to wonder about.

None of this would be possible for some stranger 'over the Internet'. If it was going to happen at all, it would require someone with physical access to the computer to install the software and set up the account with LogMeIn.com AND who knew the account name/password.

A former employee might be able to do that on a business computer before leaving a company (though good practice for the company would be delete their user account/password) - a stranger taking advantage of a computer left running, say over a lunch break, might be able to install the software, but they would probably be asked for permission and required to enter a valid password.

Finally, if someone was to use LogMeIn to remotely access a computer, the same things would appear on screen as if that person was physically sitting at the computer - web pages would open up, credit numbers would appear to be typed on a page, etc. If you're at a computer when it's being accessed remotely it would seem as if it's haunted if you didn't know what was going on.

So one more improbability - the computer might have been accessed at the middle of the night, requiring it to be left up and running.
"

So the 'some stranger using LogMeIn (or other remote access software) was using my computer without my knowledge to commit credit card fraud' scenario is possible but very improbable.

Similar things have happened, though - most recently with the huge number of misleading phone calls many have received over the past year or two, typically from someone claiming to be a Microsoft employee who has noticed that your computer was infected with malware.

In most cases, the scammers simply hoped to convince their victims to pay them to remove non-existant infections, often having the victim open the Windows Task Manager and/or Event Manager while the scammer pointed out the presence of a legitimate item as proof of the so-called infection. (For more on this scam...)

In some cases, though, the scammers have gone a step further - convincing their victim to install malware that they then would pay to have removed, or keylogging software that reported back with credit card or other financial information.

Often, the scammers convince their victims to install remote access software to allow the scammer to control the computer - they've been known to make use of (legitimate remote access) programs named Ammyy, TeamViewer, ShowMyPC, and others.

While I haven't heard of LogMeIn being used in this way, it might have been - at least while there was a free version available.

And while I haven't heard of any of the faux-Microsoft scammer later using computers they'd remotely accessed for credit card fraud, I suppose it could have happened.

I suppose the accused in this case might have been a victim of such a scam which got her to install remote access software onto her computer, letting the scammers make use of her computer without her knowledge for credit card fraud. Since her computer, under remote control, would still be opening browser windows and typing information just as if she was sitting there, all this would have to happen at times when the computer was left on but no one was there to witness the unauthorized behaviours.

It still seems highly unlikely to me.

Then again, 'highly unlikely' accounts for most crime novels.

What do you think?

Older blog postings....


About This Blog...

I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Twitter or Google + for notice of new blog postings.
AZ Dog Baby