Is Breaking A Password Really Like Mr. Robot?

Have you been locked out of an account due to entering the wrong password too many times? That was rhetorical; unless your password is "password" (and it better not be) everyone has managed to lock themselves out. Even someone using "password" can manage it if they don't realize Caps Lock is on. But here's the real question - why don't hackers get locked out when attempting to get into their victim's accounts?

If you've been watching USA's new serious Mr. Robot you might be under the belief that, like Elliott, hackers research you and then using a well thought out plan they try passwords that include information about your birth date, family, pets, sports teams, nicknames, address/phone numbers, etc until they find the magic combination to your password.  That scenario doesn't hold water when you look at the facts of an account lockout - it doesn't matter if it's you or a hacker if the lockout says 5 tries and you're locked out, that's what's going to happen.  Even the few variables listed above amount to thousands of options.

So how do hackers do it?

One way is to get your system infected with spyware that steals your usernames and passwords and send them back to the hacker.  Typically the person stealing the passwords will not be the person using them, although in Orange County California in 2008 a student used spyware to steal administration usernames and passwords in order to change his grades.  More often the person stealing them plans on selling your usernames and passwords to others for use later.  In this case the hacker is dependent on people to get infected with their spyware hence the number of usernames and passwords they acquire can be hit or miss, less passwords equates to a smaller payday.  To assure themselves of a larger number of passwords to sell they employ the next method.

The second mothed is what is called an offline attack.  You have an online account, your account information along with thousands of others is stored on that company's server; that company is taking proper security measures and all the stored account information is encrypted.  Along comes a hacker who steals that encrypted file.  Once the hacker has the encrypted file he begins using a variety of tools against the encryption.  This process has absolutely nothing to do with a trial and error process of figuring out your password.  The hacker patiently waits as his tools work away on those passwords until they are revealed.  The longer it takes for the original company to discover the breach, then the theft of the file, followed by the disclosure to their users, the longer the file has value.  From there the hacker will work to sell his ill-gotten information and move on to the next breach.


So there it is in a nutshell and once again TV and movies have steered you wrong when it comes to the real life of a hacker. But how fun would it be if they showed the reality of a hacker who starts his computer working against the encrypted file then walks away for a while - not exactly must see TV.


Internet Tech Support Scams – From Our Interview With Erin Breen of KTVN

Today we did an experiment with an Internet Tech Support Scam that is reportedly being found online by many in the Reno Sparks area.  Below is a screenshot of what first appears when you happen upon the website at

online-system1 More than likely you were redirected here by a malicious advertisement on another website or a redirect from a fake article; you know all those interesting top 10 articles that look too tempting not to click on, well some of them are not so innocuous.

This can't be good, right...  Whether you click "OK" or click on the "X" the same screen appears.

online-system2 Well this looks like things just went from bad to worse.  My Windows 7 license has expired?!? What?!?  My computer has been locked?!?!  What do I do - I guess I have to call that number.

Whoa, whoa, whoa hold your horses and definitely don't call that number!   (Although in all honesty we did call that number with KTVN Reporter Erin Breen, on a completely secure computer with a fresh install of Windows to show her what these scam artists attempt to do to unsuspecting victims.)

This also brings up an interesting turn in Microsoft's business model; Microsoft has been working to change as many people as possible over to a subscription based option for their Office products, however that does not apply to the Operating System.  Clearly these guys are hoping to play on people's confusion with having a subscription for Microsoft Office that does expire with the Operating System license that came with your computer.

The bottom of the above image shows a check box, "Prevent this page from creating additional dialogs." this only appears when using Chrome as your browser, if you're using IE closing the dialog box is a different matter.  This also gives a hint that English may not be the author's first language.

Here is the full image of the blue screen:

online-system3 Ok, so now it's a bit funny because it's actually calling itself "BSOD" Blue Screen of Death, which is more of an off hand term used to describe a PC with major issues than a real piece of diagnostic information.  But perhaps we've bantered around the term for long enough that is seems like a diagnosis in and of itself.

"Error 333 Registry Failure of Operating System" seems pretty serious, but is that really what an error 333 is?  Not so much.  Event ID 333 is a System event error log that occurs when the registry is unable to complete a flush operation to the disk; put another way error 333 is seen when the computer has too many things going on and as a result there is competition for access to disk space.

Ok so if the Error 333 is bogus what about the "Error 0X000000CE"?  This is a rather generic error that happens for a variety of reasons, normally it's from an old hardware driver needing to be updated, or it can be just the opposite and there is something wrong with the latest release of a driver. The error normally includes the file that failed which gives you more information on the exact file causing the problem.

Well now that we know the entire webpage is just scary mumbo jumbo how do we get out of it?

When the "X" in the corner doesn't work your next best bet is to right click on the task bar at the bottom and go to Task Manager, where you should be able to go under Applications, select the browser you were in and hit "End Task".  If the popups have your computer tied into so many knots that you can't do anything, hit the reset button on your computer.

As mentioned above we did call the tech support number listed with Erin Breen from KTVN.  We let her do all the talking with the tech who, somewhat unbelievably, did claim to be with Microsoft.  I've certainly heard of them doing this, but this is the first time I'd heard it for myself.

After the call we dug further into who this / 800-901-6142 company really is and found some interesting things.

First we looked into and found their IP address, which we then we to the American Registry for Internet Numbers to determine who owns that particular IP.  Turns out that IP address belongs to RackSpace, which is where the website is being hosted; what's unusual about this is that it's being hosted domestically, rather than in a foreign country.  Most of these kinds of scams are run from overseas as it is harder for law enforcement to shut them down as they did in the OMG Tech Help case out of Florida.

Next we looked into the domain registration history of; domain privacy is enabled so there's not a lot of information there other than it is a new domain, created June 12, 2015.  Whenever looking into these kinds of cases you nearly always find that the domain being used is less than 6 months old and will be blacklisted soon enough to be good only for a short amount of time.  Domain names themselves are so inexpensive that this is likely the smallest amount spent by scammers and as a result are easily disposed of and replaced once the blacklisting starts.

Having learned what we could from the domain we looked into the phone number and found an older likely abandoned, but not yet completely gone from the Internet website acting as a sub-domain under  For all those who are curious .io is the top level domain county code for the British Indian Ocean.

online-system6 The page is mostly broken, but the interesting pieces are the handle at the top "casumyrco31" and the Dutch at the bottom. Unfortunately this handle takes us almost no where, the only other time it's found in use is also in Dutch selling some kind of Acai Berry something.

The next listing we found for the phone number actually comes with a name, TechPCdoc, too bad doesn't exist, but hey it's a step towards a name of some kind.

online-system9 The last listing we found showing the tech support number is also offering tech support, only this person is doing it repeatedly through different forums.  See below where it is being used in response to a Skype question and again this comes with an interesting handle.

online-system8 That is not a legitimate Skype's support number either.  It actually appears to most recently be a debt collector.

Looking up information on the handle krazeeme612 yields a lot more interesting results.  For one, this person answers a lot of online questions on a whole variety of subjects.  On the same website above this person has answered things from tech support to getting baptisms.  Being a unique name it is unlikely there is more than one person using the handle; however unless you are Leroy Jethro Gibbs I suppose we must say that a coincidence is possible.  I say that because the one listing I found using this handle with identifiable information in it is below.


Is it possible it's a different person? I will have to say yes.  Is it highly unlikely?  I'm going to go with another yes on that one.  It obviously doesn't answer who krazeeme612 is, or why she / he is specifically suggesting people call in to the tech support at 800-901-6142.  What we do know is that the offending website is hosted domestically and this person lives in the US and is suggesting people call what may or may not be TechPCdoc.  That's certainly a place for law enforcement to start and it would be a great victory for the public to take down another tech support scam company.

What should you do if you believe you've been scammed?

There are several things you should do:

First if you’ve found this article and are still on the line with them hang up now and cut off their remote access.  If you’re unsure how to cut their remote access, the sure fire way is to unplug your computer from the Internet and/or disconnect the wifi. If you're unsure of how to do this quickly holding the power button on your computer until it shuts down completely also works. As many of the remote support software programs automatically reconnect after a reboot it's best to take it to a professional or be sure the computer will not connect to the Internet when you turn it back on.

If you’ve already had this happen, called them, given them access to your computer, paid them money or not, there are several places you should report them to.   File complaints with the FTC, Fraud.Org the National Consumers League, your local Attorney General, and if you’ve been defrauded of money your local law enforcement as well.  Fraud.Org is an especially good one to file with as they work to share information with many jurisdictions.  Local law enforcement is harder as they really only deal locally and scams like this work on a global scale not a local one.

You will also want to have your computer checked out by a local technical company in case anything malicious was installed on your computer during the so-called technical support.

It is always advisable to do business with a local computer company, you never know what you’re going to find on the other end of that Internet / phone connection!

Additional reading on Tech Support Scams -


Fear As A Weapon To Get You To Open Infected Zip Files

While not in person, this kind of email is as much an attack using social engineering as some unknown tech who shows up saying they are there to repair your copier when you weren't expecting it, but is really there to gain unauthorized onsite access to your network.

The desired outcome is the same - access!  Their weapons is social engineering, cunningly forcing the person in front of them to suspend doubt and allow them access to the building (in the case of the copier repairman) or access to launch an attack on the company's network (in the case of the zip file).

The response to this email is natural, what do you mean my account was declined?!?

And before common sense kicks in the zip is opened the files extracted and wham the malicious content of the zip file is let loose on your company's network.  

Rules for the new world of infected Zips:

  • If you are presented with a Zip that you were not expecting do not open it until you are able to verify it's legitimacy.  
  • If an employee comes to you and tells you they have opened a Zip that did not contain what it was expected to contain, or appeared to contain a file that would not open or nothing at all immediately turn it off and call your tech support.
  • If you find yourself face to face with one of the now numerous Ransomware screens demanding money for your data, call in an expert like Top Speed.  Not all hope is lost, depending on a number of factors your company may not need to pay the criminals.

Depending on the Ransomware variant there are options that may be available in your situation.  Or if you are running an Enterprise Backup Solution, where multiple versions of files are backed up, recreating a short amount of work is likely to be far more cost effective than converting USD into Bitcoins and paying the ransom.


Reno / Sparks Craigslist Sellers Beware

We don't normally write about threats in the real world, focusing more on the online world, but in this case there's a real threat coming from the online world - specifically Craigslist locally in the Reno / Sparks area.

For those who sell items on Craigslist there has always been a certain amount of risk involved. Some of the crimes associated with Craigslist include:

  • Georgia January 2015- Elrey & June Runion went missing and were later found murdered after contacting a car seller on Craigslist.
  • Boston 2009 - Philip Markoff allegedly killed Julissa Brisman after answering her Craigslist ad.
  • Pennsylvania 2013 - Miranda & Elytte Barbour murdered Troy LaFerrara, after he responded to a Craigslist ad placed by Miranda.
  • 2012 Ohio - Brogan Rafferty and Richard Beasley used Craigslist to lure people to a fake ranch then robbed and murdered them.
  • 2007 Minnesota - Katherine Ann Olson was murdered after replying to an ad and agreeing to meet Michael John Anderson about a nanny position.
  • 2015 Atlanta - Gangs allegedly use fake Craigslist car ads to lure victims and rob them.
  • 2015 Washington - 2 teens were kidnapped and robbed after answering a Craigslist ad for a car for sale.
  • 2015 Texas - Victor & Sergio Torres were arrested and charged after allegedly robbing the person who responded to their ad selling a Suzuki motorcycle.

The list could go on and on and on.

So this morning when this suspicious email arrived in one of our employees in-boxes it seemed important to get the message out to the area before there's a news report that begins Reno / Sparks, Nevada 2015.

This person did indeed have an item offered on Craigslist this weekend and this would be a genuine reply to that ad, the "Original craigslist post" took you there until it was deleted this morning.  However, there are some red flags in this email, such as "this item" that should make people stop and consider whether it's a legitimate offer for purchase or not.


The obvious concern is this is someone or several people trying to lure victims to a parking lot where they could be robbed or worse.  As out in public as a Walmart parking lot might seem, unless you're parked right at the front there's a lot more privacy in those parking lots than you'd initially think.  There is a sense that you're being told something about the person with the email address, but using two women's names is more likely a ruse to put you at ease.

This email has been reported to the local authorities who said this email is unusual as most of the Craigslist scams they see involve a scam for money with no in person meeting; it's the here I've sent you $1000 for a $500 item, send me the change scam.  It's not until after you've sent them their "change" that you discover the $1000 check or money order is bad or forged.

Always be safe when using Craigslist to buy or sell items!

Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844


Physical Address:

8755 Technology Way

Suite J

Reno, NV 89521

Log in or Sign up