Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×

My Brush With Data Infiltration

A clever ploy got past me and my client, but not for long

Radio World’s “Guest Commentaries” section provides a platform for industry thought leaders and other readers to share their perspective on radio news, technological trends and more. If you’d like to contribute a commentary, or reply to an already published piece, send a submission to [email protected].


Yes, I am a broadcast engineer; but on occasion, I use my skills to help non-broadcasters as well. 

Recently I got a call from a client who said that a website had detected an issue on his PC, so he called the website and gave them access. I screamed NO! But I was too late. 

The PC was compromised — officially screwed up. 

I drove to his office and ran many and multiple scans hoping to clean up his computer. I ran many updates as well. After a few hours and many deletions, I told him that the PC was clean of known viruses. I couldn’t find any malware, though I did find that his DNS settings had been changed and Remote Desktop was turned on. I rectified these, but I was suspicious.

A few days later, he reported that he was getting many “undeliverable” notifications. It was not happening on all of his outgoing emails but on many of them. It was more than a nuisance, so he called me. 

My client uses a hosted exchange service. Outlook is his client mail software. I asked him to forward me one of the “undeliverable” messages as an attachment, and I was able to inspect the email header. It revealed that the destination mailbox was full. This, at least, was good news, because if his emails were in fact going to the wrong place, at least no new mail was getting through. 

Reading further, I found a suspicious, unknown destination email address on the header: [email protected]. This puzzled me. The address was not a Microsoft email, they would not use Gmail; and I had never heard of anyone using such an address, especially with the user “me.”

I thought about this, then spoke with a friend that runs my client’s ISP. He checked to see if any rules had been added to the Exchange Server; there were none.

[Read more commentaries by David Bialik]

I asked if there was a way to create a rule at the ISP to block emails going to this address. He said rules on this system only block incoming email.

Then I said, “Wait a minute!” This was my Eureka Moment.

I went to the client’s Outlook, opened “Manage Rules and Alerts” and found a rule titled “…” I looked at the rule and found that it was forwarding to the suspicious address all outgoing emails that contained the words “payment,” “credit card,” “account” and “transfer.”

Immediately I deleted the rule. Next I restarted Outlook multiple times to make sure the rule does not somehow re-emerge. Then I had the client reboot his PC multiple times to check that a re-emergence does not happen.

I also instructed the client never to grant access to someone he doesn’t know. Your data is confidential; not everyone is to be trusted; there are plenty of people with nefarious motives. I also advised him to review all passwords in his company, make them more complex and change them periodically.

Now I feel good. The client is happy. And I go to lunch! Next I’ll be replacing his hard drive — just in case.

[Sign Up for Radio World’s SmartBrief Newsletter]

Close