The area code was Washington state. The accent suggested an unruly place last visited in an Olen Steinhauer spy novel: Lithuania? Russia? Ukraine? Sunny Isles?
The voice on the telephone said he was from Microsoft and that the company had discovered that my Windows-powered machine had fallen prey to an evil virus. He was ready, however, to rescue me and my machine from this insidious digital parasite before it filched my most intimate secrets and flung them across the Internet. All I had to do was sit at my keyboard and follow his instructions, keystroke by keystroke.
It was, of course, too outlandish to believe. No one in the two last decades has had an actual live telephone conversation with an IT techie without first calling the company customer assistance number a dozen times, then enduring the requisite 45 minutes on hold with a robotic voice popping up every five minutes to apologize, “We are sorry for the delay, but your call is important to us,” and suggest that a visit to the company website might be more beneficial – particularly for customers with an breviated life expectancy or plans to watch the 2014 SuperBowl. Of course, if the damned gadget worked well enough to access the company website, or any website, there’d be no need to dial an 1-800 help line, manned 24 hours, but apparently not 24 consecutive hours.
But I hadn’t come begging for technical support. Rather technical support had called me, unexpected, unsolicited, out of the ether, the way ancient prophets were once visited by the voice of God, offering to guide me out of a malware hell. Which all seemed about as likely as a call from Scarlett Johansson, begging me for a selfie.
So I asked him, “Doesn’t it feel a bit creepy, actually talking to the people you’re trying to rip off, instead of resorting to impersonal lying emails?” He hung up.
Sure enough, the Federal Trade Commission has posted alerts for “tech support scams.” The FTC website warns, “In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
“They set up fake websites, offer free ‘security’ scans, and send alarming messages to try to convince you that your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.”
Lately, I’ve been feeling nostalgic for my old Nigerian friends, the deposed princes and generals, their emails describing an urgent need of my help to free up $500,000 from a Swiss bank account. They were content just to mess with our heads. Modern cyber criminals dig into bank accounts, steal credit card numbers. For all I know, they’ve hacked into drunken emails sent to ex-girlfriends at 2 a.m.
If I’m sounding a bit paranoid, it’s because sometime between Black Friday and Dec. 15, I made a credit card purchase for two 16-pound bags of dog food and a pair of cheap sunglasses from Target. That time period coincides with the latest giant hack of 2013, when cyber thieves made off with credit card data of 40 million Target customers.
That was not even the biggest haul of year. Hackers stole passwords, emails, birthrates and other personal data from some 50 million customer accounts on LivingSocial, the daily deal site owned by Amazon. Hackers got the goods on another 50 million customers from Evernote, an on-line note-taking service. They stole customer info from Twitter, FaceBook. J.P. Morgan, Yahoo Japan. They made off with info from 38 million Adobe customers. Even Apple suffered a breach.
In July, a federal grand jury in New Jersey indicted four Russians and a Ukrainian for hacking credit and debit card data from JCPenney, 7-Eleven, JetBlue, Heartland Payment Systems and the French retailer Carref. Across the River in New York City, another grand jury indicted the same gang for stealing info from Citibank, PNC Bank and the Nasdaq stock exchange. The feds say the gang stole data from at least 160 million customers.
The July indictment said the gang had been associated with Miami’s own legendary hacker, Albert Gonzalez, 32, now serving a 20-year sentence for stealing the data of 170 million customers of various businesses. He was finally busted in 2008 in a luxurious room at the National Hotel on Miami Beach, living the high life with credit card numbers stolen from patrons of – is nothing sacred – Dave & Busters.
These sneaky faceless cyber criminals seem to be everywhere. Except they’re not exactly faceless. KrebsonSecurity, the cyber security blog run by former Washington Post reporter Brian Krebs, has posted photos of a smug-looking young Russian, known as Helkern, puffing on a brown cigarette. Krebs thinks Helkern runs a black-market website, a “card shop” identified as rescator.la, that began marketing huge batches of Target customers’ credit and debit data at $20 to $100 a whack in early December. Krebs reported that fraud investigators with at least one large bank had gone onto the underground site and “effectively bought back hundreds of the bank’s own cards.”
So where are our own stealthy hacks when we need them. Note to the NSA: Surely, if our computer whizzes at the National Security Administration can eavesdrop on Angela Merkel and 34 other world leaders, while sifting through 250 million email lists, they ought to be able to get a fix on Helkern of Odessa. And that telephone scammer who is not from Microsoft.
And maybe drop a couple drones down their chimneys.