Your Fly Is Open

Netmenaces and Other Internet Stupidity

What Clinic Are You With?

2016-07-05 4 min read Attacks

I’ve said it before. I hate the phone calls.

“Welcome to BLAH-BLAH-BLAH, please listen carefully as our menu options have changed.”

“Listen carefully?” The menu options have changed? Are they so gosh-darned complex that they need to be constantly updated? I grab a pen and a pad of paper, convinced that I’m about to be inundated with options.

“Dial ‘1’ if you know your party’s extension. Dial ‘2’ for sales. Dial ‘3’ for support and dial ‘4’ for our dial-by-name directory.”

Wait… what? Well that was a disappointment.

Seriously? “Listen carefully?” You have four frickin’ options… it ain’t rocket science.

Unfortunately, none of those even begin to apply to the task at hand. I’m here to report a compromised machine.

I decide to try to do an end run on the whole “automated-attendant” BS and dial “0.”

“We’re sorry you’re having trouble. Goodbye” [click]

What the hell…?

I call back to be greeted by the same warning about the wholly ephemeral nature of their menu options. I find myself vaguely hoping that they’ll have changed since my last call, 30 seconds ago.

No such luck.

This time, I press “3” because in some twisted way my mission is peripherally “support-like.”

The woman who answers the phone just exudes “cranky” vibes.

This will not end well.

“What clinic are you with?”

“Well, I’m not actually with a clinic, and you’re probably the wrong person to talk to, but your phone menu didn’t give me a lot of options. I’m hoping that you can direct me to the right person.”

Literally, crickets.

“Ok, then… I need to speak to someone in your IT department about a computer owned by your company. It appears to be compromised.”

Again, crickets.

“Hello?” I’m afraid she may have dozed off.

“Yes. What clinic is this machine located in?”

“Well… I.. uh… I don’t know. I don’t know if it’s located in a clinic. I think it’s one your company’s systems.”

“Then what clinic are you calling from.”

“I’m not from a clinic. I’m calling about one of your company’s computers. It appears to be compromised… hacked… and it’s attacking other systems on the Internet.”

“The Internet?”

“Yes, ma’am.”

“Please hold.”

Dead air. I’m not entirely sure what about my mention of the Internet caused her to need to put me on hold. Perhaps it’s company policy - “If someone calls and mentions the Internet, immediately put them on hold.” That seems unlikely.

Perhaps she’s getting someone else. Maybe I’ll be transfered to an “Attacking the Internet” specialist. I cross my fingers and wait.

“Hello?” Nope. It’s her again.

“Yes?”

“You said that you’re calling about a computer?”

“Yes.”

“And you said it’s OUR computer?”

“Yes. It thinks it’s part of something called BLAH-BLAH-BLAHcloud.com. Is BLAH-BLAH-BLAHcloud something to do with your company?”

“Please hold.”

Dead air. Obviously this woman has several trigger words including both “Internet” and “cloud.” Oddly those are MY trigger words as well. Perhaps we’re kindered spirits. I consider mispronouncing “nuclear” as “noo-cue-lur” just to see if that bothers her too, but I’m at a loss as to how to work it into the conversation.

“Sir…?” She’s back…

“Yes?”

“Why are you contacting support about this?”

“Because there are four options on you phone menu. I don’t know my party’s extension. I don’t know a name to dial. So it was down to ‘support’ or ‘sales.’ It was a coin flip.”

“Please hold.”

What in the hell can she be doing that she needs to keep putting me on hold? Vaguely, I picture a bunch of bespectacled people in lab coats standing around a solitary phone, clipboards in hand, conferring in whispered tones and acting out some twisted psychological experiment designed to somehow turn me impotent. But I digress…

“Sir…?”

“Yes?”

“I’m going to create a support ticket for your issue and have someone from our IT department give you a call”

Holy hell… did she just say something reasonable? Where did that come from?

“I’ll need to get some details from you. What is your name?”

I give it to her.

“And your phone number?”

I give it to her, flabbergasted that a conversation that I’d, essentially, written-off was actually going somewhere.

And that’s when it happened:

“Ok… And what clinic are you with?”

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
July 5, 2016