SecurityThing – Martin Hutchison And Hohman CPA – Missed The Signs And Got Hacked: [03/14/2019]

On This Episode…

It’s time for another It’s a Security Thing. Today, Craig talks about the malware attack on the office of CPAs Martin Hutchison and Hohman.

Share This Episode

For Questions, Call or Text:



Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/14/2019

Martin Hutchison And Hohman CPA – Missed The Signs And Got Hacked

Craig Peterson 0:00
Hey everybody. Craig Peterson here. We got another little security thing. It’s a security thing for you and man alive. This is something I’ve seen happening more and more. We’ve got warnings out from the federal government about this scam. This is a scam. I know personally, a lot of people have gotten nailed for. I have a letter sitting in front of me from some Certified Public Accountants. It’s Martin Hutchinson and Hohman and it is a firm out of Eureka, California. Yeah, a they released, I’m glad they did this in California, it is required by law. And that’s true in many states. In fact, the module and I’m just finishing up right now in my security course that I’ve been writing and delivering. We talk specifically about all of these different rules and regulations. There’s 47 different sets of them on the state level in the US. But this is from their notice of data breach, and it goes on this letter goes on for about two page I am pages. I am not going to read this whole thing to you. But I’d be glad to send it to you if you’re interested. But here’s what happened to them.

Craig 1:27
February 15, 2019, while trying to resolve an email failure. With our email host Suddenlink I was directed to a website that gave a phone number to call for immediate assistance. When I call this number, the technician stated, he could certainly help he requested access to my computer to understand the issue with the email. So so far, we’re talking about having an email problem. How many times have we seen this people, email problems happen all the time. But I pick up more hands because they’re having an email problem. So he had email this company sudden link and then he was directed to this website. So he calls them up. So next up here, he requested access to my computer to understand the issue with the email after I installed the software necessary to give him remote access to my computer, he pulled up some IP addresses on my computer screen and stated that this was the reason for the email failure. I should point out, this is a very, very common tactic, they’ll usually drop down into a shell, they’ll get a net stat, they’ll show the interfaces on your computer. And this is far beyond even that little thing far beyond what most people understand. But it’s enough to really give them a little bit of a leg up. So this guy pulled up some IP addresses. He then insisted that in order to fix the problem and prevent viruses from attacking, I would need to allow him to install a program on our office’s network server, I told him no, and at that our local computer technician would be contacted to deal with this. Now, again, we see this all of the time, most of these local computer guys are not able to handle some of these bigger problems. But I gotta tell you, I was impressed with what happened and what his local computer guy did. At this point. He stated that back to the letter that only a Microsoft tech such as himself would be able to do this, this was a red flag is I thought I was dealing with this Suddenlink technician. At that point, I quickly disconnected my computer from the internet. And from our office network. I then uninstalled the remote access software, I had allowed him to install and turn the computer off. This entire interaction lasted less than eight minutes. So here we go. Martin Hutchinson and Hohman, certified public accountants, Eureka, California, and they are admitting to what happened. Now, he did do the right things here, things were a little suspicious, he thought it was sudden link. So his first mistake was calling the phone number that was listed on the website that the email directed him to what he should have done is he knows he’s getting his email through Suddenlink, he should have called them up directly, look up their website, call that number and make sure he talked to somebody he knows a name, he recognizes over there in Suddenlink Okay, that makes sense. So that was his very first mistake. So now he’s on with this guy. And this guy asked him to install some remote access software. If you’re dealing with us as a managed security services provider, we already have software installed on your machines that allow us to monitor the security to look into problems. So if you’re on the phone with them, and they say, Hey, we need to install some software, there’s your next alarm, don’t allow them to install software. They should have whatever’s needed on your machine already. Now, you might need to enable it, it should be, you know, a little pop up and say, Hey, so and so’s requesting access our software when we request access pops up and says that so and so from mainstream is taking control of the computer. So it comes up on the screen, it stays on the screen. We can’t get rid of that message. You can’t get rid of that message. You know, we’re on with you at that point. Okay, so there, there was his next little alarm bells should have gotten off. Now he did have one go off because he did realize that Microsoft technician such as himself, this was Suddenlink but you know, Microsoft does do some certain certifications. And maybe that’s what the guys referring to but shutting it all off made a whole lot of sense. So he unplugged the network cables in his computer. Nowadays, a lot of these computers are hooked up to Wi Fi, which is a bad idea, by the way for businesses. But he pulled those computers out there absolute right thing to do. He tried to install the software. My last module that I put together and teaching talks about security breaches, he should not have done that he should have immediately hit the power button and then disconnect the cables and set the machine aside for a professional cyber forensics person to have a look at this because there who knows what happened, right? There could be a lot of things that happen that could have had data exfiltration, this might be something that the FBI or local law enforcement is interested in, you need to preserve the state of the machines, that was another mistake that he made. And then the technician came out and the technician told them, Hey, this is a known scam. And the technician ended up replacing the hard disk in the machine because he said, this was a very sophisticated piece of malware that had been installed on the machine.

So there you go. It’s a security thing, a lot of stuff you should know and do. And again, these CPA guys, they did a decent job. They missed a whole bunch of red flags. they handled the post hack if you will post attack incorrectly. His computer guy handled it incorrectly. But now you know better don’t you you know a little bit more about what to do. So that’s today’s security thing. I’m Craig Peterson. You can find me online. And make sure you subscribe to the newsletter to stay on top of this stuff. And this podcast. And you can get the podcast by going to Hey, have a great day. We’ll be back with another security thing.

Craig 8:03
There’s always something to talk about. I just don’t always have the time take care. Bye bye.