Subscribe

TeamViewer 'hack' linked to recent breaches

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 08 Jun 2016
Cyber criminals used stolen credentials from recent breaches to login to TeamViewer.
Cyber criminals used stolen credentials from recent breaches to login to TeamViewer.

Cyber criminals are using the same credentials from recent data breaches to login to TeamViewer and empty bank accounts.

TeamViewer is an Internet-based remote access and support software for companies that need employees to access servers remotely.

Users started reporting suspicious activity on their accounts a few weeks ago.

The company vehemently denied a system compromise and recommended all users make use of two-factor authentication.

Andreas K"onig, TeamViewer CEO, said in a statement: "We have found no evidence that hijacks by cyber criminals occurred because of a data breach of TeamViewer's databases.

"It is very likely that cyber criminals used account credentials stolen from data breaches elsewhere or via malware installed on victims' devices, among other such tactics," he said.

A series of major data breaches on social networking platforms have been reported in the last few months, exposing millions of usernames, passwords and e-mail addresses.

Around 117 million LinkedIn, over 360 million MySpace and 50 million Tumblr account credentials were exposed recently, dating back years.

Yesterday it was reported that hackers used Facebook CEO Mark Zuckerberg's credentials from the LinkedIn data breach to login to his Twitter and Pinterest accounts.

'Careless' use

Suspicious activity on TeamViewer accounts included criminals making unauthorised connections to users of TeamViewer and stealing money from bank accounts.

These claims developed into accusations.

Paul Ducklin, senior technologist at IT security company Sophos, says users said: "The breaches are best explained by a hack at TeamViewer itself that has given the crooks some sort of backdoor into customers' computers."

TeamViewer responded to allegations by saying the source of the problem was "careless" use, which includes using the same password across accounts for years, without additional measures like a password manager or two-factor authentication.

Ducklin says there is a Reddit thread that is trying to collect evidence against TeamViewer. It is asking users to report if they think they have been hacked recently, and to say if two-factor authentication was enabled and if they use their TeamViewer password elsewhere.

At the time of writing, of all respondents, only one said they had two-factor authentication enabled and 37 admitted they had used their TeamViewer password on other accounts.

"As far as we can see, that evidence doesn't point any fingers at TeamViewer," says Ducklin.

"I hope to think this is a wake-up to most people, but the reality is that most people will still use poor password management," says Jason Jordaan, principal forensic scientist at DFIR Labs.

"We need to start emphasising good password practices from much earlier on in schools so that it becomes part of daily life."

No experience needed

Ducklin, based in the UK, says criminals love remote access tools.

He says they often pose as technical support who call up at a residence and lie about a computer virus that needs cleaning.

"Ironically, those guys don't usually use their remote access to steal your data or implant real viruses, because they know you're watching... For them, remote access merely serves to make it look as though they're actually doing something to justify the substantial fee they'll charge you when the 'problem' has been 'fixed'.

"But if crooks figure out your password and use it while you aren't around, remote access software can be a different sort of gold mine."

Ducklin explains this allows criminals to steal files and sell the data on the dark Web, to raid PayPal accounts, buy products online, read e-mail, post to social media accounts, feed false information to business contacts, and much more.

"Worse still, they wouldn't need any Unix-style command line skills or hacking expertise: they could do it all with the keyboard and mouse, just like they would at home."

Share