The IT repairmen who spy on your files

[MechAg94]

http://www.dailymail.co.uk/news/article-1201483/Undercover-footage-finds-IT-staff-repair-firms-spy-personal-files.html

This was also on Preacherman's blog. 
http://bayourenaissanceman.blogspot.com/2009/07/very-nifty-piece-of-investigative.html

Caught on camera: The IT repairmen who spy on your files

By Colin Fernandez
Last updated at 8:03 AM on 23rd July 2009

Computer repair firms entrusted with a 'faulty' laptop illegally snooped through a customer's personal files and one even tried to hack into her bank account.

An undercover investigation found technicians stealing passwords, overcharging for basic work and nosing through private pictures of the laptop's owner in a bikini.

Investigators wired a new laptop with hidden cameras and spy software that operated without the engineers' knowledge.

The laptop had been given an easily identifiable fault: a loose memory chip that stopped the computer from starting.

To get it working, the chip simply needed to be popped back into position.

The investigators from Sky News took the computer to six repair shops in London.

The most serious offender was Laptop Revival in Hammersmith, West London.

Shortly after identifying the real fault, the firm's engineer called to say the computer needed a new motherboard, costing £130.

The surveillance software then recorded a technician browsing through the files on the hard drive, including intimate holiday photos, some showing the Sky researcher in her bikini.

As the technician snooped through the files, he was filmed grinning and showing the pictures to another colleague.

Later in the same shop, a second technician loaded up the machine to look through the photos  -  stored inside a folder marked 'private'.

Laughing, the repairman loaded the pictures onto a memory stick he kept round his neck  -  which the software found was also packed with similar photos in a folder labelled 'Mamma Jammas'  -  street slang for women with large breasts.

He also copied a file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.

Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the bank account for five minutes  -  failing because the details were false.

Laptop Revival declined to comment on the investigation.

A technician at Digitech, in Putney, South-West London, also examined the investigator's holiday pictures  -  after looking over his shoulder.

An employee at the shop said: 'We looked at the pictures to see if the memory was fully functional.'

A PC World repairman in Brentford, West London, told the investigators that the computer 'needed a new motherboard', costing £230.

When the computer was collected, only the memory chip  -  which was not faulty  -  had been replaced.

PC World spokesman Anina Castle said: 'We have a £230 charge for looking at any out of warranty faults.'
Laptop technicians

One technician charged £230 for motherboard but only replaced a memory chip

Micro Anvika, in Tottenham Court Road, Central London, fixed the laptop before ringing to say further diagnostic tests were needed.

It charged £145 for a full examination of the laptop.

The firm has since apologised and refunded some of the fee.

Technicians at Evnova Computers in Barbican in the City of London also discovered the loose memory chip and fixed it, but not before they, too, said the motherboard needed replacing.

When the offer of a new motherboard was declined, it appeared that someone from Evnova soldered the pins of the chip together to recreate the original fault.

The firm later claimed it thought the undercover reporter was from a rival repair company.

Only one shop came out with a clean bill of health: Pix 4 in Shepherd's Bush, West London. The company popped the chip back into place, and for free.

Richard Webb, the Trading Standards Institute's spokesman on web commerce, said: It's a big abuse of trust. If you were expert in computers you wouldn't have to hand in your machine to be repaired. They know that.'

It certainly doesn't surprise me that they would be nosing through files even if that is a bit bad.  I am more surprised by the attempt to log into the bank account.  That would really suck. 

For me, I'm glad I have a close relative who has helped me put together my home computers.  I guess this is a good reason to use an external drive more often, or at least a slave drive that can be removed. 

[crt360]

That does suck.  To make things even worse, think about all the businesses that collect personal information from their clients/patients/customers and who those businesses have repairing their PCs.

I'm fortunate to have been working on PCs ever since there were PCs and been able to fix all the problems I've encountered, even when it took most of my patience and a few pots of coffee.  One of the many hats I wear in our law office is that of "computer fixing guy."  Generally, nothing is going out for repair.  If I determine it's not fixable in a reasonable amount of time for a reasonable price, it gets replaced.  If it's still under warranty and requires something like a motherboard replacement, they can either send me one, send one with a tech to replace it, or send a whole new PC.

[AJ Dual]

I'm not too surprised.

I think the best thing would be a folder full of pictures of previous (on-site) PC Technicians bound up in the owner's home office in front of the very same PC, handcuffed, and wearing a ball-gag, sort of like the last few minutes of "Pulp Fiction".

Maybe being accosted by someone in the "Gimp Mask" to make the effect complete. 

That'll learn em.

[Gowen]

Now routinely, don't we hear of kiddie porn perverts getting caught when they take their computer to get fixed?  How are these techs finding the pictures, unless they are looking through the computers files?

[Regolith]

If you take your PC to our university's tech support, you risk getting your music and picture files deleted.  In order to enforce the university's anti-piracy policy, they have taken to deleting any file found on a student's personal computer that they even suspect is pirated. This has led to some people having the entirety of their legally owned .mp3 collection and personal photos deleted.

Thankfully, I can provide my own tech support, so I don't have to take my PC to those goons. 

Now routinely, don't we hear of kiddie porn perverts getting caught when they take their computer to get fixed?  How are these techs finding the pictures, unless they are looking through the computers files?

I remember reading in some of the cases that the perp had left them on his freaking desktop.  Hard to miss.  I don't know about the rest of the cases.

[RocketMan]

scanr, that is a good question.  I've wondered about that myself, sometimes.

A computer tech that doesn't make their customer's privacy a primary concern should not be in the business.  When working on a customer's system, I bend over backwards to avoid any activity that might be an invasion of their privacy.  It is the right thing to do.

[Tuco]

A former acquaintance owned a small computer repair service.  In 1998 he found evidence of and reported a pedophile, resulting in that pedophile's incarceration.

I asked him how he came to find the incriminating information, and was it a result of snooping around or blatant?
He wouldn't offer a direct answer, instead defending his actions by the fact he got this freak off the streets and what if was your kid etc etc etc.

Bottom line, a local outcast (physically handicapped, tattoos, pet lizard, 30 yrs old, mother's basement) warranted a closer look by this self-appointed block-captain-come- IT-professional.

[RevDisk]

I used to do that kind of thing at work.  But usually not directly intentionally.  Whenever a disk on a server grew significantly faster than normal, I'd fire up a utility that visualized file space utilitization.  There's always clusters of obvious stuff.  Most often videos or pictures not of a professional nature.  Unless it was something I couldn't ignore, I'd call the owner of said files and say "look, I don't care what you put on my server and I ain't prying.  But I need the disk space, so if it's not work related move it elsewhere.  Now."  Folks never just say ok and do it, they always try to come up with some excuse.  If it was uh, worrisome, I'd notify HR. 

Only had one 'legit' case where someone dumped multigig files on the server.  He had been keeping critical CAD drawings on his PC and wanted to back them up on his personal share.  So he berated me for questioning his utilization, when I asked why he dumped 60 gigs on my server with no notice.  Until his department VP asked the logical question, why was he storing it locally instead of with the other CAD projects like he was told?  Never heard from the guy again.

I don't snoop on personal files for chuckles.  I don't have the spare time.  I don't get the desire to do so either.  There's nothing interesting on someone's laptop that you can't find on the internet.  Guess some folks just get off on the whole invasion of privacy thing.  Same reason we have peeping Toms. 

Oh, there IS one legit way of accidently snooping in the normal course of business.  If you're copying files, you see the folder names.  Big folders stick on the screen longer.  When you do it for a living, you also know how long it's normally supposed to take to copy files.  If a folder named "Accounts Receivable Q3 2005" or whatnot takes five minutes to copy over gigabit ethernet (when it'd normally take seconds), you know it's a video stash.

[Jim147]

Something I haven't seen any of you talk about is the other wrong these companies committed. Being crooks in general.
I have been in many fields. It always sucks having to prove you are the honest one that doesn't try to rape every customer that walks in the door.
Do an honest job and get it fixed. 

jim

[Tim L]

If you take your PC to our university's tech support, you risk getting your music and picture files deleted.  In order to enforce the university's anti-piracy policy, they have taken to deleting any file found on a student's personal computer that they even suspect is pirated. This has led to some people having the entirety of their legally owned .mp3 collection and personal photos deleted.

I'd certainly hate to loose 40 gig of photos because someone who doesn't know me felt that they were pirated.
 

Now routinely, don't we hear of kiddie porn perverts getting caught when they take their computer to get fixed?  How are these techs finding the pictures, unless they are looking through the computers files?

Scanr, Texas passed a law requiring computer repair techs to be Licensed Private Investigators.  http://www.pcmag.com/article2/0,2817,2324217,00.asp  So in Texas they are required by law to search through your private info.

Tim

[RocketMan]

Something I haven't seen any of you talk about is the other wrong these companies committed. Being crooks in general.
I have been in many fields. It always sucks having to prove you are the honest one that doesn't try to rape every customer that walks in the door.
Do an honest job and get it fixed. 

jim

The privacy issue is what struck the main cord with me.  That said, I've found with my part time PC repair business that treating customers fairly, honestly, and well is the best advertising there is.  I get more business now from satisfied repeat customers and word of mouth than my ads in the two local phone books.

[Firethorn]

Scanr, Texas passed a law requiring computer repair techs to be Licensed Private Investigators.  http://www.pcmag.com/article2/0,2817,2324217,00.asp  So in Texas they are required by law to search through your private info.

Doesn't that also mean that they're bonded to not discuss/reveal anything outside of a couple specific areas?

Oh, and I thought the pedo guy got caught because he brought it in having trouble playing videos - so the tech did a search for videos to play a sample and guess what popped up?

-edit:  I thought they later interpreted the law such that only those doing computer investigation work needed the license, not joe schmoe doing motherboard swaps?

[AZRedhawk44]

Investigators wired a new laptop with hidden cameras and spy software that operated without the engineers' knowledge.

That's a very "generous" professional title they're giving to these monkeys.

Heck, real engineers get miffed over people with Microsoft Certified System Engineer (glorified network tech) using the title "engineer."  A break-fix PC and laptop hack is definitely not an engineer.

[MechAg94]

The privacy issue is what struck the main cord with me.  That said, I've found with my part time PC repair business that treating customers fairly, honestly, and well is the best advertising there is.  I get more business now from satisfied repeat customers and word of mouth than my ads in the two local phone books.

Hell, in a line of work like that where a whole bunch of people just have no idea what it is you did even after you explain it to them, trust counts for a lot.  That is worth more money or waiting for you to be available.

Not the same work, but car repairs is another one that works like that.  I know of one guy locally who was recommended as honest and straightforward and he is always busy. 

Now if I could just find the guy like that who can work on my house.  :)

[mellestad]

Doesn't that also mean that they're bonded to not discuss/reveal anything outside of a couple specific areas?

Oh, and I thought the pedo guy got caught because he brought it in having trouble playing videos - so the tech did a search for videos to play a sample and guess what popped up?

-edit:  I thought they later interpreted the law such that only those doing computer investigation work needed the license, not joe schmoe doing motherboard swaps?

Yes, the law was badly written.  Even the guy who drafted it said it was meant for people doing forensics work, and the courts interpreted it the correct way.  They wanted to make sure that if evidence was admitted into court, it was collected by people with some sort of law enforcement training in evidence collection.