bit-tech.net

Sky sting unmasks repair shop frauds

Sky sting unmasks repair shop frauds

According to Sky News, a sting operation which aimed to reveal overcharging by computer repair shops unmasked a ne'er-do-well who attempts to access customer's bank accounts.

As bit-tech readers, you're undoubtedly capable of repairing your own gadgets and gizmos, but spare a thought for those who aren't: a sting investigation carried out by Sky News has caught staff at five different London-based computer repair shops overcharging for non-existent faults with a laptop – and even copying private files on to USB memory sticks and attempting to access bank account details.

According to the Sky News article, the sting involved creating an easily rectifiable fault – the loosening of a memory module, which prevents the laptop from booting – but on a machine that had software which would record everything that happened with the laptop along with a snap of the engineer's face installed.

While a worrying five of the six repair shops tested overcharged for the simple fault – with PC World even claiming that a new motherboard would be required at a cost of £230 – the investigators saved the majority of their scorn for a Hammersmith company called Revival Computers.

According to Sky's Mark White, the surveillance software installed on the laptop recorded a Revival Computers technician “browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini”” before copying files from a folder marked 'private' to a USB memory stick.

While that's pretty creepy, it gets worse: Sky claims that the engineer went on to open a text document containing usernames and passwords for Facebook, Hotmail, eBay, and a NatWest online bank account. Having found this treasure trove of digital booty, the technician then allegedly spent five minutes attempting to log in to the NatWest bank account – thwarted only by the fact that the details were false, and formed part of the sting operation.

Having been contacted with Sky's findings, an e-commerce investigator for Trading Standards, Richard Webb, stated that he was “really quite shocked, both in the range of potential problems this has revealed – people overcharging, mis-describing faults – but also [in] people attempting to steal personal details.

Claiming that the investigation reveals “a much wider problem in the industry than we knew about,” Webb believes that Trading Standards needs to look at the situation closely – and possibly even “test it like [Sky News has] done, but with a view of taking criminal enforcement action if these problems are found and evidenced.

Do you believe that Trading Standards needs to take firm action against companies which attempt to exploit non-techie-types, or does someone who keeps their banking details in an unencrypted text file deserve everything they get? Share your thoughts over in the forums.

38 Comments

Discuss in the forums Reply
Rkiver 23rd July 2009, 12:14 Quote
As I commented on earlier, why are people shocked at this?

Getting your local bit-tech forum member to take a look is a better idea. And payment in caffeine and cheesecake is cheaper then what those places charge.
Frohicky1 23rd July 2009, 12:16 Quote
What, PCworld is overcharging and mis-diagnosing? I'm shocked! PcWorld Chester regularly outsource their fixing to my mate's firm, and charge the customer for it, because they haven't got a clue what they're doing. Steer clear!
digitaldave 23rd July 2009, 12:35 Quote
we where offered to take the network installs from our local pc world a while ago, they wanted to pay our guys £15 per hour and charge the customer £75 per hour, when I mentioned all our vehicles have our company name all over them in vinyls they said we would have to buy new vehicles.

so 15 quid per hour, have to buy a couple of vehicles just for them, they do nothing and earn lots more than us who do the work, no thanks!

this report is bad though, your average joe wouldnt know the difference between a good and a bad place, as it is hard to distinguish.

one way would be steer clear of the cheap as chips places, I guess its not a guarantee as the dodgy ones could just hike their prices but you do usually get what you pay for.
Tyrmot 23rd July 2009, 12:41 Quote
It's not surprising that they are overcharging, and everyone does this - taking advantage of their technical knowledge against people who don't have any - see plumbers and mechanics for example right?

But the attempted access of personal details is frankly criminal and personally I think TS should pursue this with a view to prosecuting those who do it. Copying the pictures of their researcher in her bikini is f***ed up to be honest, that guy at least should be out of a job by now
[Sam] 23rd July 2009, 12:43 Quote
Seems to me there's a problem with breaches of trust.

As an analogy - if you had your car at a garage for repairs and you'd left a private photo album in the unlocked glove box, would you expect the mechanic to look at your photos?

Although it isnt what you'd like to assume about people, if there's no safeguards on private information it'll probably get seen. As I've seen with friends and family, some people are willing to store many personal things on their computer with little or no knowledge of security.
Kamikaze-X 23rd July 2009, 12:50 Quote
i think what we need to keep in mind is that the PC tech snooping on people's photos isnt necessarily a bad thing in some cases- Gary Glitter was only caught out after taking his PC in for repair at a local PC World.
leexgx 23rd July 2009, 12:50 Quote
if you watched the tv report on sky news web site when 2-3 places disabled the laptop one even went as far as to use an Solder ion the ram it self
[Sam] 23rd July 2009, 12:55 Quote
Is it actaully illegal to copy a person's photos, regardless of what state of dress a person in the picture may be?

It may not be the most moral thing to do, but in this scenario, is it actually breaking a law? I suppose it depends on whatever terms and conditions the repair shop has in place (which I doubt anybody would read).
Cptn-Inafinus 23rd July 2009, 13:07 Quote
Quote:
Originally Posted by [Sam]
It may not be the most moral thing to do, but in this scenario, is it actually breaking a law? I suppose it depends on whatever terms and conditions the repair shop has in place (which I doubt anybody would read).

That's a good point, they may use some excuse along the lines of "safe-gaurding your data if anything goes wrong."

Regardless, this is absolutely ridiculous but not a bit surprising. I'm so glad my school has finally got the savvy to teach kids some really basic hardware based tech stuff early on. Its going to save them so much hassle in later life.
[Sam] 23rd July 2009, 13:31 Quote
Maybe it's symptomatic of a bigger problem that people often put their trust in things which they know little about. On one hand, a computer is a tool, on the other, a complex piece of machinery which has many physical and non-physical parts that can go wrong.

In my opinion, the ubiquity of computers (and devices such as mobile phones and PDAs) in people's every-day life coupled with the 'I dont want to know how it works, I just want it to work' mentality allows these kind of things to occur in the first place.
yakyb 23rd July 2009, 14:05 Quote
Quote:
£75 per hour

bloody hell thats how much they charge

my mates rates are £20 an hour + scans prices on hardware, and that does not include waiting around for an install to finish and if i cant fix it i won't charge them
logan'srun 23rd July 2009, 14:13 Quote
Quote:
Originally Posted by [Sam]
Maybe it's symptomatic snip

In my opinion, the ubiquity of computers. . . snips

+1 rep just for using symptomatic and ubiquity in the same post. Proof that the english lanuage exists beyond 3 syllable words and acronyms in the Internets. Especially in forums.
Aracos 23rd July 2009, 14:21 Quote
lol that doesn't surprise me about PC World at all but Revival computers was really quite shocking, going as far as to try and log in to someones bank account! Although yes people deserve to get their bank account robbed by STORING PASSWORDS ON YOUR COMPUTER! But I didn't think a repair guy would do that =\
ZoFreX 23rd July 2009, 14:21 Quote
Quote:
Originally Posted by yakyb
my mates rates are £20 an hour + scans prices on hardware, and that does not include waiting around for an install to finish and if i cant fix it i won't charge them
My rates are exactly the same, although for payment I have also accepted biscuits, cake, booze... and copies of their "private" folder ;)

I'm utterly unsurprised by the findings, to be honest. I've never had a good experience with one of these companies. I would like to set up my own just so there's one decent one around, but 1) I don't have any transport and 2) from what I've seen, independent ones always go under and get taken over by PC World and the like.

Solution: Turn to your geek friends! But offer them payment. I have a whole subset of my friends who only ever contact me for PC help, and don't offer any compensation, which I find extremely rude.
perplekks45 23rd July 2009, 14:21 Quote
I'm not shocked. We had people overcharging the CS department of my uni for services. And they REALLY should know better!
AshT 23rd July 2009, 14:35 Quote
The only solution to the private details security concern is to remove the HDD before sending PC to be repaired. Of course that doesn't help if its the HDD causing the faults, and the extra time it would take to setup an HDD with the correct drivers to enable the testing would be costly to the customer.

Would I trust anyone with any of my HDDs whether they contain private info or not?

Or to put it another way, would I give any of you on here the keys to my house?

Yeah riiiiight!
Abhorsen 23rd July 2009, 14:46 Quote
Quote:
Originally Posted by [Sam
]Seems to me there's a problem with breaches of trust.

As an analogy - if you had your car at a garage for repairs and you'd left a private photo album in the unlocked glove box, would you expect the mechanic to look at your photos?

Although it isnt what you'd like to assume about people, if there's no safeguards on private information it'll probably get seen. As I've seen with friends and family, some people are willing to store many personal things on their computer with little or no knowledge of security.


That would be different, if photo's were there in plain view then it is reasonable that they are to be viewed...

As would it be if a technician was required to transfer say "My Pictures" to a new HDD for a customer then it is reasonable to assume that photos would be viewed.

However for the purpose of a Ram test, what would be the need to search through files?

With regards to the comment of Kamikaze, Yes that is a case where it proved beneficial (Albeit not for GG!), but again it goes to the reason why the files were being viewed.
[Sam] 23rd July 2009, 14:52 Quote
Agreed Abhorsen. There would be no need to do it, and you'd hope there'd be some processes in place to deter things like that.

Also, my point was that the photos were in an unlocked glove box, not in plain view. You'd have to be actively looking for things to see them in there, but perhaps you'd do that in the normal course of your work on the car, and you wouldn't have to unlock (i.e. circumvent the security) to see them. Not that that means you can look at them, just that it could be reasonably assumed you'd come across them in the normal course of your work.
crazyceo 23rd July 2009, 15:09 Quote
The one shining light from this story was the "ONE" tech chap who actually called them back straight away to say the memory was just loose and to come and pick it up free of charge. You guys in the London area should find out who he was and get his name in lights.
eek 23rd July 2009, 15:36 Quote
I can't surprised I'm overly surprised. Luckily tech issues are one thing that most of us on here are likely to be able to fix ourselves!

Unfortunately such dishonesty is also going to be rife in other industries - electricians, mechanics, plumbers, etc. which will hit my wallet if it hasn't aleady. Luckily the issue of trust (personal data) is not such a big issue in these cases!
Zayfod 23rd July 2009, 16:16 Quote
Quote:
Originally Posted by [Sam]
Is it actually illegal to copy a person's photos, regardless of what state of dress a person in the picture may be?
<snip />
Yes absolutely illegal, both as a violation of the computer misuse act, and as infringement of copyright. For the purpose of diagnosing a computer fault even going into the documents directory puts them into extremely dodgy legal waters.
y2rock 23rd July 2009, 17:30 Quote
I can look at this from the other side as I am the manager of an indapendant comptuter store in south wales and repair on average 30 PC/Laptops a week.

The problems can range from hardware faults such as memory and motherboard on PC's or commonly LCD replacement on laptops, but the majority of the faults are software related and normally come from viruses that have been picked up when using p2p software like limewire.

As we are often requested to format and reinstall people's computers we are also then required to back up large amounts of the customers data. and 9 times out of 10 they want there personal photo's backed up. we never purposely look at personal pictures as this would be an invasion of privacy and common decency, occasionally we will have a machine running and the user has a personal picture as wallpaper or the screensaver starts to run a slideshow, as I don't wan't to see these or for other customers to see these I turn them off.

We only ever verify data by size of files before and after copying and by checking number of files in a folder, I have been requested by a customer to verify and print data contained in a folder but only done so after being asked.

The problem with these reports is they very rarely tell of any good results they get (I did see the one mentioned above) and this in turn makes the ones who try to do an honest job much more difficult. I only have to look at some of the other stores in my area and listen to what people tell me to know what goes on in some of these places. For instance we will only supply genuine software and will only reinstall your windows OS if you have a genuine licence sticker on the PC/Laptop, I know of other retailers around here that wil put Microsoft Office 2007 on your PC for £30 cash and this is another place where people are regularly being ripped off.

I don't want to rant but feel that somebody has to stick up for the few decent people in this business who know what they are doing, we have ourselves twice had undercover customers from Trading Standards bring in there computers, once the CD rom wasn't working and it was caused by the molex power cable being removed, we didn't charge and the other was the ram being loose in a laptop again we didn't charge.

Guess not everyone can be honest and keep there eyes to themselves.
l3w1z 23rd July 2009, 17:37 Quote
When I was working as a technician the only thing we were required to make sure is ok are customer pictures. The only reason for this is anything that is deemed illegal (Such as Child Pornography, luckly didn't have any such incidents), if it was pirated software we felt it wasn't for us to deal with, but with stuff like child porn (Mainly due to what happened when a co-worker worked at PC world when head office didn't want to know: Same happened with Gary Glitter) was a different matter. The only time data was copied was if it was being backed up.
Xen0phobiak 23rd July 2009, 18:08 Quote
Their findings are shocking, but please don't tar the whole industry with the same brush. The company I work for takes pride in its work & customer relations, if anyone was suspected of doing anything that happened in the article there'd be serious words. If anyone was proven to have done it they'd have their stuff taken out to them in the car park at the very least.

I fix PC's 8 hours a day, 5 days a week. I tell faults how I see them, and explain how I got to my conclusion. I never root through customers data, other than to check filenames if the customer has asked for something specific to be backed up. The content of the files has never been any of my business.
perplekks45 23rd July 2009, 18:56 Quote
People who have to get their computers checked are screwed over all the time, it's not even funny.

@ y2rock: There are rules about signatures here. Seeing when you signed up you should know them. :p
y2rock 23rd July 2009, 19:16 Quote
@ perplekks45: sorry, it's been a while and I know I said a lot, but it needed to be said.

@ Xen0phobiak that is exacty the point I was trying to make only in a nutshell instead of an essay, I would never dream of doing what these people are shown doing as It's not required for me to carry out my diagnostics and is just snooping.

As for peoples comments about fixing there own pc's or getting forum members to do so. not everyone is lucky enough to know people with the required knowledge, unforunatly some people exploit this.
RichCreedy 23rd July 2009, 21:30 Quote
as a business charging a reasonable fee is fair enough, i do work for a local retail outlet, and have been told i don't charge enough.
i try to keep my rates low, so that the customer isn't ripped off, by the time, the outlet has added his percentage and vat.

there are other trades which charge more for their services( lawyers, plumbers, electricians). their isnt a guide as to what you should charge people for work being done. but clearly overcharging can be a problem, london based businesses probably charge more for repairs than anywhere else due to increased london overheads.

i charge £35 to repair a socket on a laptop, because of the time it takes to strip down a laptop, desolder the original socket (whats left of it), solder in a new socket, and put laptop back together again.

if i cant repair a laptop because its a mainboard fault, i charge £10 for the time taken to diagnose the fault. for any parts i have used(except power sockets, as i include them in the £35) i charge for what its cost me Inc postage & vat and add 10%.

i have seen firms charge £40+vat just to have a look at a laptop, before doing any repairs.

what that technician did is clearly wrong, copying data, as a backup would be justified, but many terms and conditions state that data loss is not the firms problem. that technician, copied the data for his own use - that is out of order.

he didnt need to check files as the fault was as simple as reseating the memory, had the fault been software based, ie the problem only happened when doing certain things, then maybe looking at the data is justified, but only in so far as to determin what is happening.

i always advise against storing anything that could be used to gain access to networks, passwords, bank accounts etc.

one of the techs i work with, has a nice big red LIMEWIRE stamp, he puts on forms, when a machine comes in with spyware/adware and limewire related problems
airchie 23rd July 2009, 22:49 Quote
I'm sure this isn't a new problem.
Back in the day, if you needed a new shoe on your horse, you'd go to the blacksmith, get your bread from the baker, meat from the butcher etc.
The only thing that stopped the bakers charging silly money for bread was competition surely?

Seems like we need some serious competition in the PC repair area... :D
ChEsTeH 24th July 2009, 00:26 Quote
I knew someone working for a large computer retail chain when Garry Glitters computer was taken to one of it`s branches for repair.

It was nearly covered up as well as the upper management and Head office knew it would partly result in a bad rep for the chain if it occured to people that the technical staff were snooping at things on computers that they should not be.

Luckly a manager in the branch took it upon himself to contact the police before a decision could be made - thus taking the dilemma out of head offices hands.

It`s no suprise that techies look at the files on laptops etc the amount of time my friend would get called into the tech dept with other members of staff to view the "interesting" things that were discovered on customers computers.
Dreaming 24th July 2009, 02:35 Quote
Isn't checking even just for child pornography still an invasion of privacy? Sure, it's illegal and noody condones it, but technicians have no legal remit to make the judgement on whether they can snoop or not. I'm sure they wouldn't dream of logging into someone's email account to make sure they're up to no good.

It's up to the police, who are there by appointment of the government, who represent the rest of us, to investigate people. They need a warrant to look on your computer. Just because you are having it fixed does not give a technician the right to look at anything regardless of how noble their cause.

I have a problem that is similar but different. I ride a motorbike, and I love it, but it failed it's MOT and trying to find an honest mechanic is like trying to finda needle in a haystack. I've been quoted between £300 and £800 for the work needed to sort it, whereas people in the know how have said it's a quick job to fix it and would only cost me a bit in parts (£150 perhaps), and some food for payment. Problem being of course for me is that people say this but then are always busy :p.

I don't really trust anyone in an industry with asymmetric information any more, there is too much temptation to screw the consumer over and so I have to rely on the enthusiasts to either fix it for me or to hook me up with an honest professional.
B3CK 24th July 2009, 07:04 Quote
I work at a small staff'd pc repair shop in DFW Texas, U.S.; and we have upgraded our shop storage twice in the last year to back up customers files. We see private pictures on the folder thumbnails, screensaver, and slideshow gadgets. I and my co-workers never go looking through them, due to part that if we had the time to do that, we have time to work on another machine or side project. I would fire one of my co-technicians if I found them looking through stuff like that. (I'm senior Tech and manager, like I said, small shop).
Our pricing is $20 per pc, and $30 per laptop for diagnostic. Basically, bring it in, you pay that. We comparison shop every competitor in town, twice monthly to check on repair sales. And we try to be the cheapest in town. Due to this pricing structure, we haven't slowed down very much in this economy, and now we have people being recommended to us from over 2 hours away drive time.
If it is something that takes us less than 15min of work to fix, ie. loose ram, and the customer doesn't want anything else checked, then we don't charge anything other than the initial diagnostic check.
As to storing or making a copy of personal files, if you came in with a virus or corrupted OS install, then the first thing we do is copy all your personal data to our server. Even before any other work. As this is usually being done via a boot cd, (hiren's boot cd, or UBCD), or by physically connecting the drive to one of our tech boxes for file transfer, we don't get a chance to look through it.
The bigger chain type pc repair shops in our area are sometimes our new customers first choice, and we can tell, as their chain customer id stickers are still on them. I don't blame them, but alot of their technicians are either too in-experienced, or are just have paper certificates and don't know what their doing. The owner of my company has a hole-in-the-wall shop, but my fellow technicians and I really know what to do when the chips are down. As to being almost the cheapest in town, we do struggle with trying to repair software issues vs. a new install, as time is money, and no one likes to format a machine if they don't have to.
Pricester 24th July 2009, 09:25 Quote
Quote:
Originally Posted by [Sam]
Agreed Abhorsen. There would be no need to do it, and you'd hope there'd be some processes in place to deter things like that.

Also, my point was that the photos were in an unlocked glove box, not in plain view. You'd have to be actively looking for things to see them in there, but perhaps you'd do that in the normal course of your work on the car, and you wouldn't have to unlock (i.e. circumvent the security) to see them. Not that that means you can look at them, just that it could be reasonably assumed you'd come across them in the normal course of your work.

I think the full analogy goes something like this... you take your car into the garage because it won't start, and leave a photo album and your emergency credit card in the (unlocked) glove box.

While in the shop, the mechanic found the photo album, took it into the office and photocopied all the pictures for "private consumption", and then tried to use your credit card to do his shopping!

While it's probably no surprise that the mechanic might see the photos - might even call his mates over to take a look if they're particularly good - taking copies and trying to use the financial details is not what you'd expect!

I wouldn't leave personal stuff lying around in my car, and I'd try not to leave it on my PC if that ever needed a repair, but I seriously expect that if I did, the person doing the repair would be trustworthy enough not to steal from me or invade my privacy to that extent!
BLC 24th July 2009, 14:22 Quote
I also used to work as a technician for an independent computer store (also in South Wales, bizarrely enough! ;)) and saw loads of machines in for repair.

Our minimum charge used to be an hour's worth of labour, which was £15 +VAT, if I remember correctly. We later started charging for half an hour's labour if it was a really simple job - such as this would have been (I know those prices seem low, but this was a good few years ago now - I first started there around nine and a half years ago). If there was no fault with the machine at all, then we'd rarely charge labour - unless the customer was insistent and told us to re-examine it.

We'd usually always try and give a rough quote on how long a job would take when a machine is brought in; however if parts were needed or it was going to take longer than expected, then we'd always call the customer before continuing.

We had a bit of a rule of thumb when quoting repair times, which was: if you're not sure, then over-estimate but never overcharge. For example: I know that a particular job usually only takes an hour, but could take me anything up to two hours if I hit problems. I'd advise the customer at first point of contact that it could be up to two hours worth of labour. That way if I get the job done without any problems, I can call the customer and say "Fixed it, but it didn't take as long as I thought, so I'm only going to charge half of what I originally quoted". If the job did actually take two hours, then I've still delivered on time.

With regards to the privacy of data, then what was on the customer's machine was none of your business - the only time that data had to be accessed was when it was backed up or transferred to a new system. I would usually put the hard drive in a workshop terminal and back it up to a server; once the data was transferred to the new machine or backup media to be given to the customer, the data was securely wiped - if you don't need to go poking about somewhere to do your job, then leave it the hell alone. Pirate/illegal software was not our concern; the only policy we had on pirate software was regarding re-installing software or OS's. If we were asked to do a re-install of software (including the OS) then we would ask for all original license keys/certificates and install media. The only exception to this was Windows; we preferred using the original disc, but we only required the original license sticker to be present or to be supplied with the original license certificate (this was way back in the days when Win98 was the norm, and the OEM stickers were not common :)).
Madness_3d 24th July 2009, 16:22 Quote
As far as looking through files is concerned, what if on general inspection it becomes apparent that there is child pornography on the computer, what is the greater evil?

Anyway, in shops you also have to remember that you are paying over the standard price for the expertise of the staff. So it is to be expected that the costs could be substantial, however, to overcharge and then lie to the customer is surely unacceptable. TO go through files seems to me not the worst thing in the world, but to attempt to steal personal details and use them is very serious. Having worked in a computer repair shop, i understand the relationship between a technician and a customer, alot of the time you can very easily baffle them with seemingly simple concepts which they have no idea about. I am proud to work in a shiop which has built up a substancial reputation and has a solid local customer base who trust and respect us.
sui_winbolo 25th July 2009, 02:21 Quote
It's happening in my small town of 2500 people. A computer store, called "Ghost Comptuers", is in the fraud game. Goes as far as even installing pirated copies of windows on the computers he works on. How do I know this? When I worked at the college people would come to us to repair their computer after having it "repaired" by Ghost Computers. We offered our services for free. Granted we didn't have the time to finish most computers in a day or two, a computer repair rarely took over a week and is a bargain for free.

He also charges people a lot of money. One lady I spoke with was charged $300 and took two weeks to do a simple backup of her data and a re installation of windows. Something that can be covered in two hours easy.

That's why I'm going to come in with my repair business and actually give my community some good service. :) I already do it on the side, mine as well make it legit and get some better income instead of just odd jobs.
Tulatin 25th July 2009, 21:58 Quote
Ah, I love shifty repair store stories. Thing is, if you want to dig through people's files, then you pull the hard drive first.

Other than that, data extraction is really just for backup porpuses only
Ryu_ookami 25th July 2009, 22:09 Quote
Quote:
Originally Posted by y2rock
As for peoples comments about fixing there own pc's or getting forum members to do so. not everyone is lucky enough to know people with the required knowledge, unforunatly some people exploit this.

The reply to this is simple, if they're not intelligent enough to know a Bit-tech forum member then they're not intelligent enough to own a PC.
GD00XX0 27th July 2009, 02:03 Quote
It'd be easier if it was just a new rule amongst the industry that only hard ware issues were dealt with by The supposed "experts" of retail shops. With software issues dealt with by the end user.

I'm not sure if there is a authentic agency that deals with Computer Retail and hands out licenses. Maybe the creation of one would add more beauracracy to the general state, but at least the end user would be safe-guarded against the shady geeks fapping over private data.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums