Battling Customer Apathy

Mainstay

Mainstay

Well-Known Member
Reaction score
747
I was asked by a [lawyer] client who is in the process of purchasing a competitors law firm to come in and evaluate the equipment of the firm she is buying.

The site is managed / supported by my direct competitor.

I was 5 minutes in the door and getting a verbal overview of their operations (router, switches, computers, etc.).

I asked, "how are the systems running, in general?".

They pointed me to the 'server' and said that they can't use this system as they are constantly logged out... always returning to the login screen. They can use it if to access client files on the network, but if they sit at the station and try to use the computer it always logs them out.

Hmmm.... bad profile?

I ask if I can take a quick look at it... they say yes... I log in and pull up eventvwr and the very first entry is a disconnected user from RDP.

OK, when I logged in, I bumped off the remote user from console. Oops.

I turn to them and say, "sorry, didn't realize you had a remote worker logged into this computer."

They say, "we don't have anyone else working in the firm, and no-one has remote access."

YIKES!

I look up their IP address and it returns as originating in THE RUSSIAN FEDERATION.

Double YIKES!

The logs are FULL of RDP sessions spanning the last 4 years.

I ask if I can close this down, NOW... and the only concern they have is that I bill this portion of the evaluation to the current owner.

WTF?!

You have a law firm with client files (yes, admittedly from a small town from the back yard of beyond, but STILL) being accessed from outside the firm, the province, and the country and you don't bat a blinking eye?!

And these are lawyers! You'd think if there was someone who would catch the liability issue it would be them.

And yes, the router was fully configured to pass on 3389 to the server and there were no limitations on origin IP etc. The password to the system was laughable.

I started to try and incite some fire in them but let it go... I've been down this path too many times. Battling customer apathy is wasted effort.
 
That's unbelievable....:eek:

Do they realize what was actually happening? Some folks are so clueless to the techno-talk, that they don't get the severity of the situation.
 
I explained. Started to raise the rhetoric, saw the usual, "meh, whatever" response, and let it go.
 
frase said:
I would step away from that one If they are not listening.
Click to expand...

We are switching them to a completely new platform and the target system is being retired.

Not due to any sort of forward thinking, but because the previous owner wants "a computer" so I volunteered the compromised one. Get it gone!

ComputerRepairTech said:
No other backdoors were installed?
Click to expand...

I took a very casual look and didn't see anything.

I wasn't there to "fix", I was there to see what equipment was in place.

I can say that they didn't have any A/V protection :eek:

oldtech said:
You sure the Russian "Organisation" wasn't one of their customers?
Click to expand...

LOL, the whole operation is a front! There were doors in the lawyers office that were barred with armed guards... and there were a lot of drums of pseudoephedrine laying about... so maybe the rumors that this is just a meth lab are true ;)
 
My favorite was the business I used to have RIGHT NEXT to me (exec suite for self storage business) that would always pop in and ask me questions but never use my services. They were "satisfied" with the guy who would travel around to all their locations. Ok, fair enough. Fast forward three years later and after numerous dealings with them talking about how their dedicated T1 was always slow I told them I'd come look at for free. It was a slow summer day and at the very least I could get them off my back about an issue I was tired of hearing about. Logged into their server and immediately see activity from a remote VNC connection. Getting to the root of the issue was a Chinese porn site being run off of their server for the last three years. They even had a nice little side e-commerce site that was generating a lot of activity as well. All of this was from a security exploit from an old version of VNC server they had running. I ended up moving a year later but even after all that they never used my services. They still used the other guy.
 
The only way you can beat customer apathy is when the same thing happens to them several times and costs them a ton of money and effort each time and they finally get sick of it happening. Until they reach that point, it is all just a waste of time like you said.
 
I think the fact that they are being bought out has a lot to do with the apathy. That's a very common response in situations like that.
 
markverhyden said:
I think the fact that they are being bought out has a lot to do with the apathy. That's a very common response in situations like that.
Click to expand...

It was the new owner who was laissez-faire about the whole thing... Surely they would inherit the liabilities of the office when they complete the sale? Wouldn't they want details so that they can put in stipulations addressing this specific issue in their purchase agreement?

Wouldn't the old owner want details so that they can protect themselves after they sell? I have other retired lawyers that I maintain their OLD fleet of servers because they have some crazy 10 year AFTER CLIENT DEATH retention policy on files. And they are protecting themselves against litigation when they are old and have completely forgotten the case.

Anyways, a russian is using their file server as a back door for illicit (or at the minimum unauthorized) purposes, or is combing through client files and harvesting SINs and idenities... but yeah, who cares...

 
Mainstay said:
It was the new owner who was laissez-faire about the whole thing... Surely they would inherit the liabilities of the office when they complete the sale? Wouldn't they want details so that they can put in stipulations addressing this specific issue in their purchase agreement?

Wouldn't the old owner want details so that they can protect themselves after they sell? I have other retired lawyers that I maintain their OLD fleet of servers because they have some crazy 10 year AFTER CLIENT DEATH retention policy on files. And they are protecting themselves against litigation when they are old and have completely forgotten the case.

Anyways, a russian is using their file server as a back door for illicit (or at the minimum unauthorized) purposes, or is combing through client files and harvesting SINs and idenities... but yeah, who cares...
Click to expand...

Wow!!!! The new owner? I'd be very careful then. Make sure and have a signed contract, etc.
 
I once had a client, who wouldn't follow my advice to do backups. One day the hard drive on one of their laptops started to die, but I was able to recover all of the files they cared about, so, in spite of my increased admonitions... Still they would not backup.

I few weeks later a drive on another of their computers was failing, this time I was only able to recover their QuickBooks data files and a couple of photos. I explained that with a backup they would not have lost the rest of their data... Still they would not backup.

A week after that another drive in the operation failed, this time nothing was recoverable... Finally they started backing up.

You can lead a horse to water...
 
When I face this issue, (customer apathy) I explain to them that I am a professional with many years of experience. Then I tell them that my experience won't matter if they don't take my advice. Finally, I tell them that I cannot care any more than they allow me to. Most of them still won't listen but at least I let them know my position.

Andy
 
I also see a number of customers that don't seem too concerned about the stuff on their hard drive - until the drive crashes. Sometimes I can recover their stuff and sometimes I can't. Most of my customers are residential, so pictures and Emails seem to be the biggest items they are concerned with.
 
You must log in or register to reply here.

Similar threads

HCHTech
RDP over VPN into AzureAD-joined machine
Replies
10
Views
1K
Sky-Knight
Sky-Knight
C
How to identify this access point.
Replies
6
Views
492
xrobwx71
xrobwx71
HCHTech
Website access issues
Replies
11
Views
480
phaZed
phaZed
Choppie
Front Panel (WHY! In 2025 there still is no standard front panel header "plug" !!!!!!!! WHY!!!!!)
Replies
16
Views
628
HCHTech
HCHTech
Velvis
Moving a Google Chrome Profile from Mac to PC without a Google password
Replies
5
Views
432
timeshifter
timeshifter
Back
Top