Tuesday, October 02, 2012

When Your Online Life is Hacked

By Rowenna Davis

(NEW ZEALAND) In a technology-driven society, when an account gets hacked, you're suddenly hit with an organisational bombshell as the realisation dawns that the email account is the nexus of the modern world.
For the past week, a hacker has been occupying my email account. And he or she may still be there. A disembodied intruder, this person has been stalking my inbox, replying to messages, signing off with my nickname and refusing to let me in. He or she has been going through my personal history and making judgments about my character.

In the weirdest twist, the hacker even started writing to me. If it wasn't so unsettling, it could be the plot of a black postmodern comedy.

It started when my phone went crazy in the middle of a crucial meeting. Some 5000 contacts received an email from my account saying that I'd been held up at gunpoint in Madrid. My internet-savvy friends sent texts to say I'd been hacked, while my elderly, migrant and more vulnerable friends wanted to know where to send the cash. According to the story, my mobile phone and credit cards had been taken and I was badly in need of money. There was a number to call to reach me at my hotel - presumably chargeable - and a Western Union account had been set up in my name to wire a transfer.

Suddenly you're hit with an organisational bombshell: drop what you're doing; freeze your bank account, answer anxious calls, lose crucial messages; miss work deadlines, irritate bosses, reset all email-based passwords, forget to pay e-bills, irritate friends who think you're ignoring them. The realisation dawns that the email account is the nexus of the modern world. It's connected to just about every part of our daily life and, if something goes wrong, it spreads.

But the biggest effect is psychological. On some level, your identity is being held hostage.

Out of sheer frustration, I fired off an email to my occupied address labelled "to those who hacked my account", laying out how I felt and asking for my contacts. Shockingly, I got an almost instantaneous reply. The hacker said my address book would be returned for £500 ($989). It was unreal. Whoever it was must have been watching my account and responding. Who else was this person replying to in the same way?

I wrote back straight away, saying that I didn't have those kind of finances and pointing out that I had no reason to believe the deal would be kept even if I did send the money. I couldn't help but end with a rhetorical: "Do you ever feel even slightly bad about what you are doing?"

Just for a minute, the hacker seemed anxious to prove that he or she had any sense of morality. The reply: it "didn't feel great" to be a hacker, but they didn't have a choice. Why? They said their life "wasn't as nice and sweet" as mine. In what I guess was supposed to be a gesture of magnanimity, the hacker promised to release my contacts for just £300, and even offered to send me 20 contacts upfront as a sign of "goodwill".

I could tell this person thought this was being reasonable - that these actions weren't as bad as robbing people on the streets.

What I wanted to reply, but found difficult to articulate at the time, was that hacking can be worse than that. When someone holds you up in the street, you lose a set of isolated possessions and then get to walk away. But if someone colonises one of your chief platforms of interaction with the world, there's always a feeling of "what next?" They can read your most intimate emails and potentially pass them on. A simple search would allow them to find out not just my address, but also those of my friends and family.

Apparently around 3000 people reported such scams last year, but too few of these are brought to justice. When I did eventually get access to my account through Gmail a week later, I found that the hacker had written to more than 30 people who had asked about my problems in Madrid. The intruder said I'd had a "terrible experience" and signed off with my nickname, "Row". That someone could be so callous to people who cared about me - in my name - left me furious.

I was lucky. The only reason I was able to regain access to my account was through chance - a friend of a friend works at Google. Until then, my hacker had given me better feedback than Gmail and Google, following my attempts to get in touch with them. The company that presents itself as the friendly face of the web doesn't have a single human to talk to in these circumstances. The office just cut me off and, after a friend waited on hold for 20 minutes to ask if there was anything that could be done to help, the reply was a simple "nope".

When someone did bother to look into my problem, it took only five minutes to fix. The hacker had doubled the verification process on my password so I couldn't get in. Once Google disabled it from the inside, I was able to reset all my security checks without a problem.

Even now, I'm not sure it's over. In one last message, addressed from myself just two days ago, the hacker wrote: "I see you got the account back. Sorry for the trouble." I never replied, so I guess I'll never know what this individual's circumstances were. But I feel the need to understand them. Perhaps we believe that if we find reasons for things, we'll feel safer. Perhaps it's about restoring faith in human nature.

However, my hacker seems to have disappeared back into the ether. Of course, they could be reading this now.

Chatting with a hacker

Tuesday, 8.33am
From: Rowenna Davis
Hi, I can't believe you would do this. The poorest, most vulnerable of my contacts are the most worried about me and most likely to send you money. The most educated people with resources know it's a scam. I also find it difficult to make ends meet, but without access to this account I can't work because all my contacts are stored in the account you have taken over. I am totally paralysed. If there is any way you can send me my address book, I would be willing to pay for it. It's horrible to be forwarded messages that have been sent in your own name. I honestly don't know how you justify this to yourself.

From: the hacker

Can you send me 500 quid?


From: Rowenna Davis
1) I literally don't have 500 quid to give you. I can't make any more money until I have access to my account back - I work freelance and all my work contacts are being held by you. 2) How would I know if I gave you any money that you'd actually send me my contacts? 3) Do you ever feel even slightly bad about what you're doing?

From: the hacker

Sure I don't feel great, but I don't seem to have a choice, it's way better than robbing you on the streets. I give you my word, if you send me money, I will give you back access to you account with all your emails and contacts intact. If you can't send 500 quid at least 300 quid will do. Send money by Western Union to Rowenna Davis Madrid Spain. Waiting


From: Rowenna Davis

Why don't you have a choice?

From: the hacker

You don't wanna the kinda life I am living. You think it's as nice and sweet as your life? But at least I don't rob on the streets


From: Rowenna Davis
I'm not making judgments about your life - you are making judgments about mine. If you read some of those emails you'll know it gets pretty shit at this end too. And even if my life was really happy, I don't see why that justifies you taking over my emails. But I wonder why you feel that you have no choice.


From: the hacker
Are you sending money?


From: Rowenna Davis
I don't have £300. I have asked some of my friends if they can help, but they think it's a stupid idea because you can't be trusted to return the details.

From: the hacker

I don't need your details for anything, to show some good will I could give you about 20 contacts, then when you send money, I give you the rest of it.

Thursday, 11.04pm

From: the hacker

I see you got back your account. Sorry for the trouble.

original article found here

No comments: