Getting Hacked

image

I’ve been a bit quiet this week as I have been very busy trying to prevent all of our accounts from being hacked. I mentioned last week that my husband’s e-mail was hacked. Well, the hacker learned some information through that e-mail account that enabled him to greatly complicate our lives. Fortunately, we’ve managed to stay one step ahead of him and protect our financial information (at least we think so, this may come back to bite us in the butt in a couple of months if/when the hacker sells our information). Our hacker has even taken to trying to extort confidential information about my husband’s company and threatening our family. I’m not sure if our hacker is just kind of lame or what, but he bragged a lot, publicly. This allowed me to figure out who he was. I really know a lot about him and his family, more than I should know about anyone that I am not directly related to. At first, it was so easy to track him down, I thought that surely I was wrong, but time and time again, we have had his identity verified.

Another interesting thing that I’ve learned is that no one seems to give a rat’s ass about the fact that I have tracked down a crook, which is probably why our hacker doesn’t feel the need to better conceal his identity (that, or he’s really stupid). We have not been this hacker’s first victims and we will not be his last. He also steals/sells credit card numbers, does/deals drugs, and so forth. I guess he is just too small time, but multiple reports to the police and FBI have been ignored (realizing that I have already done all the footwork and handed him to them on a silver platter). Calls and e-mails to the large companies involved in the hacking have resulted in nothing but frustration. Essentially the companies don’t seem to care, unless you know how the hacker hacked your account (meaning that you do their work for them). I really have found the lack of accountability of certain corporations to be incredible and the lack of any police presence in cyberspace is just scary. The whole incident has left me feeling incredibly vulnerable and both my husband and I have contemplated removing ourselves from cyberspace rather than risk dealing with this type of event ever again.

If my experience hasn’t convinced you that cyber crime is becoming more of a problem every day, take a look at these scary statistics from Wikipedia:

A survey of college students in 2010, supported by UK’s Association of Chief Police Officers, indicated a high level of interest in beginning hacking: “23% of ‘uni’ students have hacked into IT systems […] 32% thought hacking was ‘cool’ […] 28% considered it to be easy.”

I thought I would share a few things that I have learned from our experience.

  1. Understand that you are pretty much alone if your are attacked by a hacker or other cyber criminal. The cops won’t come help you anytime soon and software company tech support employees are infamous for their inability to help you (heck, face it, you’re lucky if they speak your native language in a comprehensible fashion). For all intents and purposes, calling tech support is generally a waste of your time. Sometimes tech support employees will even make matters worse. If you have to call to get your account closed, check up on the account. Don’t assume that because an tech support employee assured you that the account was closed, it was.
  2. Read up on cyber crime and keep abreast of the latest trends in regards to cyber security. Maybe even attend hacker conventions and join their forums (under assumed names with e-mail accounts created solely for the forums).
  3. Only get your e-mail accounts from companies that use a 2-step verification processes. Gmail and Facebook are the only ones that I know of that use this process at this point in time. I realize that Facebook is not really an e-mail account, but it is a similar means to communicate. (This option can found on Gmail by going to account settings/”accounts and import”/”change password recovery options” and on Facebook under account settings/security.)
  4. Make sure that you use the 2-step verification process! Yes, it’s a pain. It makes it difficult if you want to read e-mail or login into something on another computer or your phone, but that is the point. A hacker cannot hack these types of accounts, because they cannot be used on any computer, but your own without a specially generated password. A hacker cannot lock you out of your account, because he cannot change your e-mail contact information without a code from a text message sent to your phone or other e-mail account. (Realize that within two years of me writing this post, a 2-step verification process will probably be old hat for hackers, you will always have to keep one step a head of them).
  5. When using Facebook or Gmail online, view them using https only. (This can be found on Gmail under account settings/general and on Facebook under account settings/security.)
  6. If you or your kids engage in online gaming, have a special e-mail account just for gaming. Post as little personal information as possible on these accounts.
  7. Do not use credit cards or Paypal to pay for online gaming accounts. Buy pre-paid cards from local retailers and pay for your membership with those instead. Yes, it’s a pain, but if someone hacks your gaming account, they can run up all sorts of charges if your Paypal or credit card information is stored in your account.
  8. Be sure that your or your kid’s gamer tag is not part of your e-mail address (i.e. gamer tag is joesmith and e-mail is joesmith@hotmail.com)
  9. Make your passwords difficult to hack. Not only should you use capitals, numerals, and special characters, but try to make your passwords as long as possible. Longer passwords are harder to crack, because of the sheer number of permutations that exist compared to a shorter password. Never use your name as part of your password!
  10. Do not use your name for login names. This way, if someone hacks your e-mail account, he still has to work hard just to get your login information, much less your password.

Both my husband and I have opted to maintain our cyber presence, but we have learned a lot through this incident. We have gotten lax as we have gotten older and not kept up with technology like we used to. Hopefully this post will spare someone else from the nightmare that we have been going through this week.

Stay vigilant and let’s take the internet back from criminals!

Labels: This and That
Posted by Maureen Sklaroff