9 Comments

Getting Hacked.A #tru internet cops and robbers story.


An important bit of news. I’m not in Manilla. I haven’t been robbed. You don’t need to send me any money, all is well. I make this announcement because yesterday I had a bit of a surreal experience and got my accounts hacked. All of my e-mail contacts got sent the following message within 2 minutes of the villain gaining access to my e-mail account.

“Just hoping this email reaches you well, I’m sorry for this emergency and for not informing you about my urgent trip to Manila,Philippines but I just have to let you know my present predicament. Everything was fine until I was attacked on my way back to the hotel, I wasn’t hurt but I lost my money, bank cards, mobile phone and my bag in the course of this attack. I immediately contacted my bank in order to block my cards and also made a report at the nearest police station. I’ve been to the embassy and they are helping me with my documentation so i can fly out but I’m urgently in need of some money to pay for my hotel bills and my flight ticket home, will definitely REFUND as soon as back home .”

I made a few school boy errors that made hacking my accounts quite easy, but I wanted to share them with you to prevent the same thing happening to you. I was on Facebook at 2.00pm yesterday when a message popped up to say that I was logged out, and an e-mail on my yahoo account to say that I had requested a password change to my Facebook account. Before I could click the “not me” button the message disappeared and I was unable to log back in to Facebook because my password had changed. I went back to my e-mail and saw all the messages and contacts disappear.
I phoned my internet provider BT who responded quickly by taking control of my screen through remote log-in. Getting access in to my account they were able to identify that my default e-mail had been changed to billboorman@yahoo.com, and that all of my contacts, and anyone who had e-mailed me had been sent the e-mail, and anyone replying offering to help or questioning the message by e-mail had their reply going direct to the impostor. The message carried some credibility because it was sent from my account and in my e-mail template that others were familiar with. Because I was able to act immediately, this was blocked, the fake Yahoo default closed and they were able to pick up the IP address and location of the offending account. This detail was then forwarded to the police who responded whilst the “data robbery” was in progress, because the location was in London. I’m hoping they can make an arrest in this case, it’s just fortunate that I was live at the time.I await further news.
Whilst this was going on,I was getting a whole stream of tweets either telling me that my e-mail had been hacked or inquiring after my welfare.

I also got a host of calls to authenticate the story and offer help if it was genuine. As I travel quite a lot to different places and I was robbed in Miami, when Facebook friends did come to my rescue, I guess the story was possible. Thanks in particular to Andy Hyatt who was the first to call, and posted on my timeline to warn people who I was not robbed and not in Manilla. In fact I was at home in Earls Barton.
In true social media fashion, once the drama was over the banter followed, including one message from Ryan Leary who posted on Facebook that he had just sent me $20k to rescue me and when was he going to get it back!
I have to say that BT were excellent in responding so quickly and getting me back on track. They are now in the process of restoring all my contacts and e-mails back. As far as I can tell, no one was duped in to sending money, and the police have something to go on. The scum bag gained access by registering an account via Yahoo live messenger, fortunately they did not have time to get beyond Facebook and my Twitter log in uses a different password.
My lesson is to tighten up my security. I had a simple to work out password because it was my children’s names and if you look at any of my social places you can find them and figure it out. Hackers go through your profiles and try things like names, company names etc to guess passwords, and most of us use something familiar as a password to make it easy to remember, and if it’s easy to remember, it’s easy to guess. Better to have different passwords, and something random that includes numbers, and is not referenced anywhere else. Might be hard to remember, but hard to remember is hard to crack. Dates of birth are also vulnerable because they can be found on Facebook. Use something that is not listed anywhere else.
If you are the low life who tried to rob my friends and you’re reading this, I hope you get caught soon, you are leaving a trail, and I’d be glad to give evidence against you. Thanks everyone else for your messages and concern, it reminds me that although we may only be connected on-line, it’s a real community. Button down the hatches, get your security in good order and if you do get a message asking for help, check in another channel before reacting. Apologies to anyone who was inconvenienced by my little adventure. In the words of Vinnie Jones at the end of Lock,Stock and 2 Smoking Barrels, “It’s been emotional.”
Bill

If you are the one who hacked my accounts, this one is for you:

9 comments on “Getting Hacked.A #tru internet cops and robbers story.

  1. This was my contribution to the saga and you did write!

    “@WeszMadz
    Use the hacking opportunity @BillBoorman to write a blog article about the whole incident”

  2. This just reinforces my opinion that no good can ever come from having an account on Facebook.

  3. Can I have my money back now?

  4. When we all have so many online accounts, it’s vital to have unique passwords, and stick to a system to remember them. Never divulge your system. Failing that, use a service like http://LastPass.com .

    As we use Oauth so much these days to login to sites and authorise apps via Twitter, LinkedIn and Facebook, it is essential that each of these have distinct passwords. Never ever use the same passwords for your online banking.

  5. Ironically, #TruEurope – The European Recruiting Unconference on April 19th and 20th in Brussels will host a Track discussing Privacy, Data Protection, Identity Theft and Cyber Crime in relation to Social Media.

    Track Leader Dan Manolescu lives in Belgium and has been active for the European Commission and European Parliament on topics of Privacy, Data Protection and Cyber Crime.

    Dan is member of the International Association of Privacy Professionals (IAPP) and Dan’s E-Crime Expert Blog has been featured on the International Association of Privacy Professional’s (IAPP) website. As of August 2011, he has partnered with the International Multilateral Partnership Against Cyber Threats (IMPACT) joining ENISA, Symantec, Kaspersky, in fighting cybercrime and provide awareness.

    I guess there’s lessons for all of us here, so join us in Brussels: http://www.trueurope.eu/trueurope/trackleaders/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: