Sunday, May 25, 2014

Thoughts on Being Hacked

It’s just one of those things which you hardly think about until it happens to you. You know how to minimise the chances of it occurring but you couldn’t be bothered to take precautions; you think, “well if it really happens, I know what to do anyway. No sweat.” Then it happened to me.

A familiar episode of procrastination turned out to be something unexpected. I was just about to close my Facebook app on my phone when the corner of my eye caught something different. Why does that small square picture (i.e. my profile picture on the blue bar) have a different colour scheme? Thinking it was something to do with the app or my dinosaur of a phone, I decided to open my profile page – my jaw dropped. That cold stare of a skull, with its hollow eye socket, put me in a daze for a moment. What does this mean? How did my profile picture became this hideous thing? Thankfully, this stranger indicated what has happened in my cover picture; a guy wearing a hoodie (taken from Shutterstock may I add) and the words “You’ve Been Hacked.”

Scrolling down my timeline, I was really thankful that the hacker (henceforth H) had the courtesy to inform me, and all my connections on Facebook, what had happened. My timeline was littered with three pornographic pictures, including a really distasteful one involving zombies. What would everyone have thought had it not been for the cover picture? On hindsight, I hardly doubt that H was trying to be courteous, he (could be a she but I’ll make this assumption anyway) was mocking me and announcing his achievements.

At that moment, the carelessly thought out contingency plan whenever I dismiss the need for a complicated password could not be summoned. My mind went blank. I was at a complete loss as to what to do; obvious things like deleting all the pictures as the first step of damage control did not occur to me until 10 minutes later. Why would H choose me – a completely easy target by any standards? What satisfaction is there to be gotten from attacking the defenceless?

With these questions unanswered, more questions started to set in. How long has these things been there? It couldn’t be long or a whole army of people would tell me about it. Would they? What would people think? What if they don’t go to my profile page after seeing those pictures? And then, it started. “Oh wow you’ve been hacked real bad.” “Isaac, you better check your FB.”

After some commiserations with friends, acquaintances, and even teachers, I started to assess the damage done. Little did I know that I was soon locked out of my own Facebook account while trying to suspend it. H even went so far as to lock my email so that requesting a recovery password would be useless. I had to recover control of my email before I can do so for my Facebook account.

A few weeks later, I discovered that H even hacked into a blog that is an online portfolio of all my writings – one that prospective employers will see. My profile picture changed, the same pornographic pictures appeared, H even stretched his literary muscles and try to plant the F word strategically in my posts while trying to make sense – he failed. I must say that I’m flattered and sad at the same time about H’s visit to my blog. I’m flattered that he bothered to read my posts in detail and am sad that the only person who pay such attention to my writing is a bored geek who can’t be bothered about grammar or spelling.

As with any ordeal, this incident did shed some interesting insights about myself and the people around me. For one, I’m not a cool cucumber – I couldn’t think straight even though it’s a relatively minor incident of cyber vandalism. Secondly, I’m glad that the first reactions of my friends on Facebook were concern and surprise rather than being appalled – none of them thought that I would be the sort to post such pictures. Lastly, I think our law enforcement infrastructure needs to catch up with the times. I realised that when a friend asked if I reported this incident to the police. I did not do that because the police could not do much especially if H is based overseas. More importantly, there was no direct cybercrime unit that I could report to. By the time the coppers at my local police post redirect my report to a relevant unit, it would have been rather long since the incident occurred.

You may be surprised that I have not drawn up a “cyber security checklist” or some other nifty crime prevention message that we are bombarded with. If you could navigate your way to this article, you are probably technologically savvy enough to know the basic tips (which is what I know anyway) but like me, you’ll overlook it. So if it happens to you, know that it’s not the end of the world, take a deep breath, roll up your sleeves, and try to save your online presence.