Those of us who use social media tools know that we will eventually have our accounts hacked/hijacked; I see examples of it on a nearly daily basis. That doesn’t mean we have to sink into despair and assume that resistance is futile, but it does mean that we need to take as many precautions as we can to avoid the account-hijackers and have solid backup and recovery plans in place, as I was reminded again a few times this week.
The wake-up call, for me, came when I checked my Twitter account one morning and discovered that spammy direct messages neither of us wrote were going out to many of my followers and a colleague’s followers. Because the hijacker spreading the virus that provided access to our accounts was more annoying than destructive, we were able to quickly re-establish control over our accounts by changing our passwords, but we both recognized that it could have been worse. Much worse. As was made heartachingly clear through compelling, thorough, and chilling descriptions (“How Apple and Amazon Security Flaws Led to My Epic Hacking” and “How I Resurrected My Digital Life After an Epic Hacking” ) by Wired senior writer Mat Honan about how hackers not only took over his accounts, but also came close to permanently destroying a variety of deeply and uniquely personal files and photographs.
It’s well worth comparing what happened to my colleague and to me with what happened to Honan since we can walk away with not only with extremely useful information but also with a big-picture view of where we need to be going in a world where a relatively small number of incredibly irresponsible people with an alarming lack of social empathy are taking us.
In the situation I faced, the hijacker caught me in a moment of weakness via a scam that has been floating around for at least a year. The tweet that caused the breech arrived at a moment when I had just been involved in a video promoting a lovely project; that tweet came from a close colleague, contained the question “What are you doing in this viddeoo?”, and included a link back to the alleged video. Wanting to be sure she was referring to the video I had helped produce, I clicked on the link, waited for the video to load, and when it didn’t load, sent her a message to confirm that she was referring to the video I had done. Only later did I realize that the reason the video didn’t load was that the act of clicking on the link opened my account to the hijacker/spammer.
Two reminders of what I should and normally would have done upon receiving a questionable message: wondered why a meticulous colleague would have so terribly misspelled the word “video,” and written to her before, not after, clicking on the link
Even better—and a practice a usually follow—would have been to have deleted the initial questionable note that allegedly was from her, contacted her to thank her for the comment (which would have triggered a response alerting both of us that her account had been hijacked and used to send that “viddeoo” message/virus to me); and done a quick online search that would have turned up information about the “viddeoo” scam.
Instead, I spent much of the next day thanking colleagues who cared enough to let me know that my account was generating similarly spammy messages about viddeoos, being grateful that they cared enough to alert me in case I hadn’t been aware of the problem, and rhetorically asking myself what it would take for me to be able once again to balance caution with paranoia in dealing with any message that was in the slightest way out of the ordinary and, therefore, potentially posed a threat to my social media presence.
Which takes us to Mat Honan’s story. As is clear to anyone who reads the Wired articles—and I would highly recommend them to everyone for reasons I’m about to make abundantly clear—Honan does us a tremendous favor by showing how, in the space of a few minutes, he went from being a highly visible and well-respected user of social media to someone whose online and personal life was devastatingly compromised. His iPhone, iPad, MacBook were wiped clean, meaning unique content he had not backed up appeared to be completely irrecoverable. Access to a variety of online resources (banking and file storage, among other things) was tremendously compromised. And, as he explains in a compelling follow-up video interview—also now high on my list of required resources in the digital age—he experienced the sort of emotional toll that an attack like this takes upon any of us.
And here’s where the story takes an even more deeply important turn: once he started openly discussing what had happened to him, one of the perpetrators of the digital attack—a nineteen year old male—contacted Honan and eventually quite openly answered a series of questions that not only established how he and at least one partner (who also contacted Honan) had managed to cause the writer so much grief, but made it abundantly clear how emotionally removed he was from the pain his actions caused. Which goes a long way in answering what had previously appeared to be a maddeningly baffling question for many of us: what are these people thinking? (Let’s let Honan provide that answer, via his articles, rather than trying to poorly capture the disturbing lack of social accountability and connectedness the story provides.)
As I look back on what my colleague and I (and many others) have experienced and think about the intentional harm hackers/hijackers cause, I’m haunted by the pain that clearly shows on Honan’s face in the video interview and the emotional impact the words in his article carry. It makes me think about a theme I consistently see in in tech, training, and educational circles—the need for digital literacy. And it makes me think that digital literacy is not just about knowing how to effectively use digital resources, but also how to responsibly use them. It shocks me that we might literally have to confront people with visceral displays like Honan’s to make them understand what their actions cause—which is what happened with Honan’s 19-year-old hacker once Honan explained the personal losses the hacker had caused. But then again, we all seem to have an incredible ability to at some level distance ourselves from the pain of others until confronted with first-hand experience of that pain, so it appears that our training-teaching-learning efforts needs to start early. Be reinforced regularly. And be vigilantly pursued if we want to limit the possibility of more hacker/hijackers unthinkingly hurting members of the greater extended community of which they—and we—are members.