Wednesday, November 25, 2015

Getting Hacked : Volume 1 : An Intro to Cyber Security



Just going to recount a personal experience however unpleasant it may have been.  It was still a learning experience, and may help some other readers out there.   I wish I could say I only got hacked that one time, but I can't.

In this, volume 1, I'll be talking about November 2014, that was the first time I noticed something major was going wrong.  There are a lot of ways to be hacked, and I supposed mine wasn't the worst of them, but it was still frustrating, and could have had much more negative effects.



So I'm checking out the computer one day, and go into Apple Mail, as I so often do, to check if there is anything new I should see.. hmm. mailer daemon, failed delivery.. weird.. ok times one dozen or so.. even weirder. I don't often send a dozen emails a day. Actually - basically never.  
So this is how I caught it. A simple email that said one of my previous messages failed to send. 
I opened up this email to see which one failed.  I wanted to see what was going horribly wrong, or who I had to rewrite a message to. Then I see, not only is it delivered to an email address I never heard of before, but the content is completely foreign.  A bunch of garbage text, filled with links to pharma and healthcare products. The addressee(s)? Alphabetical. Dozens of them.  
So first day my head is spinning trying to figure out what happened, after all, I've never experienced this, or heard first hand from anyone who had. 
Fast forward to next morning, and more mailer daemon failed messages are in my inbox, returned. 
This time I call my webmail / domain hosting service, and seemingly unsurprised, they said, "change your passwords, thats all we can do".

And thats the story. Not the worst situation, but a pain in the neck regardless.  What boggled me most was what sort of hackers are smart enough to get my info, yet stupid enough to be sending unsolicited 'garbage-y' looking emails to hundreds of email addresses for what I imagine is little to no returns. To this day, I still don't understand why that type of information would be spammed via email or what it could be hoping to accomplish.

The takeaway?
At that time, I realized that if they could access one password, they could access all of them, especially if they were more or less all the same password so it was easier to remember a password for the gazillion websites we use nowadays.
Even though I had a really unique password, - that Adobe Hack a few years ago told me so - it was time to diversify my security so to speak, and every site started to get its own unique strings for passwords.
But how to track that list of website logins and passwords? Well given the seeming lack of security on a computer, I didn't feel safe keeping them neatly organized on one document - no - this was a job for lined paper and a pen, the ultimate security with 'read-only' privileges for those able to access the paper within my physical office.

That's what I would call the first most basic step in protecting yourself. But as I'll describe next, it certainly won't be enough to feel protected.

fast forward to today, nearly a year later. 

I realized, again, that I've been hacked.  This time the consequences of which went unnoticed for actual months, and again, like the email hack, I don't know what purpose this hack has served.
This is why a blog post on cyber security seems relevant to me now more than ever. As I stated before,

I am as green to this as it gets, but its something everyone needs to at the very least be conscious of.  Now, with the variety of cyber-crime events you hear about, it's going to be increasingly harder, and increasingly more dangerous to remain ignorant to such a problem.

in the meantime, I'm working on a volume 2 to explain how I discovered this most recent 'hack' I've suffered.

Thanks for reading



C Gardiner Photography | Promote Your Page Too