September 22, 2013

My Excellent Hacking Adventure: Life Lessons Learned from an Identity Thief

Anyone who knows me understands that I tend to be a half-glass-empty kind of gal, or have been for quite a while. I have been slowly trying to change, especially since reading various stories about the new "science of the mind," and how, through various daily practices, we can reset our neural pathways to create mindsets that allow us to be more happy and optimistic.

Writing more than a year ago, I reflected on a US Army program that tries to build mental and emotional resilience in soldiers going into combat and other dangerous situations.  The idea behind this training is that soldiers who are more optimistic are more likely to survive injury, capture, torture and other adversity. That innate optimism gives them the faith, or whatever, that the awful moment or moments will pass and life will get better. One daily exercise assigned to these soldiers is to write gratitude lists. It forces the soldiers for just a few minutes to reflect on people, situations and moments that have made their lives just a little bit better. In an an article on the army's U.S. Army's website, it is said that this daily practice of "hunting the good stuff" can, over time, reset thinking, and it's something we can all do to build our sense of optimism. 

Actually, I didn't have to do too much hunting the good stuff when this situation arose over the past few days. My email account was hacked sometime late Thursday night, early Friday morning, and someone sent out emails to various people in my contact list, soliciting money. Yes, not a good situation, a disturbing one actually, but somehow that's not how I came to view it.

Here's how it started. This is the note that went out to friends, acquaintance and work colleagues and acquaintances: 

Thanks for getting back to me, I really did not want to disturb you with this but I had no one else to turn to. I'm in Toulouse, France to see my cousin who lives there. He's critically ill and needs family support. He was diagnosed with (Acute Lymphoblastic Leukemia) - a type of Blood Cancer in 2005 and had been undergoing treatment since. The chemotherapy treatment was going fine until last week when the doctor noticed that the disease has relapsed and the only way he can survive is by undergoing a BMT (Bone Marrow Transplantation). My sister whose marrow matched his has agreed to be the donor and he shall be undergoing the transplant soon at the Claudius Regaud Centre hospital Toulouse, France . The estimate for the transplant is $5,550 USD . I have already spent approx. $3,500 US towards his treatment. Since the amount is huge, I request you to lend out a helping hand and support me with a loan of $2,000 USD.

Since I don't know your financial status at the moment, any kind of help whatsoever will be deeply appreciated. Any amount will be accepted with gratitude and paid back after the surgery. Please let me know how much you can loan me so that I'll provide you with the details to get the money sent to me and I will pay back as soon as I return. I will check my email every 30 minutes for your reply.

It was signed by me, and asked that people respond to a faux Martha Ross email address. 

It looked like the mass emails started going out early Friday morning.  By 7 a.m., I had received my first alert from a friend, via a text. Then calls, emails, Facebook messages and other texts started coming in, including from friends from various parts of the country and from different eras of my life. I hadn't spoken to some of these people in years. All recognized the email plea as bogus, though their alerts came with words of concern. Most expressed sympathy for the fact that my email had been hacked--and that someone was trying to appropriate my identity. But a few also admitted they just wanted to make sure this wild story wasn't true, and I had to reassure them it wasn't.

As I went through the ATT help desk to get my password changed and account secured, I got caught up with some wonderful friends: I learned how my Northwestern friend James has a new house in Chicago and his daughter just started first year of college at University of North Carolina. Another friend, who goes by Jim not James, included in his Facebook message the news that he was leaving a one job and starting another that sounded very cool: as a communications director for a well-known Sonoma winery. 

A Las Lomas mom and I compared notes about our son's grades and teachers, while my sister said she had received a note from our uncle in Seattle, just wanting to make sure all was OK. I also heard from a UCSF professor I had just finished interviewing for a story, as well as the owner of my gym. 

 My Chicago friend James, always one for mischief, decided to have fun with the hacker and sent an email to the faux Martha Ross account, asking for more details on how to send money. He received this response:

Thanks so much for your concern and willingness to help. He shall be
undergoing the transplant soon at the Claudius Regaud Centre hospital
Toulouse, France ) What we need now to balance for the transplant is
$2,000 USD . i do not have direct access to make  transactions on my
bank account from here. Please i need your assistance. Please find a
Western Union outlet closer to you at any Post office,or Shopping
Malls to make the transfer, any kind of help whatsoever will be deeply
appreciated. What you can help with at the moment will be accepted
with gratitude and paid back after the surgery.
The hacker gave a return address in Toulouse, which turns out to be a Western Union office near the esteemed Institut Claudius Regaud (see Google map above), where "my cousin" was receiving his life-saving transplant from my sister.  

OK, neither of my sisters is in France. I saw my older sister yesterday afternoon at my son's JV football game. Oh, and she had received the bogus email, as had another football mom who came up to me and said, "Martha, I received the strangest email from you today!"

This sounds corny, but I realized that, even in my glass-half-empty moments, my life is still pretty full with some amazing friends, family and acquaintances. 

It took a hacker to remind me of this fact.  It also took this hacker's attempt scam to inspire me to go on a virtual tour of Toulouse France! It sounds like a nice city to visit! A part of me wishes I were there. 


 Feeling a strange sort of benevolence, I emailed the hacker a note last night, at the return Martha Ross email address he/she had given out to send money. Actually, I assumed my professional journalist persona, and told the hacker I was interested in learning more about his/her business of hacking. Primarily, I was interested in hearing my perpetrator's side of the story.

I wrote: 
"I'm guessing there is little I can expect from law enforcement in hunting you down and arresting you. You're probably in a different country.  Since, you're not likely to get anything out of my friends, and I'm not likely to see you get into trouble for this, I figured I might as well see if something else constructive can come out of this. And that could be seeing if there is a story I can do about phishing and hacking. What would make the story better would be if I could hear from someone who does this, and learn from that person not only how they do it but why."

I then posed such questions as: 

--"I wonder if you're living in really difficult circumstances that make you want to turn to scamming people. Are you?" 

--"Do you work on your own or with someone else? Are you being forced to do this?"

--"Have you ever been successful with one of these scams? How much can you earn a year doing this"

--"How old are you? Are you married? Have kids? 

--"What are your dreams for the future?"

Alas, soon after I sent out these interview questions, I realized I had already disabled the hacker's phony Martha Ross account, so I had likely cut off my connection to him or her. 

Darn, it would have been fun if someone had actually responded. 

2 comments:

Zalloq said...

Road trip to Toulouse!

Andre Gensburger said...

A great turn around. Well done.