Ungoogling

by Michael Patrick O'Leary

This article appeared in Ceylon Today on Thursday May 18 2017.

According to this link

http://www.ceylontoday.lk/print20170401CT20170630.php?id=21262

“4142 readers have read this article !”

See also

Identity Crisis Part 1

Identity Crisis Part Two

Identity Crisis Part Three

Google Docs Phished

On May 3, I read the news that G-Mail accounts were being hacked by means of a malicious email containing what appeared to be a link to a Google Doc file. This leads to a legitimate Google.com page asking you to authorize “Google Docs” to access to your Gmail account. Christopher Boyd, malware intelligence analyst at Malwarebytes, said, “There’s a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it’s also been slinging its way across unrelated mailboxes – from orgs to schools / campuses,” Boyd thought it remiss of Google not to think of preventing non-Google people from calling their apps “Google Docs”.

Ransomware

On May 13, there was news that computers all over the world were being attacked by malware known as Ransomware. This is software that locks a computer and demands payment before allowing access again. Eleven out of fourteen NHS Trusts in Scotland were disrupted. Screenshots shared online purportedly from NHS staff, show a programme demanding $300 (£230) in Bitcoin that looks similar to ransomware known as WannaCryptor or WCry. The US government NSA (National Security Agency) is widely believed to have developed the hacking tool that was leaked online in April and used as a catalyst for the ransomware attack.

Not Lost in Limassol

These attacks make my own experience of hacking seem trivial but I suffered a great deal of inconvenience and embarrassment. As I reported in this column, one of my Sri Lankan editors messaged me on Facebook on 24 July 2016 to inform me that my G-Mail account had been hacked. I was soon receiving messages from friends and bank managers asking if I was OK. The hacker was sending messages to countless people in my G-Mail contacts list saying that he was me and was stranded in Limassol, Cyprus and in urgent need of funds. I soon discovered that he was doing the same from my other account.

My hacker used my G-Mail accounts to gather personal information about me from my correspondence. He managed to convince my lawyer (who has known me in real life for 13 years) that he was me because he could quote things about my business dealings with her. He also got hold of her phone number. He was also using a photocopy of my passport to convince people that he was me.

I tried to report to Google what had happened but was unsuccessful. My hacker changed the passwords of my accounts and effectively prevented me from using them. I could not use the normal authentication procedure because he replaced my phone number with one of his own. He then went on to hi-jack my Facebook account and proceeded to send begging messages to my Facebook friends. The last message I heard about was on September 26 2016.

Fishbird

I refrained from contacting the hacker directly but some of my friends chastised him and he sent threatening messages back to them. Using the name “Spitfire” he sent this message: “Maybe you should just mind your business because your email might be next.PS: tell your friend that this is what happens when he tries to recover the email i already hacked into. If he tries recovering it with any other email then he looses that one too!” I set up an e-mail account with mail.com and he immediately sent me a message: “Signing himself as “Fishbird” he wrote: “I am sorry for all the problems i have caused you this past few days. However, i want you to know the follwing (sic): I don’t know you nor have any particular personal motivation for taking over your mailbox other than looking for little money to survive on. I am willing to hand you all i have taken from you if you will help me with very little money to enable me settle my school bills. I know i have wronged you but please i need your help. I will let you know how to prevent future hacks as creating new emails is not the best line of action.”

I gave up trying to recover my accounts and put the matter behind me. I was moved to take it up again in February when I started receiving irate messages from a Sri Lankan who demanded that I return the 100,000 rupees that he had sent me when I was stranded in Limassol. I explained that I had never asked him for money and had never received any. I suggested that he report the matter to the police. He suggested that we discuss the matter on the telephone. When I said that did not intend to do that, the flood of e-mails suddenly ceased.

Belated Response from Google

I reported this latest development to CERT (Computer Emergency Readiness Team | Co-ordination Center) and they managed to get someone at Google to communicate with me directly. That was another frustrating experience, but, cutting a long story short, I was able to recover my G-Mail accounts. I replied to an e-mail sent by a real-life friend last July. After I had sent it, I realised that it looked as though it was sent by one Avraham Yitzchok Geisler – someone I had never heard of before. My contact at CERT warned me to check my settings as the hackers would have altered them to suit themselves.

On checking the settings for one account, I found that the default country was Nigeria and the signatures were Frank Barry, Atthulla Edirisinghe and Thanja Peiris. On checking the settings for my second G-Mail account I found the default country was Sri Lanka and the signatures were Avraham Yitzchok Geisler, Atthula Edirisinghe, Ray Guinan, and a couple of names in Hebrew, who appeared to be Nadiv and Adi Caspi who, according to Facebook, live in Tel Aviv. It looks to me that the original hacker was Atthula Ederesinghe who passed on my details to people in Israel and possibly Ireland. They have been using my accounts to send messages to people I have never heard of. Looking at my G-Mail accounts was a distasteful experience and I cannot bring myself to use them again. It feels like some rancid dosser has been sleeping in my sheets.

Repair

At the time of the hacking I was using a laptop at home because my desktop PC was being repaired. The technicians in the shop would have been able to access my G-Mail accounts without knowing my passwords because my browser remembered the passwords. My mobile phone number was stuck to the PC so they could contact me. I went to the shop and told them what had happened. They denied that they were at fault. I recently telephoned the owner to ask if he knew Atthula Edersinghe. He phoned me back to say that that it might be the name of a trainee he employed at one time. When I pursued the matter by e-mail he responded: “I felt very sorry and frustrated hearing this incident and I am strongly deny this was  not done by any of my technicians because we have good reputation in our area nearly 17 years of computer service and repairing. And also I advice  you to complain regarding this incident to the Sri Lanka police Cyber Criminal Section so they will be able to find from where your email hacked. And also I don’t know who is Attula Ederesinghe.”

Motive

I often wonder why people do this kind of hack. Only one person has claimed to have sent money to my hacker. Experts estimate that the ransomware hack, despite its large scale, could only have netted about $20,000 for the hackers. Is the motive sheer malice?

Google seems to have reached that point that Microsoft reached a long time ago. It wants to get involved in everything in the world but refuses to respond to the evil effects it itself allows or causes. It has reached a state of near monopoly power which enables it to alienate people who use its products. We are not seen as customers because we do not pay anything. We are a resource that can be treated with impunity. I am disengaging myself from Google starting with G-Mail.