I have written a bit about the hacking my wife, and I dealt with since October 2015, but I have left out most of the details because some of the issues are particularly sensitive. I’ve added some overall information in this article and discussed the latest hassle that I encountered.
I first noticed a presence on my laptop late October 2015. Someone was signed onto my computer using my login name and password. Someone besides me, I mean. At the time I knew little about computer security, and it freaked me out. A few weeks later, my wife’s computer was rendered inoperable. Her online backup had been shut off long enough that she could not retrieve her data and she did not shut off her online backup. It took her a year to re-key the data she lost, a year of extra work each week while she was already working long hours.
The next six months were not very fun, but I started to learn what was being done. I filed a report with the Georgia State Police, and they didn’t take it seriously. We moved to Florida, and the hacking continued. There were so many events I could write a book about them. One of the neatest, in retrospect, was when I installed Kaspersky on a fresh install of Windows 10 in December 2015. I accessed the internet then checked out the network monitoring feature. I noticed there were six devices connected to my router besides the computer I was using, which, as far as I knew was the only device connected. While I was writing down the IP addresses of each of the connected devices one of the icons changed, and 10 seconds later my firewall was shut off. I contacted the FBI but did not get a response. My wife has a law enforcement client involved in cyber security, so she called him. Soon afterward, I was interviewed by two agents. I described what had been happening and they told me that each technique I’d figured out was correct and that I was being hacked by someone (likely a group) who was well skilled.
Many more events were just as freaky for us. I learned a little from each of them, but I still lost loads of data in the first few months. The last bit I lost (400 gigs) wasn’t gone. It was encrypted, and I sure has heck was not going to pay $10,000 to get the key.
I was pissed back then, but I was also pretty much bummed out because I did not have the skills I needed to fight back. I still don’t, but I have been working on them, and apparently I need to work harder. I noticed last night that my network had blocked more than 200,000 connections each of the last four weeks, so it appears I am still under attack.
I thought the social media attack in December would have been enough. I just let that one roll off me though it was embarrassing when I noted that nearly 10,000 people had reviewed disparaging post about my life circumstances on LinkedIn that had come from my account but that I had not written. Denying it then would have been as useful as the page 37 retraction newspapers make when they realize their front page story was incorrect. I was that I would get hosed. Specifically, I had been told to get off social media. I did not. I got hosed. End of story.
Working the skills
I have worked in project or people management for a long time so my first, though, six months into the problem, was to get an MBA with a cybersecurity focus while learning the IT skills on my own. I’m halfway through the MBA program, but I have been slacking on the ethical hacking end of things. I realized last night when someone suggested on Twitter that I fight back. I have the resources. I just need to devote the time.
Today I got some more incentive. A couple of weeks ago I started putting my retirement accounts in order. I moved the largest into low-risk securities temporarily because I expect the 8-year secular bull market I have benefitted from quite nicely to end soon. Whether I am right or wrong isn’t the issue. It is just part of the story. I planned to move one of the other accounts into a self-managed vehicle, but I ran into a problem.
For some reason, the account is in QDRO, qualified domestic relations order. Fidelity told me they would look into it and get back to me in a week. Last week they called and said it would take another week. I just got off the phone with them. They told me a company I worked for from 2003 to 2007 requested the QDRO last July and that I needed to provide proof to the company that my wife and I had ended our divorce proceedings.
The problem is, we have never entered into divorce proceedings. We celebrated our 15th year of being very happily married early last month. July 2016 is interesting timing, however. It is the month that we realized our identities had been stolen. How? Oh, checks totaling nearly 25,000 written on my wife’s business account, a debit card was taken out of another account in her name, and a few thousand charged on it, store accounts were opened, and more! Great fun. The QDRO thing is just icing on the cake.
I applied to the seven-week HackEd session that started this past January and only had to submit a script that I had figured out to get into the class, but I put it off. I did not want to hang out in a hotel room in DC for seven weeks. I have been vacillating about whether to get my Ethical Hacker certification in June or put that off until later in the year. Why? Complacency, complacency, and more complacency.
Today’s discussion with Fidelity provided the impetus I needed. 2016 was so painful I guess I wanted to just forget about it more than anything. I have also worried that breaking into the cybersecurity field will be difficult from someone with no experience outside of the two networks I manage in our home.
I will take what I can get and move into more complex duties when I have demonstrated that I have the skills and have proven that I can be trusted to keep other’s information secure. I have the intelligence and the drive to whatever it takes. Finding out 20 months after it all started that I have to jump through hoops to prove something is over that never even started has provided the impetus (kick in the butt) to get past the irrational fears I have that I will fail and Just Do It.
Hacked Again? No, I am pissed again.