This is an unusual topic, but it touches upon so many of us that I had to ask: have you received one of those threatening emails that claim to have hacked your computer and/or camera and recorded you pleasing yourself? They then ask for a large amount of money paid in the form of Bitcoins, in exchange for a vague promise that they won’t share the videos with your friends (as they also claim to have access to your emails and contact lists).
If so, you’re hardly alone. And, if it’s any consolation, the chances of anyone having hacked into your computer are about the same as you winning the lottery, in which case go ahead and pay to make a hacker’s day.
The Good News
First of all, no, there is no compromising video. Personally, I’ve been receiving probably a dozen of these emails each week for the past couple of months. Having no camera connected to my computer (I use a desktop) and being unable to remember the last time I watched porn (as anyone with a 3-year-old will tell you, you barely have enough energy left at the end of the day to crawl into bed, let alone watch porn), I laughed it off right away.
Except, they had a password–a genuine password of mine, albeit an older one. Even though I was no longer using it, it still made me wonder: how did they come into its possession?
The MEGA Release
What happens in these cases is that someone has, indeed, hacked a computer. Just not yours. Both Dropbox and LinkedIn were hacked in 2012. As Gizmodo reports, the breach was first reported by Troy Hunt, the security researcher who runs the site Have I Been Pwned (HIBP), where you can check if your email has been compromised in a data breach.
In his blog, Hunt says a large file of 12,000 separate files and 87GB of data had been uploaded to MEGA, a popular cloud service. The data, which seems to be a couple of years old, was then posted to a popular hacking forum and appears to be an amalgamation of over 2,000 databases.
Websites storing passwords usually encrypt them. That way, even if someone breaks into their database, all they can see is a series of random characters where the passwords should be. The troubling thing with the MEGA release is it contains “dehashed” passwords, which means they have been decrypted, thus fully exposing the passwords (this is probably why the release contains older passwords: it probably took the hackers this long to decrypt them).
In simple terms, this means that your combination of email and password is out there. And it’s ridiculously easy for a miscreant to email you, using your password as “proof” they have hacked your computer.
Except, they haven’t. Even when they spoof your email address to “prove” that they are in control of your computer, this is just a smokescreen. What they have done is copy thousands of passwords and the corresponding email addresses from the breached emails. It’s then pretty easy to send each email address a copy of the same threatening email, throwing your password into the mix in order to throw you off.
What To Do
The first thing you can do is check Have I Been Pwned. If your email/password combination has been hacked, it will tell you which sites it was hacked on. And it’s not just the smaller websites that have been hacked. I found my Istomedia emails had been hacked on Adobe, Dropbox, Kickstarter, and LinkedIn! As for my Pearseus one, it was hacked from Bitly.
So, the second thing to do is, go and change it on all of these sites (if you haven’t already done so). Remember, this database was from 2012, so chances are you will have changed your password anyway. If not, now is a good time to do so.
Third, instead of using the same password everywhere, consider using a password manager. For the past few years, I have been using a password manager called LastPass to, well, manage my passwords. It works on a fremium model: basic services are free, premium ones are just $2/month. Even the basic service covers pretty much an average user needs, so I recommend it, as it makes life so much easier. It generates a hard-to-crack password every time you need one, then remembers it so you don’t have to: all you have to remember is the password to LastPass itself.
And, in case you’re wondering, Pwn is a slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival, used primarily in the Internet-based video game culture to taunt an opponent who has just been soundly defeated. So, just follow the 3 simple steps listed above and be safe!
The Story Reading Ape said:
Reblogged this on Chris The Story Reading Ape's Blog and commented:
Be aware of what happens when your device(s) have been hacked, how to check and what to do…
LikeLiked by 1 person
acflory said:
Great post, Nicholas. I’ve been receiving those emails too, and laughed them off as well. I did, however, go and change all my passwords, everywhere. I don’t use a password managed because, well, I’m paranoid. If the password manager gets hacked then ‘they’ will have all my passwords, not just some.
Anyway, I’ve also been receiving some disturbing reports from BitDefender. It says it’s dealt with ransomware encryption. I’m pleased that the whatever-it-was has been dealt with, but I worry that the hackers are becoming a bit more sophisticated.
LikeLiked by 3 people
Nicholas C. Rossis said:
I admire your ability to remember all those passwords 😀
LikeLiked by 1 person
acflory said:
I have cheats that make it possible. Not an ideal solution by any means. I’d love some form of universal ID that is controlled by the individual, and not by a govt, bank, or whatever. Maybe biometrics will finally do it. Or blockchain. Until then…-sigh-
LikeLiked by 1 person
Nicholas C. Rossis said:
I’m seriously considering getting one of those fingerprint gadgets that connect to your computer. I think it may be time for some market research 🙂
LikeLike
acflory said:
I believe the biometrics have come a long way. Please let me know what you think, and if you get one!
LikeLiked by 1 person
Nicholas C. Rossis said:
Sure thing 🙂
LikeLike
Charles Yallowitz said:
Thanks for the heads up.
LikeLiked by 1 person
Nicholas C. Rossis said:
Can’t hurt knowing these things 🙂
LikeLike
Hugh's Views and News said:
Thanks for the information, Nicholas. I checked, and my email address has been ‘Pwned’ (via Dropbox and Onliner Spambot). So, now I know why I’ve been receiving those emails (although they always go straight to my spam folder). Now it’s a case of deciding which password manager to use. I’ll check out Lastpass, but 1Password.com is recommended by ‘Have I Been Pwned,’ so I’ll check them out too.
Thanks again.
LikeLiked by 2 people
Nicholas C. Rossis said:
So glad I could help, Hugh 🙂
LikeLiked by 1 person
Priscilla Bettis said:
Thanks for explaining all that. Crooks suck.
LikeLiked by 2 people
Nicholas C. Rossis said:
They sure do 🙂
LikeLike
Writing your first novel-Some things you should know said:
Thanks for sharing. I am one of those people who used the same password for everything, but after my Amazon account was hacked, started changing them out.
LikeLiked by 1 person
Nicholas C. Rossis said:
Yikes! So sorry to hear that happened 😦
LikeLiked by 1 person
Val said:
Thanks for this. I’ve been getting these emails for a couple of months too. I laughed it off, knowing I haven’t been watching porn, but it is still infuriating to get them. I need to check where they got my details from.
LikeLiked by 2 people
Nicholas C. Rossis said:
It sounds crazy, but obviously enough people pay up to make it worthwhile to the scammers. Sigh…
LikeLike
Staci Troilo said:
Great info. Thanks.
LikeLiked by 1 person
Nicholas C. Rossis said:
I hope it’s totally unnecessary to you 🙂
LikeLiked by 1 person
Staci Troilo said:
Two of my email addresses were on there, but the issues were many passwords ago, so I think I’m okay.
LikeLiked by 1 person
Nicholas C. Rossis said:
You should be fine then 🙂
LikeLiked by 1 person
kimwrtr said:
Reblogged this on Kim's Musings.
LikeLiked by 1 person
colonialist said:
Another of these cases where one longs for an ap. that at the press of a button sends acid into the sender’s face.
LikeLiked by 2 people
Nicholas C. Rossis said:
Now, there’s a thought 😀
LikeLike
Marina Costa said:
I got in 2014 a Russian ransomware virus… cleaning all my computer (and the external hard drive which happened to be connected then 😦 ) I lost everything. My husband is still… remembering what he had lost from there…
LikeLiked by 1 person
Nicholas C. Rossis said:
Yikes! So sorry to hear that 😦
LikeLiked by 1 person
Pingback: Do you know if your accounts are secure? – Jean's Writing
Don Massenzio said:
Reblogged this on Author Don Massenzio and commented:
Have you been receiving emails telling you your computer has been hacked? I know I have. Check out this post from Nicholas Rossis’ blog on the topic and what you should do about it.
LikeLiked by 1 person
Deborah Jay said:
Wow, thanks for sharing this info, I’ve not had any such emails, but apparently I have been pwned on 5 different sites. I had no idea!
I like the sound of the password manager, so much better than remembering all those different passwords, or worse still, writing them down.
Off to investigate that now…
LikeLiked by 1 person
Nicholas C. Rossis said:
It’s so lucky that you haven’t received any scam emails but at least you now know what to do if you do 🙂
LikeLiked by 1 person
Deborah Jay said:
I think I shall now go and change all my passwords and then I won’t even need to think about it, thank you!
LikeLiked by 1 person
Lara/Trace said:
I just had my first hacking email a few days ago: threatening email that claims to have hacked my camera and recorded porn – I did send it to http://www.ic3.gov, just in case. I hate to think about the person behind it and corruption.
LikeLike
V.M.Sang said:
Thank you for the info, Nicholas. Incidentally, I Was going onto a bit.ly site the other day when my security software said it was a vulnerable site. (Bit.ly, that is)
LikeLiked by 1 person
Nicholas C. Rossis said:
Yikes! Incredible. I use bit.ly a lot!
LikeLike
Pingback: Author Inspiration and This Week’s Writing Links – Staci Troilo