Tag: hackers

Hacked Off at Facebook

Well, it finally happened. After criticizing the worst effects of social media for over 10 years, I was finally hacked, locked out of my Facebook account, and (I assume) will be unable to restore any of the material or connections going back to 2007. I’m sharing the details in this post because what I now believe to be a phishing-style attack had the appearance of Meta erroneously booting me for failure to comply with community standards. And frankly, Meta is so useless from a support standpoint that it hardly matters.

Whether Facebook moderators are in error, or the account was targeted by a hacker, there is no clear process for the average user to remedy either issue—just a Kafka-designed carousel of unhelpful articles and FAQs. And of course, beyond Facebook’s garden wall, one finds more scammers with offers to “help” because if you recently fell prey to a hacker, you’re bleeding in shark-infested waters.

Hacker or Facebook Moderators?

I say the attack was phishing-like because the initial communication did not come through email. Those are common enough and usually easy to spot. The email with the slightly blurry logo and wrong URL that claims to be your bank or insurance company or some other party with a message, invoice, or payment for you is trying to get you to click a link and download malware. As I say, these are easy enough to recognize and delete. But in this case, the communication came from within the Meta/Facebook environment—and not just as a DM in the Chat app.

Initially, I received messages from “Meta Business” in the Meta Business section of the platform. These were directed to me as the administrator of the Illusion of More page and not to me personally. I was told that IOM had been reported for (get this!) a copyright violation. As I do not engage in copyright violations, I responded to say that an error had been made, believing that I was writing to Meta since I was clearly on the Meta Business page and not some bogus URL. Unsurprisingly, there was no response, and a few days later, I was told in the same thread that my business page had been disabled. But the IOM page was not disabled, and I did not know what to make of the messages, especially when communication with Meta is not an option.

A few days later, I received a message directed to me personally, again within the Facebook platform, stating that an attempted login had occurred from an unusual location. I took the recommendation to change my password, and I do not believe I clicked on anything outside the Facebook universe such that I might provide the new password to a hacker. Nevertheless, several hours later, my personal account was disabled, and the relevant email and phone number were newly associated with an account called “Meta Copyright Infringement.”

I created a new personal account and did a search for “Meta Copyright Infringement” as People and found that many accounts have suffered this same fate. Some appear to still have pages intact, while others are blank:

Attacks of this nature have been reported since at least the start of 2023, but the articles I found all describe phishing via email, which is usually the vector. But unless I was truly distracted, all communication I received was within the Meta environment, and if hackers are spoofing Meta from within Meta, this implies a new and sophisticated campaign to acquire login credentials.

As for the rationale of the hacker(s), it is hard to say. In my case, as a copyright advocate, I can be a target for an anti-copyright hacker who just wants to mess with me. But so far, nothing inappropriate seems to have appeared on Facebook in my name. In fact, that account appears to have been deleted altogether. On the other hand, this just happened, so we’ll see. In the meantime, I no longer have control of two business pages, including Illusion of More on Facebook, because I was the sole administrator.

As mentioned above, this apparent hack is barely distinguishable from Meta disabling my account for an alleged violation of community standards, and the company offers zero remedies to address either issue. I mean, yeah, there’s a Help Center, but it makes the average DMV look like a hotel concierge. Meta provides a “review form” for disabled accounts, but this “form” only asks the customer to input a name, email, and a copy of ID to prove identity. But, of course, if the email entered is associated with a disabled account, you get a message saying that the account doesn’t exist, which indicates a hack, so…

Follow the instructions for recovering an account you think was hacked, and Meta will help you identify the account associated with the email…

Assuming that’s what FB thinks my account is now, I reluctantly click This is My Account, and…

And you can guess where that link “here” leads. Yup. Right back onto the carousel playing the calliope from Hell mocking you for getting on the ride in the first place.

I don’t know. Maybe I missed a clue somewhere in the attack, but the most compelling detail here is that it looked a lot like communication from Meta and within Meta. In fact, if Meta were to contact me at some point and confirm that they did kick me off for an alleged copyright violation, I would not be very surprised—except that it would still be an error. But apparently, this is what support looks like for a platform hosting three-billion people:  when we can’t quite tell the difference between a cyber-attack and half-assed moderation insulated from its users by layers of bullshit.

It’s Guy Fawkes Day and Anonymous thinks that means something.

Forget that tomorrow is Election Day in the U.S. or that many of our fellow Americans are still digging out of the damage done by Hurricane Sandy. It’s Guy Fawkes Day, and the hacktivist group Anonymous wants to you focus on, well, them. At the risk of being targeted myself, I would be remiss if I failed to acknowledge the fact that, in honor of Guy Fawkes Day, Anonymous has already begun a series of what it claims will be massive hacking and Wikileaks-style data dumps as a global protest against the forces of censorship, corporate and government control, and the usual litany of conspiracy theorizing that is frankly too tedious to repeat. Having apparently begun activities in Australia with attacks on PayPal, Symantec, and the Australian government, the loosely knit group of hackers claims that this is the beginning of a campaign leading up to a December event they call Project Mayhem 2012. Promising to pick up where Wikileaks failed to deliver, Project Mayhem aims to effect a massive leak of secrets and whatever other data Anonymous deems worthy of exposure to rid the world of oppressive government and corporate-controlled forces. If this all sounds like self-aggrandizing, pseudo-revolutionary bluster from a bunch of basement-dwelling super trolls, it could well be; but the group’s hacking skills should not be underestimated, and neither should the message they send to a world gone more than a little conspiracy-crazy in the last decade. In fact, this CNN article about the level of paranoia is aptly timed.

Maybe it’s because I began grade school in the wake of Dr. King’s murder and can still remember the atmosphere of that time, but I find it impossible not to think of a modern-day activist railing against generalized, corporate oppression, hiding behind a mask, and lurking in the shadows of Web code as anything but a coward and a hypocrite. Sure there’s corruption in the world that ought to be exposed, and it frequently is exposed by individuals willing to sign their names to the work they do, whether it’s journalism, a protest song, a poem, a play, a movie, or any other form of speaking truth to power. But what are we to make of a group that will anonymously invade privacy and seek to silence speech in order to protect privacy and speech? The journalist or the artist who speaks out not only puts himself or herself out there for the record, but also gives the reader, listener, or viewer a choice to consider what’s being presented and to come to his own conclusions. But the hacker (like the terrorist or anarchist) presumes to make the moral decision for us, choosing the target he considers an enemy, taking justice into his own hands.

Anonymous may pose as cousins of the Black Panthers providing services to their communities and speaking out against very real threats to civil liberties, but they are more reminiscent of the spoiled white kids in the Weather Underground vainly making bombs in a Manhattan apartment. The truth is, of course, that Anonymous could as easily be a corporate-funded operation as anything else. How do we know, for instance, that they’re not a small team of programmers working for Google or some other Silicon Valley firm? Is this possibility any more farfetched than the conspiracies they themselves promote? Last I checked, Silicon Valley is full of money, mega-corporations, computer programmers, and anti-establishment libertarians. We see Anonymous attack media companies but have yet to see them assail the Web or consumer electronics industries for the millions they spend on lobbying or other forms of political influence. Why do those special interests get the Anonymous seal of approval? Most likely, Anonymous is not corporate-backed, but as we’re dabbling in conspiracy theory, it’s as reasonable an explanation as any other. No?

I may well be inviting a cyberattack on myself here; but if so, that would only prove the point that any private citizen should abhor this juvenile approach to political dissent. Among the promises of the digital age is that we ordinary folks can more easily speak up, lend our voices, our names, our creativity, and yes even our real faces to the cause of social justice worldwide. In short, the Web is already ours, and we don’t need Anonymous or anyone else to plant their flag in it and hand it to us. But of course, we live in volatile and difficult times as the CNN article points out — a trust-vacuum if you will, and where vacuums form extremists find purchase and seek to fill the void. Wherever there is disillusionment, distrust, and disappointment that wants progressive dialogue among sane people, some clown in one theatrical mask or another invariably shows up to set things on fire. In this context, Anonymous is lobbing digital molotov cocktails.