I was hacked yesterday.
On the scale of hacks, it was simultaneously trivial but meant to intimidate. Or else hugely inept.
I am on some politically-oriented listservs. They are all Google Groups, hence one has to have a Google account to post to them and receive messages from them. I also have one political correspondent who was very communicative a while back, and so I also filtered his messages into a separate folder. Generally I’m not a fan of filtering (I prefer to get everything in my main mail account) but these were two exceptions where it made sense to put them in a separate place. He uses Gmail. I set up both folders under my Gmail account.
Both those email boxes were gone yesterday. That does not mean the contents were gone, that means the folders were deleted and the messages were gone too (I use IMAP, not POP).
I am highly confident (to use the old Drexel formulation) that I didn’t delete them by accident. First, Macs give you all sorts of warnings for actions like that. Second, I only occasionally access those folders, and you have to highlight those accounts to do something stupid to them. Third, the removal of one could conceivably be an accident, but two? Particularly since these are the only two that are focused solely on political activity (by contrast, my main email box has so much spam, both genuine spam and news-related spamming, that the noise to content ratio is very high).
Now in fact while it would have been nice to have the messages where they used to be, I do have a backup, but I’m not sure I’m going to bother to restore them. I’m also not upset about the intrusion, since the content of the messages was hardly anything conspiratorial or revealing (and as we know from Snowden, the people we really need to be afraid of, the government, has this all already). The other thing a hacker might have seen is some of the participants of these various listservs, but again, I don’t see much/any unique information there (as in someone could find out 90%+ of this externally, from the blog and my Twitter account).
Now I am sure some readers are saying… but but but! Your computer was hacked! Yes, that does seem to be what happened. These were local folders, not mailboxes on Gmail. Plus I got no Gmail suspicious log-in alerts (Google tells you if someone is trying to log into your account from another location) which means this was not a hack using (or cracking) my password.
Even if my laptop was hacked, I keep remarkably little useful information on it. I don’t keep a current contact list. I don’t keep financial records on it. I don’t do electronic banking. I don’t keep photos on it (well, I do have an astonishingly large number of past antidotes, plus screenshots of various charts that have gone into posts, and a very very few personal photos, pretty much all official headshots. So tons of noise and just about no signal there).
The more interesting question is therefore what this signifies. Deleting two folders both politically-related, is either very clumsy or intended to send a message. If the latter, even though I regularly harass banks, I doubt they’d be that interested. I don’t do much original reporting, as opposed to interpreting and sharpening public domain information. Banks are more concerned about what runs in the New York Times or the Washington Post or USA Today (or until recently, Rolling Stone). Blogs are ankle-biters at most and I doubt they see them as any threat. By contrast, I’ve been told our efforts have been helpful in at least for now stymieing the TransPacific Partnership, and we’ve also been consistent critics of Obamacare. My sense is the Democratic party feels vulnerable on the Obamacare front, with the Senate majority at risk in the midterm elections and the Republicans pounding on that topic (as confirmed by the frequency of the attacks in Democrat-favoring blogs on the MSM stories critical of Obamacare). So the odds favor this being someone who is not happy with our political writings of late. Note that the Project on Government Oversight, clearly a more influential group than NC, had a break-in that looked designed to intimidate rather than extract information. So this may be the fashion of the month in incursions.
Nevertheless, this sort of incursion is the cyber analogue of the sort of penny-ante predation the banks engage in routinely, like charging 3% for foreign exchange transactions. Yes, you can get a separate no-FX charge card, but if you are busy like me, and you actually do buy once in a while from foreign sites, it’s altogether too easy to forget to check to pay that weirdo card you hardly use and incur more in late fees than the 3% ripoff on your regular card. Or how about the $25 account charge if you balance drops below a certain level? I had that happen all of one day in one month last year and was royally pissed, and it was due to the order in which they credited charges versus deposits that day. Not worth fighting it.
Remember, if my aim was to end vulnerability, I can’t secure my communications by myself. I either have to encrypt (which requires two party cooperation) or at least get my most important correspondents on a more secure mail service. And I can’t participate in these very useful Google Groups. And if you’ve got a determined, well-connected intruder, we now know computers have backdoors at the Bios level. How does a mere mortal like me contend with that when even the hard-core techies seem flummoxed?