Two weeks ago, the stage of the Latvian theater experienced a charming premiere “Where did the country go?” and almost the entire political elite was invited to artist-inspired reflections on the role of the state in our lives. Then and now.
Content will continue after the ad
Advertising
Andris Bulis was not lost, but to his credit he played his part in the premiere and subsequent performances, where the tickets were already sold out. However, the day of the premiere brought not only a new artistic experience to the Latvian theater stage. It also brought life experience to the World Wide Web stage. That evening, Andris Bulis disappeared from the social media platform “Instagram”.
Social networks – your accumulated capital
That’s all the drama! When Andris asked for advice, I also thought it was a little sad at first. But those many of us who use social platforms do not always imagine how it would feel when your personal information is no longer only yours, when your contacts and correspondence are not at your disposal, when your circle of followers built up over the years is no longer with you and the content you created smoked out While everything is good, the importance of security is difficult to feel and appreciate.
Not only security and privacy are important. Today, social network accounts have become a kind of capital and an indispensable work tool. For many, social networks are part of their daily work, they build a career, cultivate talent, and grow a business environment. In the past, in order for a small company to grow, you needed a car, to deliver goods, to print advertising. Today, a social account is an equivalent work tool, which, unfortunately, like a car, can also be stolen, sold, hacked.
A story worthy of a detective
Introduction
Andri had 27 thousand followers on “Instagram” and self-created content for ten years. But on the day of the premiere, it was gone. Andris had disappeared from “Instagram”. You can get acquainted with Andra’s thoughts on his account, but with his kind permission here a little more about what happened, which can help you protect yourself.
Probably, many of us, like Andris, have encountered offers to gain status, visibility, new followers on social networks. In this case, an offer was made to get the blue “Instagram” note as a verified and trusted account. Unfortunately, the villain was not a representative of “Instagram”, but only successfully pretended to be one. Without a professionally trained eye and suspicion of the obvious, it would be difficult for anyone to notice.
The first act
Posing as a representative of “Instagram”, the hacker, who later turned himself in, gained control of Andra’s account, as it was put into his hands allegedly “voluntarily” to start the blue slip verification process.
Andra’s account was not connected to two-step authentication, which is currently offered by all major digital platforms. It is important to set this function in your settings, it does not turn on automatically. But it allows you to double-check that the account owner has authorized access to their account from another device and another location. The first time an account usually asks you to identify yourself with an email or a username and password that only you should know, but it’s relatively easy for hackers to obtain. In the second step, you indicate some other form of communication – most often it is your phone number or e-mail, where a verification message arrives, whether it is really you trying to open your account. This is two-step authentication, and it’s not as complicated as it sounds. I really recommend it.
However, this is not a 100% solution, it is also possible to bypass such access. I tested it a year ago when the “fake offerer” on Instagram reached out to me. The second level check did not confuse him, on the contrary, he persistently tried to get the code from me. Our communication ended with that. You have to be vigilant about your capital, including in social networks.
The second act
Andra’s account is in the hands of a hacker. It is not possible to enter the account, and it is not possible to report anything to “Instagram” in a simplified way at first. A vicious circle has set in: to report a problem, “Instagram” requires you to authenticate through your account, which Andris cannot access.
The hacker’s business model was not to resell accounts and make money on the black market, but to extort money from the account owner. The hacker has access to the data and it is not difficult to reach the owner. Here is a short message on “WhatsApp” – and for a mere 500 euros, the hacker offers to buy back the account. Otherwise, he threatens to sell the account or delete it immediately.
I don’t know what I would do in Andra’s place. But thanks to Andris, who trusted, and thanks to the CERT colleagues who were ready to help with advice, even though it is not their daily task. By filling out the documents correctly and reporting the incident to the “Meta” company, it is possible to “freeze” the account. This means that for a certain period of time, no one can do anything with the account until the true owner is found.
The thriller runs its course. Thanks to Andra’s skills, a theatrical match with the hacker takes place in parallel, so that the account is not deleted during the period of time until the “Goal” is reached (and in practice it may take several days). It even manages to negotiate the ransom up to 400 euros.
The third act – resolution
The account is initially “frozen”, and in a relatively short time after data checks, Instagram returns the account to the owner. A hacker doesn’t sleep either. Noticing the development of the situation, the moment he loses control over the account, he hacks it again. He may have more data and approaches to guess the new password before the account’s registered email has been changed. The hacker deletes the content of the account in retaliation.
Again, a new communication with “Metu” is required and a procedure is required, asking to restore the content – in the hope that the web archive has preserved it. Another week, and the account with all its contents also returns to the hands of the owner.
Final moral
The modern age has created a new dimension of life – the digital one. The most valuable may vary. For someone it’s a social account, for another it’s financial tools, for another it’s business and digital customers, for another it’s data and analytics, and for someone it’s their family photos. But for everyone, digital resources have become an asset. And like everyone’s value, they are interesting to bad guys who will find a way to cash in on your digital capital.
What to do? To the extent possible, protect your digital resources and be vigilant. Each obstacle requires extra time and work for the hacker to get your “wealth”. Therefore, when faced with resistance, the hacker will choose an easier victim to reach. Two-step authentication is a good tool to make a hacker’s life difficult. I recommend it to politicians, influencers, and every user of digital services. Connect your social accounts, emails and other digital services with a second-step authentication mechanism.
On the other hand, it is worth paying attention to all the offers you receive on your phone or computer – advertisements or informative e-mails, messages and any other communication that you did not initiate yourself. Fake offers and messages are increasingly carefully crafted, so every little mistake, inaccuracy in the text or email author can point to a scam. Especially if the communication calls for action – sharing data, connecting to your account, providing information. It needs to be checked first. Ask a friend, a professional, or the sender himself. Your digital capital belongs to you.
The author has not seen the show, but has read its reviews.
