The day I Spotted a hacker.
Last week I noticed I was being hacked on Facebook. It was quite a shock. I naively believed that if I changed my password enough and kept my account as secure as possible then it wouldn’t happen to me.
I use Facebook for my business but also to share pictures of my daughter who is only two. Her dad and I are not keen on sharing our little cherub elsewhere, so they remain firmly in my personal account for family and friends.
I discovered the violation when a post appeared in my name on a Facebook page that discusses local politics. It was done in a manner that screamed ‘look at me, in your account’. It wasn’t very subtle… A comment straight under one of my own.
I guess the urge to peacock became overwhelming.
I immediately accessed my Facebook log to see who was logged on as ‘me’ and found a disturbing history of log-ins from other operating systems and locations around Portsmouth. If you want to do the same, its under Security/Where you’re logged on.
I had my suspicions so I copied the Facebook log and sent it off to a web whizz.
The report returned to me indeed confirmed that someone had indeed been having a jolly old time in my Facebook account.
And here is Scott Chegg claiming he is not Paul Nelson on the same politics page. Right…(a hint – numerous profiles, one writing style).
I can’t say I am surprised about any of this, and this is where things go a bit deeper.
Last year I set up a petition relating to a local ‘community’ page called Spotted Portsmouth. The page had published an image of a woman whose underwear was on show as a result of her skirt ridding up. A prolific amount of abusive comments followed. The page also allowed comments that speculated on her identity and where her children went to school. The woman who was the subject of the photo did try several times to get the image removed, with no success.
The petition made our local news. I declined to comment at the time as I felt too many voices would detract from the severity of the issue. Instead Shonagh Dillon, CEO of Aurora New Dawn (AND), a local domestic violence charity, commented.
Like magic, a post attacking Shonagh and AND appeared on Spotted Portsmouth shortly thereafter.
‘MA Goldman’, a chap also with a very distinctive writing style, swiftly published a rather hasty missive on the little used Spotted Portsmouth blog.
Spotted claims it is run by team of people who merely post what they were sent in by members of the public. They deny creating content. But this doesn’t add up and they have never provided any evidence to back up their claim of a team of moderators.
Instead, there has been clear pattern of the page being used a personal platform for grievances and vendettas.
Other previous Spotted delights included ‘ XXX is the biggest cunt in Portsmouth. Discuss’.
Not long after the petition was set up, a friend of mine who had recently been featured in the NME discovered one morning that her feature picture had been doctored with the image of a pig and published on the Spotted Portsmouth page. She also happen to run a feminist group at the time, which had been discussing the page.
After the petition launched something interesting happened: I started to receive messages of support from people wanting to share their experiences of being bullied or harassed either by the page or the person behind it.
Messages telling me that the page had falsely tried to accuse a man of paedophilia. That businesses had been targeted. Personal testimonies from the people of Portsmouth.
In hindsight I should have probably started checking my activity log then.
Amazingly, even a current Portsmouth City councillor even got in touch to share their info, keen to name the person behind the account and share a link to their conviction.
Moving back to the current issue. With a security buff at hand I figured now would be a good time to see if there was any connection to my hacker, the above profiles – and Spotted Portsmouth.
Have you guessed the answer yet?
‘The IP that was used to access your profile, and the one associated with those profiles, is also associated with Spotted Portsmouth. He looks to use deflectors by either using a Trusted Proxy, or VPN (Virtual Private Network) – these show a different IP address to the rest of the world, thus showcasing a different location, hiding web history, avoids leaving a digital footprint etc. I’d guess he’ll be using a VPN, probably Hide My Ass as that is the easiest system to use for an amateur…’
The answer was ‘yes’.
In a nutshell, you can hide all you want, but you still leave a footprint for those who are looking for them.
Spotted Portsmouth have always strenuously denied any links to Paul Nelson. Tellingly, and comments linking him to the contents of SP have been instantly deleted.
Now lets add a little cherry to the cake.
Take a look at the caption to this photo.
And so we come full circle.
What I am surprised about is how little recourse there is to stop this happening, and I have a very strong feeling that I am not the only person that has been targeted.
Yesterday I called the Police to report the breach. After taking sometime to figure out if it was a crime, they told me all they could do was advise that I tighten my security settings.
And this is why I have published this blog. We have a man convicted by a court of harassment (via Facebook amongst other things), involved in a sizable ‘community page’, hacking my account and using countless other profiles. And he is free to continue, until someone else finds out they have been hacked. Even then, he is free to continue.
And Portsmouth is lumbered with a so called community page with a totally opaque moderation ‘team’ that is being conveniently used as personal soap box, and worse.
Does this sound right to you? And Facebook, how are you letting this happen? You are allowing people to build up and hide behind followings that are then used for nefarious purposes.
Has this happened in your town? I am curious to hear.
- « “Today, Matthew, I am the Sartorial Socialist”
- » Lessons Notes and Plans From a Post Brexit Hangover