How an email hacker ruined my life and then tried to sell it back to me
Rowenna Davis tells how her identity was held hostage by an email hacker who wanted £500 to let her back into her account – and explains how it felt worse than daylight robbery
Rowenna Davis. who was targeted by an email hacker who wanted money to restore her address book. Photograph: Andy Hall for the Observer
A hacker has been occupying my email account for the past week. And he or she may still be there. A disembodied intruder, this person has been stalking my inbox, replying to messages, signing off with my nickname and refusing to let me in. They have been going through my personal history and making judgments about my character. In the weirdest twist, the hacker even started writing to me. If it wasn't so unsettling, it could be the plot of a black postmodern comedy.
It started when my phone went crazy in the middle of a crucial meeting. Some 5,000 contacts received an email from my account saying that I'd been held up at gunpoint in Madrid. My internet-savvy friends sent texts to say I'd been hacked, while my elderly, migrant and more vulnerable friends wanted to know where to send the cash. According to the story, my mobile phone and credit cards had been taken and I was badly in need of money. There was a number to call to reach me at my hotel – presumably chargeable – and a Western Union account had been set up in my name to wire a transfer.
Suddenly you're hit with an organisational bombshell – drop what you're doing; freeze your bank account; answer anxious calls; lose crucial, last-minute messages; miss work deadlines; irritate bosses; reset all email-based passwords; forget to pay e-bills; irritate friends who think you're ignoring them. The realisation dawns that the email account is the nexus of the modern world. It's connected to just about every part of our daily life, and if something goes wrong, it spreads. But the biggest effect is psychological. On some level, your identity is being held hostage.
Out of sheer frustration, I fired off an email to my occupied address labelled "to those who hacked my account", laying out how I felt and asking for my contacts. Shockingly, I got an almost instantaneous reply. The hacker said they would return my address book for £500. It was unreal. There I was, sitting at my laptop, alone in my flat, receiving emails from someone claiming to be me. Whoever it was must have been sitting watching my account and responding in real time. Who else was this person replying to in the same way?
I wrote back straight away, saying that I didn't have those kind of finances and pointing out that I had no reason to believe the deal would be kept even if I did send the money. I couldn't help but end with a rhetorical: "Do you ever feel even slightly bad about what you are doing?"
Just for a minute, the hacker seemed anxious to prove that he or she had some sense of morality. According to this individual, it "didn't feel great" to be a hacker. They said they didn't have a choice. I immediately asked why. They said their life "wasn't as nice and sweet" as mine. In what I guess was supposed to be a gesture of magnanimity, this individual said that they would release my contacts for just £300, and even offered to send me 20 contacts upfront as a sign of "goodwill". You could tell this person thought they were being reasonable – they insisted that their actions weren't as bad as robbing people on the streets.
What I wanted to reply, but found difficult to articulate at the time, was that hacking can be worse than that. When someone holds you up in the street, you lose a set of isolated possessions and then get to walk away. But if someone colonises one of your chief platforms of interaction with the world, there's always a feeling of "what next?" They can read your most intimate emails and potentially pass them on. A simple search would allow them to find out not just my address, but also those of my friends and family – something that crossed my mind when I registered my case with the police.
Apparently some 3,000 people reported such scams last year, but too few of these are brought to justice. The police haven't even returned my call for a full report. When I did eventually get access to my account back through Gmail a week later, I found that the hacker had personally written to more than 30 people who had asked about my problems in Madrid. The intruder said I'd had a "terrible experience" and signed off with my nickname, "Row". The fact that someone could be so callous to people who cared about me – all in my name – left me furious.
I was lucky. The only reason I was able to regain access to my account was through chance – a friend of a friend works at Google. Until then, my hacker had given me better feedback than Gmail and Google, following my attempts to get in touch with them. The company that presents itself as the friendly face of the web doesn't have a single human being to talk to in these circumstances. The UK office just cut me off and, after a friend waited 20 minutes to ask the head US team if there was anything that could be done to help, they received a simple "nope".
When someone did bother to look into my problem, it only took five minutes to fix. The hacker had doubled the verification process on my password so I couldn't get in. Once Google disabled it from the inside, I was able to reset all my security checks without a problem.
Even now, I'm not sure it's over. In one last message, addressed from myself just two days ago, the hacker wrote: "I see you got the account back. Sorry for the trouble." I never replied, so I guess I'll never know what this individual's circumstances were. But I feel the need to understand them. Perhaps we believe that if we find reasons for things, we'll feel safer. Perhaps it's about restoring a bit more faith in human nature. Either way, my hacker seems to have disappeared back into the 21st-century ether. Although, of course, they could be reading this now.
Rowenna Davis is a freelance journalist
MY CONVERSATION WITH THE HACKER
Last Tuesday Rowenna Davis sent an email to her own email account to try to contact the hacker. Nine minutes later, he or she responded – with a demand for money…
From: Rowenna Davis
To: the hacker
Tuesday 11 October
8.33am
Subject: to those who hacked my account
Hi, I can't believe you would do this. The poorest, most vulnerable of my contacts are the most worried about me and most likely to send you money. The most educated people with resources know it's a scam. I also find it difficult to make ends meet, but without access to this account I can't work because all my contacts are stored in the account you have taken over. I am totally paralysed. If there is any way you can send me my address book, I would be willing to pay for it. It's horrible to be forwarded messages that have been sent in your own name. I honestly don't know how you justify this to yourself.
Rowenna
From: the hacker
To: Rowenna
8.42am
Can you send me 500 quid?
From: Rowenna Davis
To: the hacker
10.33am
Subject: Re: to those who hacked my account
1) I literally don't have 500 quid to give you. I can't make any more money until I have access to my account back — I work freelance and all my work contacts are being held by you.
2) How would I know if I gave you any money that you'd actually send me my contacts anyway?
3) Do you ever feel even slightly bad about what you're doing?
From: the hacker
To: Rowenna Davis
10.38am
Sure I don't feel great, but I don't seem to have a choice, its way better than robbing you on the streets, I give you my word, if you send me money, I will give you back access to you account with all your emails and contacts intact. If you can't send 500 quid at least 300 quid will do. Send money by western union to Rowenna Davis Madrid Spain Waiting
From: Rowenna Davis
To: the hacker
10.40am
Subject: Re: to those who hacked my account
Why don't you have a choice?
From: the hacker
To: Rowenna Davis
10.44am
You don't wanna the kinda life am living, you think its as nice and sweet as your life? But at least I don't have to rob on the streets
From: Rowenna Davis
To: the hacker
10.56am
Subject: Re: to those who hacked my account
I'm not making judgments about your life – you are making judgments about mine. If you read some of those emails you'll know it gets pretty shit at this end too. And even if my life was really happy, I don't see why that justifies you taking over my emails. But I wonder why you feel that you have no choice.
From: the hacker
To: Rowenna Davis
10.58am
Are you sending money?
From: Rowenna Davis
To: the hacker
11.17am
Subject: Re: to those who hacked my account
It's my turn not to have any choice. I don't have £300. I have asked some of my friends if they can help, but they think it's a stupid idea because you can't be trusted to return the details.
From: the hacker
To: Rowenna Davis
11.23am
I don't need your details for anything, to show some good will I could give you about 20 contacts, then when you send money, I give you the rest of it
From: the hacker
To: Rowenna Davis
Thursday 13 October 2011
11.04pm
Subject: I see you got back your account
Sorry for the trouble
Rowenna Davis
The Observer, Sunday 16 October 2011
© 2011 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Rowenna Davis tells how her identity was held hostage by an email hacker who wanted £500 to let her back into her account – and explains how it felt worse than daylight robbery
Rowenna Davis. who was targeted by an email hacker who wanted money to restore her address book. Photograph: Andy Hall for the Observer
A hacker has been occupying my email account for the past week. And he or she may still be there. A disembodied intruder, this person has been stalking my inbox, replying to messages, signing off with my nickname and refusing to let me in. They have been going through my personal history and making judgments about my character. In the weirdest twist, the hacker even started writing to me. If it wasn't so unsettling, it could be the plot of a black postmodern comedy.
It started when my phone went crazy in the middle of a crucial meeting. Some 5,000 contacts received an email from my account saying that I'd been held up at gunpoint in Madrid. My internet-savvy friends sent texts to say I'd been hacked, while my elderly, migrant and more vulnerable friends wanted to know where to send the cash. According to the story, my mobile phone and credit cards had been taken and I was badly in need of money. There was a number to call to reach me at my hotel – presumably chargeable – and a Western Union account had been set up in my name to wire a transfer.
Suddenly you're hit with an organisational bombshell – drop what you're doing; freeze your bank account; answer anxious calls; lose crucial, last-minute messages; miss work deadlines; irritate bosses; reset all email-based passwords; forget to pay e-bills; irritate friends who think you're ignoring them. The realisation dawns that the email account is the nexus of the modern world. It's connected to just about every part of our daily life, and if something goes wrong, it spreads. But the biggest effect is psychological. On some level, your identity is being held hostage.
Out of sheer frustration, I fired off an email to my occupied address labelled "to those who hacked my account", laying out how I felt and asking for my contacts. Shockingly, I got an almost instantaneous reply. The hacker said they would return my address book for £500. It was unreal. There I was, sitting at my laptop, alone in my flat, receiving emails from someone claiming to be me. Whoever it was must have been sitting watching my account and responding in real time. Who else was this person replying to in the same way?
I wrote back straight away, saying that I didn't have those kind of finances and pointing out that I had no reason to believe the deal would be kept even if I did send the money. I couldn't help but end with a rhetorical: "Do you ever feel even slightly bad about what you are doing?"
Just for a minute, the hacker seemed anxious to prove that he or she had some sense of morality. According to this individual, it "didn't feel great" to be a hacker. They said they didn't have a choice. I immediately asked why. They said their life "wasn't as nice and sweet" as mine. In what I guess was supposed to be a gesture of magnanimity, this individual said that they would release my contacts for just £300, and even offered to send me 20 contacts upfront as a sign of "goodwill". You could tell this person thought they were being reasonable – they insisted that their actions weren't as bad as robbing people on the streets.
What I wanted to reply, but found difficult to articulate at the time, was that hacking can be worse than that. When someone holds you up in the street, you lose a set of isolated possessions and then get to walk away. But if someone colonises one of your chief platforms of interaction with the world, there's always a feeling of "what next?" They can read your most intimate emails and potentially pass them on. A simple search would allow them to find out not just my address, but also those of my friends and family – something that crossed my mind when I registered my case with the police.
Apparently some 3,000 people reported such scams last year, but too few of these are brought to justice. The police haven't even returned my call for a full report. When I did eventually get access to my account back through Gmail a week later, I found that the hacker had personally written to more than 30 people who had asked about my problems in Madrid. The intruder said I'd had a "terrible experience" and signed off with my nickname, "Row". The fact that someone could be so callous to people who cared about me – all in my name – left me furious.
I was lucky. The only reason I was able to regain access to my account was through chance – a friend of a friend works at Google. Until then, my hacker had given me better feedback than Gmail and Google, following my attempts to get in touch with them. The company that presents itself as the friendly face of the web doesn't have a single human being to talk to in these circumstances. The UK office just cut me off and, after a friend waited 20 minutes to ask the head US team if there was anything that could be done to help, they received a simple "nope".
When someone did bother to look into my problem, it only took five minutes to fix. The hacker had doubled the verification process on my password so I couldn't get in. Once Google disabled it from the inside, I was able to reset all my security checks without a problem.
Even now, I'm not sure it's over. In one last message, addressed from myself just two days ago, the hacker wrote: "I see you got the account back. Sorry for the trouble." I never replied, so I guess I'll never know what this individual's circumstances were. But I feel the need to understand them. Perhaps we believe that if we find reasons for things, we'll feel safer. Perhaps it's about restoring a bit more faith in human nature. Either way, my hacker seems to have disappeared back into the 21st-century ether. Although, of course, they could be reading this now.
Rowenna Davis is a freelance journalist
MY CONVERSATION WITH THE HACKER
Last Tuesday Rowenna Davis sent an email to her own email account to try to contact the hacker. Nine minutes later, he or she responded – with a demand for money…
From: Rowenna Davis
To: the hacker
Tuesday 11 October
8.33am
Subject: to those who hacked my account
Hi, I can't believe you would do this. The poorest, most vulnerable of my contacts are the most worried about me and most likely to send you money. The most educated people with resources know it's a scam. I also find it difficult to make ends meet, but without access to this account I can't work because all my contacts are stored in the account you have taken over. I am totally paralysed. If there is any way you can send me my address book, I would be willing to pay for it. It's horrible to be forwarded messages that have been sent in your own name. I honestly don't know how you justify this to yourself.
Rowenna
From: the hacker
To: Rowenna
8.42am
Can you send me 500 quid?
From: Rowenna Davis
To: the hacker
10.33am
Subject: Re: to those who hacked my account
1) I literally don't have 500 quid to give you. I can't make any more money until I have access to my account back — I work freelance and all my work contacts are being held by you.
2) How would I know if I gave you any money that you'd actually send me my contacts anyway?
3) Do you ever feel even slightly bad about what you're doing?
From: the hacker
To: Rowenna Davis
10.38am
Sure I don't feel great, but I don't seem to have a choice, its way better than robbing you on the streets, I give you my word, if you send me money, I will give you back access to you account with all your emails and contacts intact. If you can't send 500 quid at least 300 quid will do. Send money by western union to Rowenna Davis Madrid Spain Waiting
From: Rowenna Davis
To: the hacker
10.40am
Subject: Re: to those who hacked my account
Why don't you have a choice?
From: the hacker
To: Rowenna Davis
10.44am
You don't wanna the kinda life am living, you think its as nice and sweet as your life? But at least I don't have to rob on the streets
From: Rowenna Davis
To: the hacker
10.56am
Subject: Re: to those who hacked my account
I'm not making judgments about your life – you are making judgments about mine. If you read some of those emails you'll know it gets pretty shit at this end too. And even if my life was really happy, I don't see why that justifies you taking over my emails. But I wonder why you feel that you have no choice.
From: the hacker
To: Rowenna Davis
10.58am
Are you sending money?
From: Rowenna Davis
To: the hacker
11.17am
Subject: Re: to those who hacked my account
It's my turn not to have any choice. I don't have £300. I have asked some of my friends if they can help, but they think it's a stupid idea because you can't be trusted to return the details.
From: the hacker
To: Rowenna Davis
11.23am
I don't need your details for anything, to show some good will I could give you about 20 contacts, then when you send money, I give you the rest of it
From: the hacker
To: Rowenna Davis
Thursday 13 October 2011
11.04pm
Subject: I see you got back your account
Sorry for the trouble
Rowenna Davis
The Observer, Sunday 16 October 2011
© 2011 Guardian News and Media Limited or its affiliated companies. All rights reserved.
