Last night, I saw evidence that my devices were hacked.
I’ve been an Internet user since 1988, a while before the web became popular (it wasn’t even invented until 1990). Back then, we had email of course, and some other services. Before the days of forums, Twitter or Facebook, the most popular way to chat in groups was Usenet, which hosted threaded “newsgroups” under a wide variety of classifications. The Internet was a more intelligent, better-informed place in those days, largely because one needed a fair degree of technical knowledge in order to play. Sure, there were conspiracy theories, but they were never anywhere near as dumb as those in circulation today.
Many of the theories of the day related to hacking and spying activity by the state. Given that the world’s most technically astute people were Internet users, many of these rumours could be treated seriously. One rumour went that an agency (I forget whether the CIA or NSA) had purchased four Crays (the world’s fastest computers at the time) to analyse all the world’s Internet traffic. Given that the traffic was tiny by today’s standards, and the Internet’s structure pretty simple, this was believable. The response on Usenet was for people to write “Kill the President” in their sig, in order to jam up the spies’ systems.
In hindsight, especially following the 2014 leaks by Edward Snowden, these rumours are very believable. I’ve always operated online on the following assumptions:
- Everything I write/send/receive is accessible by someone
- Everything I write/send/receive is being stored somewhere, forever
- If this all isn’t legal now, it’ll be legal one day
- In other words, every digital communication you’ve ever made might well be sitting in a database somewhere, and may come back to haunt you
So paranoia is justified. However: ignorant paranoia isn’t useful. Everybody is paranoid these days, about everything. This only helps state intrusion: uninformed scaremongering is worse than simple ignorance. But sadly, everyone has decided that they, or someone they know on Facebook, has exclusive access to the inner workings of the state. And so everyone is following false Messiahs and is hence confused-as-fuck. The David Ickes and Alex Joneses of this world aren’t waking people up: they’re simply distracting the masses from reality.
The UK Will Block Millions of Sites
Install a VPN
So anyway, last night I was pretty clearly being hacked by someone. I’ve suspected as much previously: it’s hardly an unusual occurrence these days. Most of these hacks aren’t targeted – people just click the wrong link or download the wrong software all the time. But aside from the standard paranoia, I’m a civil liberties campaigner who tries to make people aware of state censorship, and so I have a tiny reason for genuine paranoia. I don’t kid myself that I’m particularly important, but I’m certainly in the top couple of percent of likely targets, having managed repeatedly to personally annoy representatives of the censorship state.
Yesterday evening, multiple devices of mine did strange things simultaneously. These run different operating systems and connect via different networks. The only common thread is that I own them all. I’m technically literate and thus pretty well protected (though I know of some things I haven’t done, but should). I won’t reveal what happened, except for one particular oddity that worried me: following some weird occurrences on multiple devices, my (Android) phone’s time and date suddenly updated to incorrect values. This has never happened before, and nor should it ever. I flag it because it raises concerns as to why someone might want to do that.
I’m logging this publicly as insurance, just in case. Paranoia generally isn’t useful, and much of it is based on nonsense. I try to avoid it. But – as the old saying goes – just because you’re paranoid, it doesn’t mean they’re not out to get you.
How not to be hacked (or at least, make it harder)
Here are some basic things you should be doing to protect yourself. It won’t stop the most determined and skilled hackers and spies, but it will ensure you’re not a soft target.
- Ensure you’re using up-to-date software. Did you notice the recent WannaCry attack that hurt the NHS and various other organisations? They were hacked because they used a very old version of Windows. Update your operating systems and apps promptly. Note that this exploit was first discovered by the US intelligence services, who kept it secret for some time while (presumably) using it to spy on people.
- Use anti-virus software – goes without saying, right? And obviously, keep it up to date.
- Use a VPN – this hides all your Internet activity from nosey types like your ISP, hackers and the state. It will also get around blocks and filters, which are becoming increasingly commonplace. You can get started with a VPN here. But you can’t trust your VPN provider to keep your surfing private, so also…
- Get used to using the Tor browser – this hides your web surfing from everyone including your VPN provider. It’s slower than a regular browser, but far more secure. If you use Tor without a VPN, spies can see you’re doing so (but not what you’re doing): so use it in conjunction with your VPN. Tor is available on all platforms, and it’s free.
- Don’t click links in suspicious messages. Unless you expected the message, don’t click the link. This especially includes links from (hacked) friends. Does your friend normally send messages about cheap iPhones? No? Then don’t click.
- Make phone calls and send SMS messages as little as possible – these are logged by the state. Apps like WhatsApp are better, because they’re encrypted. Even better is Signal, which replaces your standard SMS app, and encrypts your communications if both ends of the conversation are using Signal. It’s free – install it now, and advise your friends to do the same.
There’s plenty more, but that’s a starting point. Be careful out there!