How I got scammed, Rolled and Owned by a teenage hacker

It was a beautiful sunny morning in Sydney, Australia

I rolled over sleepily and checked the time on my phone, noticing a Gmail notification as I did so. The subject line said "New device login on your Snapchat account". Strange, because I hadn't used Snapchat in years. A second email came in as I was looking at the screen, "Email address successfully changed for your Snapchat account".

Then the anonymous iMessages started.

now your fucked

let me know when your ready to talk

Reaching over to the other side of the bed I grabbed my laptop.

Sure enough, the same notifications were right there. It was the start of what would soon be one of the worst days of my life.

The hacker broke into my old Snapchat account and began sending me anonymous iMessages with threats to leak some old topless photos of my girlfriend that he'd recovered from one of my accounts (that's right, Snapchat not only does not delete things like it says it does, but they can be actively accessed again in future).

When that didn't get a response from me, he started going through my contacts on Snapchat looking for family members, threatening to send the photos he'd found to her mother and 14yr old cousin.

I still did not reply, and 20 minutes later started receiving phone calls from the family confirming that he had made good on that threat. Not only of sending the photos to a minor, but also posing as my girlfriend and telling her cousin that I'd been in a car crash.

He went through every contact one by one trying to get my phone number, or any phone number, to help him hack further. I had so few contacts in Snapchat that none of it worked.

I went through every single account I could think of, changing passwords and email addresses, deleting data, removing phone numbers - all the while emailing Snapchat's nonexistent support team and asking them to suspend the hacked accounts.

After 16 hours of non-stop attacks on my accounts, I was finally able to get through to someone on the Ops team at Snapchat via a friend of a friend of a friend, and the accounts were suspended.

I never replied to a single message.

I already had 1Password, I used 2FA (or U2F) everywhere, unique passwords on every single service, hardware encryption, and about as many security best practices as you can think of — so how did all this happen to me?

The sim-swap problem

A sim-swap is when a hacker - usually a teenage boy - calls up your cellphone provider and says “my number is [your-phone-number], I’ve lost my sim card, can you send me a new one with the same number?” — and, extraordinarily, they do.

A few days later, the hacker in question can bypass all of your account security questions simply by triggering an account recovery via SMS.

You are then no longer in possession of your life.

How to secure your accounts

When I tell people this story, everyone is horrified, but nobody thinks it will happen to them. Nevertheless, the question always comes "what should I do?"

What's Next, how does the story end.

I have already rambled on for far too long and probably lost a few along the way, there is more to the story and if you want a part two let me know.

#gbenga-week5, #cryptoacademy, #australia.
Photo by Kevin Ku on Unsplash