Most hackers are stupid.   (I’ll probably be hacked for writing that.)   They like to demonstrate how clever they are by stealing passwords from the gullible, breaking websites with out-of-date software, and putting up truly idiotic messages on the web.   This is like proving your cleverness by grabbing the purses of little old ladies, stealing 1973 Volkswagens, and spray-painting your name on people’s houses.   Stupid.

And like a mindless virus, they are persistent.   Whenever one matures enough to realize that messing up websites isn’t really a meaningful way to spend one’s life, another crop of teenage boys figure out how to visit hacker discussion groups, and the process continues.

Even though it’s not my job, I often find myself helping out folks who have been hacked and are trying to pick up the pieces.   Today’s minor episode started with an email I received:

Dear Customer,

This is a notice that an invoice has been generated on 02/03/2009.

Your payment method is: 2CheckOut

Invoice #763
Amount Due: $19.94 USD
Due Date: 01/15/2009

Invoice Items

Personal – appact11.com (02/02/2009 – 02/14/2009) $4.99 USD
Domain Registration – appact11.com – 1 Year/s $14.95 USD
——————————————————
Sub Total: $19.94 USD
Credit: $0.00 USD
Total: $19.94 USD
——————————————————

You can login to your client area to view and pay the invoice at http://www.webhosting.com/billing/viewinvoice.php?id=763

Hosting Team

This is a “phishing” attempt.   The email is bogus, invented simply to get people to click on the link and then enter their login information.   I knew it was bogus by several indications:

1. I never registered any such website (“appact11.com”).   The hackers know I know this, but they hope that I will click on the link anyway to “clear up the misunderstanding.”
2. The email didn’t come from any company that I recognize, and is deliberately vague (“Hosting Team,” “Dear Customer”).
3. Despite how it appears, the link for the invoice actually went to an entirely different website.   I could tell this without clicking on the link simply by pointing my mouse at it but not clicking.

The link was actually to a website of an innocent fellow in Canada who does weddings, but the hackers obscured that by creating a secret web address on his site which looked like a standard login page.   If you fell for this one, you’d probably enter your web host login and you’d get an error message that said you did it wrong.   Since this is a fake, no combination of username/password would ever work.   Eventually you might get tired of it, or realize your mistake, but by then it would be too late.   The hackers would take the usernames and passwords you so generously entered and use them to hack your website, too.

The first guy who thought up this approach was clever, but the millions of followers who are doing it today are just copycats. It takes no special skills.

Being a good netizen, I wrote to the legitimate owner of the website and told him:

Sorry to be the bearer of bad news, but it appears that your website at www.namewithheld.com has been hacked.   I received this email today (along with thousands of other people probably):     …

… and then explained to him what “phishing” was, and told him what to do:

You need to have this cleaned off your site, then change all passwords related to your site.   If you don’t know how, you should get someone experienced to help you.

I was a little trepidatious about reaching out in this way.   A lot of people would assume I was the hacker.   Others might respond with requests that I fix the problem, thinking that I was a higher level of good Samaritan than I am. I could get an angry email, or get sucked into a long series of explanatory emails.   I wanted to help, but I didn’t have tons of time to spend on this.

Fortunately, this contact worked out well.   Within a couple of hours, he wrote back:

I have contacted my web host and indeed my site was hacked.   They have removed the contaminated files.   I have reported the matter to Toronto Police Services and have also contacted the Ontario   Provincial Police.

They informed that this type of activity is very common.   As it originates off shore there is little they can do about it.   I am personally quite upset and feel somewhat victimized.   I am very embarrassed that my site and reputation have been brought into disfavour.   I am not sure what else I can do or say.

Thank you for being so watchful.   I do appreciate it.

Why am I writing about this?   Because hacks happen.   Phishing attempts succeed.   I hate to see it happen to innocent people and friends of mine.   Anyone who uses the Internet needs to be at least a little educated about the hazards of it.   A little mis-step in cyberspace can translate to an empty bank account in the real world.   Take care, folks. It’s happening every hour of every day.