Last week, several people called or emailed asking if I sent them a Facebook request to be “my friend.” My wife even got one! The answer was no, the request was bogus.

As soon as I found out what was happening, I forwarded the fake friend requests to my web mistress so she could quickly to take corrective action.

This is the second time that I’ve been hacked. The first time, someone from the People’s Republic of China went into my web site, planted some malicious software. It took my web mistress with some help from the site that hosts my site, almost a week to repair the damage. What the hackers got, or wanted to get or why still remains a mystery because there is absolutely nothing on my website or my Facebook page worth stealing.

The why of both attacks still bugs me. According to my web mistress, it happens every day.

Normally, I don’t spend much time looking at the charts on attempted penetrations of my web site that come in an email every week, but now I do. During one three day period, there were 146 separate attacks from different IP addresses. That 48.6/day!

The top countries from which the attacks originated, at least in this report, surprised me because I would have guessed that the PRC would have been number one. They’re actually number four on this hit parade behind Argentina, Brazil and of all places, Laos. Looking at the list, it’s a who’s who of countries big and small. Making the top ten are vacation hot spots such as Antigua and Barbados. Maybe hackers go to the islands to have a great time and while they’re there, take a few hours on the beach to hack away.

Egypt, Thailand, Spain also made the list and there was one surprise – Nepal. So, the hackers come from everywhere.

Again, I wonder what the hackers expect to gain? Money, credit cards, or bank account info? Not on my Facebook page or web site. Personal info? Nope, none there. My Facebook page has the bare minimum for this very reason.

Maybe to these folks, it’s a form of recreation. Most people work out, travel or play sports or video games, go out to dinner with friends or curl up on a comfy chair and read a good book.

Not these folks. They think its fun to try to get into someone’s web site or Facebook page and steal something or send out bogus emails. It’s low risk because unless they steal data from a large company or a government agency, law enforcement agencies don’t have the time, energy or resources to hunt these bastards down

So again, why? The CIO of a consulting firm for which I used to work had the best answer – because they can… Welcome to the new normal.

Marc Liebman

December 2018