A Lesson Learned

This website was very recently hacked. At least it makes a change from international banks, government departments and national security weapons systems. I’m still struggling to comprehend why anyone would bother with my little corner of the interweb, I mean, there’s nothing of value to steal here. I could think of more productive and interesting places to hack.

No real damage was done. No nasty malware or spyware, destructive viruses or trojan horses. Nope. Just one blog post deleted and replaced with a message. Instead of my post on radiogram dial graphics, I now had:


Well! After a brief moment of mild panic, I quickly searched online for this white hat hacker and learned something new. My mysterious white hat hacker (who I shall refer to as WHH from now on) is not a dangerous lone maverick, out to wreak mild panic on unsuspecting freelance designers across the globe, but a collective term that has been adopted to describe a particular group of hackers. This nomenclature is directly lifted from the old movie westerns, where the good guys always wore white hats and the bad guys, well, you’ve probably worked it out now.

Wikipedia (the only only reference that can be used in these matters) describes these people as ‘ethical hackers’ – my favourite oxymoron of 2017 so far. So who are they? By day, they are hard working, mild mannered computer security experts, but by night are mysterious interweb ghosts, skulking around the back entrances to our websites, looking for vulnerable points of entry, so that they can gain access to your, well, whatever it is you have there. They even have logos! (no – don’t go looking for them – it will only encourage them!)

They don’t do anything with it though. They just leave you a message telling you that your security can be comprised by a professional hacker and that you ought to do something about it. Please update your security.

Whilst I am genuinely relieved that my WHH didn’t load me up with an apocalyptic virus or redirected my domain to a Thai ladyboy agency (or any other you may think of!), I was left with a weird feeling of having been mildly violated, like someone taking a sip of coffee from my cup, or reading my book over my shoulder. Nothing dramatic you understand, just a general unease that still continues.

Ethical hacking. Gaining unauthorised access in order to demonstrate how easy it is for a professional hacker to gain access. Please update your security. “Don’t thank me Ma’am, I’m just doing my job.” Really?

This would be considered ethical if I had contacted an online security specialist and booked someone to test out my security. This is a valuable service that should be supported and applauded. By its very nature, hacking is not ethical. Neither is smashing someones front door down to show them how easy it would be for a professional housebreaker to gain entry. Please update your security.

Now I’ve updated WordPress and added more security measures I feel like I ought to say thank you to my WHH but I don’t think I can. I didn’t ask for this, and I don’t think that the blog of a freelance graphic designer is high on the target list of the Black Hat hackers – I’m sure they have far better places to hack and can cause much more mayhem elsewhere to be bothered about me. I would not be at all surprised if I get hacked again – after all, professional hackers will always get through eventually. If multinational banks and governments can get hacked – and they are with alarming regularity – I doubt that there are any (affordable) domestic or commercial packages out there that will protect individuals any better.

This whole black hat/white hat thing is just a little bit pathetic. Like a lot of other things that have emerged from the internet, names are always adopted that are far more ‘sexy’ than the realities they represent; surfing, ripping and burning are only names for looking, extracting and writing after all. If you refer to yourself as a white hat hacker, this does not make you into a chisel jawed hero fighting on the side of the little guy. You are just a hacker and your motives are irrelevant, whichever colour hat you wish to identify with.

Has anyone else experienced this? Or worse? Feel free to share you experiences…

4 thoughts on “A Lesson Learned”

  1. How tedious for you: you have been pushed into doing something that was probably unnecessary and likely not particularly useful because somebody else is busy making themselves feel important.

    I hope you reported the incident to the WordPress people.

    1. Yes indeed, I have reported it but unfortunately with every step up in security that WordPress develops, there are always a bunch of nerds trying to break it… we just have to be vigilant and use the tools at our disposal…

  2. Bit weird eh? My natural recalcitrance means I’d probably respond along the lines of “I will if I want to.”

    Interesting point about whether there is “any (affordable) domestic or commercial packages out there that will protect individuals any better”. Does make me think about backing my blog up though, not because I’m concerned for the state of the nation without my poorly constructed ramblings, it’s just nice to remember stuff that I’ve written about and since forgotten.

    Your situation reminds me of this story from a while back which was equally puzzling: http://www.bbc.co.uk/news/uk-england-coventry-warwickshire-35400694

    1. Hi Daniel, it has really made me think about good intentions vs adverse reactions. I mean, if someone has genuinely done me a good turn then I ought to be grateful – that’s the way I was brought up – but I probably feel as disgruntled as I would have done my WHH been on ‘the other side’ and done some real damage. I was genuinely shocked about that police story – I was being ridiculous for effect, but it seems my ‘ridiculometer’ needs calibrating in light of this!
      Back up your ramblings – when you’ve invested so much time over the years it would be heartbreaking to have some computer nerd f*ck it all up just because they can…

Leave a Reply

Your email address will not be published. Required fields are marked *