My wife has just watched a big chunk of her life disappear: every e-mail or Gchat she ever sent or received since 2007.
This is how it began:
In a moment of dumbness, Caitlin clicked on the link: believe it or not, given the specific context of the missive it was actually plausible that it came from the person whose name was attached. Ever since then, everyone on Caitlin’s contact list has been getting the same message (some of us twice), this time signed “Caitlin”. And this is a savvy hack indeed: those suspicious enough to actually write back, asking if this was legit (the e-mail certainly lacked anything even close to the BUG’s narrative voice) received another e-mail in response, assuring them in the same fractured English that yes indeed, Caitlin was the actual author. At the same time the little fucker deletes your Gmail contact list; unless you have a photographic memory or an offsite record of your contacts, you lose the ability to send a mass warning to those on the hit list. The most you can do is wait until various perplexed and angry people write back, one by one, and reply to them in turn.
Clever, then, but obvious phishery; I Googled a bit and learned that those who get suckered by this scam find themselves on a faux-Google page that tries to trick them into entering their Gmail login credentials. I also discovered that this agent doesn’t limit itself to e-mails; it’s starting to infiltrate blogs and impersonate actual posts (although even less convincingly in that context).
Here’s the thing, though. While I’ve seen this fucker in action, and while I’ve found alerts at malware monitoring sites and on Google forums, I haven’t found a single reference to its ability to wipe out the entire contents of one’s Gmail account. And that does seem to be the kind of thing that would warrant some sort of mention.
Caitlin lost tens of thousands of cloud-borne e-mails. She never bothered to make local backups, trusting Google’s servers for such security— and while Google does apparently offer archiving services for paying customers, the most they do for us freeloaders is recommend that we keep local backups. (We will save for another time my rant about why you should never trust your data to the fucking cloud, and why certain authors who smugly proclaim “We are not going to retreat from the cloud” either have their heads up their asses or are taking kickbacks from Google. Does anyone think the Cylons would have been able to pull it off if everyone on the Twelve Colonies had been running Xp?)
Things have improved between this paragraph and the last. One of the BUG’s IT-savvy friends has come down to our booth (we’re drowning our sorrows at the Duke of Somerset) and discovered that her MacBook Air has, in fact, retained a scrambled and intermittent local backup of sorts. All is not lost, only some; and while the date-stamps on the remainder are totally fucked, the text of the surviving emails seems to be intact.
Still. That was a fortuitous happenstance on a local flash drive. The definitive archive in the cloud is just gone — and from what we can tell, the surviving local subset will get nuked the moment we connect with that cloud. Something up there is still lurking in Caitlin’s account, hungry for kibbles and bits; it’s the Ebola of computer viruses, so virulent that it’s bound to implode from its own lethality before it has a chance to conquer the world.
It’s conquered the BUG’s account, though. And the weird thing is, nobody else who’s reported this phish seems to have experienced anything remotely close to that level of lethality.
I know you people, as a statistical population if not as individual faces. A lot of you eat bytes for breakfast.