Richard Morrison is a former Navy pilot, lawyer, rancher and now retired Episcopal priest. He is also the founder of one of Arizona’s leading public policy think tanks.
In January, he first noticed something strange about his Facebook account. It wasn’t long before he was locked out and his profile was flooded with crypto pitches, training certificates, and IDs. Sound familiar?
Morrison hired a private cybersecurity firm, which undertook a terrifying foray into the dark web that has kept me awake at night ever since he told me about it. The firm was able to trace the source of his hack to an acquaintance’s account, which had been taken over by malicious IP addresses in the Netherlands and Malaysia.
The privacy firm told him there was a 65% chance of recovering his account, “but the bad news is there are probably 300,000 people ahead of you in the queue.”
It still hasn’t happened. In fact, it took three months for his account to be deactivated, despite dozens of friends reporting it as hacked.
And he had no way of alerting his approximately 900 Facebook friends to the fraud.
“The biggest surprise for me in terms of the personal impact was how dependent I’ve become on (Facebook) Messenger for communication,” Morrison told me. “It was frustrating knowing I didn’t have their current contact. … it’s disappointing knowing I can’t communicate with my friends anymore, especially now that I’m getting older.”
Facebook’s sphinx-like silence was equally annoying.
“None of the people who tried to communicate directly (via Facebook) got a response,” he said.
“It’s very frustrating. I’m a lawyer and I’m wondering why this isn’t a bigger problem of consumer fraud,” he said before answering his own question.
“Prosecutors don’t have the time or the ability to gain jurisdiction over offenders (abroad), and they probably wouldn’t have the opportunity anyway, so they think, ‘Why should I try? I can’t justify spending time on it.'”
And there seems to be no public will to hold a company like Meta accountable. “Society seems to have accepted that we can no longer control the IT world,” Morrison said.
“We express our deep concern”
The idealist in me finds it hard to believe that law enforcement would simply not tolerate a crime that kills 300,000 people every day. So I contacted the office of California Attorney General Rob Bonta. I received a prompt response requesting a list of detailed questions, which I immediately sent off, noting that I was writing for publication.
I sent a follow-up email two days later, and again two days after that. A week after my initial request, I received an email saying that my request had been forwarded to the Public Records Department, even though I hadn’t requested any records, just data on how many complaints like mine they had received.
We know that Bonta has been aware of the issue since March 5 at the latest, when he sent out a press release with the headline “Attorney General Urges Meta to Take Immediate Action to Prevent Account Takeovers.”
It says Bonta and the attorneys general of 40 states wrote a letter to Meta expressing their “deep concern” about the increasing number of takeovers and Meta’s lack of response.
I am sure that the $1.3 trillion company’s attention was caught by the expression of deep concern and the call for immediate action.
The letter itself, addressed to Jennifer Newstead, Facebook’s general counsel at 1 Hacker Way, says the increase in hacked accounts is dramatic – 740% over last year in Vermont alone – and is putting a strain on law enforcement personnel and resources everywhere.
The letter highlights the “traumatizing” impact and “risk of financial harm” to consumers, citing half a dozen examples from victims in their own words.
It also points out that the increase in hacking attacks is roughly equivalent to the layoff of 11,000 Meta employees from the company’s “security, privacy and integrity sector” in November 2022.
I reached out to Newstead for comment via LinkedIn, but she did not respond.
Because the issue isn’t unique to California, I reached out to the FBI’s press office in San Francisco with the same list of questions. They promised a response this week. I’ll update this story online when I hear back from them.
Meanwhile, last week I had lunch with an aide to a prominent North Bay politician who offered to put me in touch with folks at Meta or Facebook who work on legislative issues. He sent them my contact information.
On Tuesday, they responded. The same day, another person from Meta emailed saying they had responded to a friend who is a nationally known tech industry reporter. Both asked for information on my case, which I provided, even though I am deeply torn about it.
As a journalist, I cannot accept favors that do not also benefit the public, and I would never want to use my position to put myself at the top of the list. On the other hand, as a journalist, I cannot tolerate an imposter spreading false information and deceiving people in my name.
Because Facebook is the primary communication channel for many and has a virtual monopoly, you might think that Facebook would be viewed as a public utility and subject to greater regulatory scrutiny. But I’m not so confident, especially considering that Meta’s political action committee has spent $2 million in political donations to the federal government this year and more than $32 million on lobbying over the past two years, according to OpenSecrets.org.
Let’s continue
I’ve been on Facebook for more than a decade and a half, and over time it became a way for me to share my work, find stories worth telling, and sources to help tell them.
More importantly, it was a way to stay in touch with people I care about. I loved the memories feature, especially when it came to my kids when they were little, or my dad who died 10 years ago. I’ve posted hundreds of photos over the years, many of which I may never see again.
At this point, my only option seems to be to open a new account, but right now that’s not very appealing, even if the first thing I’d probably post would be this story.
I’m ready to walk away. I’m grateful to those of you who alerted me to the hack, especially those who said they knew it wasn’t me because of the poor grammar in the hijackers’ posts. To my friends who see the fake posts and wonder if I’ve lost my mind: I’m sorry you’re getting spam and I hope you know better than to click the links.
And as for Mr. Zuckerberg, I give your customer service interface zero stars. May hackers hit you hard and often, and may they be merciless in the havoc they wreak on your life.
John D’Anna is the editor in chief of The Press Democrat. You can find him in threads at @johndanna and on X (Twitter) at @azgreenday, but unfortunately not on Facebook.
