By A.M. Kelley
Superior Catholic Herald
Despite hacker, priest keeps sense of humor
|
|
SUPERIOR -- By his own admission, Fr. Andrew Ricci broke the great commandment of Internet security. He fell for a scam and gave out the password to his e-mail account.
The error has given him a very big headache and what looks to be a long, time-consuming quest to prove his identity and retrieve hundreds of lost addresses and communications important to his work.
Ricci is the pastor of St. Francis de Sales, Spooner, St. Catherine, Sarona, and St. Joseph, Shell Lake. He is also the director of vocations for the Superior Diocese.
His Internet travail began when he received what he thought was a legitimate request from Gmail, which is a Google-owned Web-based e-mail service.
"It looked like an authentic Gmail from the customer service center," he said. "It read: For security purposes we are updating all Gmail accounts. To ensure your privacy (we need your password)."
Ricci didn't think twice and sent off his password.
"I gave them the keys to my house," he said. "I feel pretty stupid. I fell for the con."
The thief then went into Ricci's address book and sent out bogus letters requesting money, he or she said, so that Ricci could purchase a $2,000 set of books.
There was not a word of truth in the correspondence. The bad news is that Ricci wasn't the only one who was conned. Some people believed that the call for money was genuine and mailed personal checks directly to the parish office. These were easily returned to the senders.
But Norbert Berg, a Shell Lake parishioner, wasn't so lucky. He received the bogus letter, read it hastily and decided without a second thought to help out his pastor. He e-mailed back and said, "Count me in for $500 É let me know where I send the check."
He was told by the thief to wire money to a "catholic archdiocese sales respresentative" (sic) in Nigeria.
"It was very easy to do," Berg said. "The cleverness involved is unbelievable."
After a few e-mails back and forth, Berg wired the money through Western Union. He used his Visa card and the fee was $53.
When Berg was asked how, after 30 years in the computer business--in fact he's a retired executive of Control Data Corp. in the Twin Cities--he could have fallen for the scam, he said simply, "I trust computers."
In retrospect, he conceded that it's easy to find flaws in the original e-mail letter (misspellings, poor grammar), but at the time he found them easy to overlook.
"I do my e-mails at midnight," he said, at a time when his own writing and use of English isn't perfect.
After the drama unfolded and Berg realized he had been taken for a ride, he filed a complaint with the state of Wisconsin Department of Agriculture, Trade and Consumer Protection. Its public information officer, Glen Loyd, said, "I hear about similar scams everyday." If asked to send money to an unknown or suspicious source, he encourages anyone to call the department at 1-800-422-7128 to find out if the request is legitimate.
The bad news is that money was lost and although this is a genuine loss, money is replaceable. That's not been the case with Ricci's work.
"All my vocation contacts," he said, "I have lost all of those e-mails."
He has also lost records and communications with people preparing for marriages and baptisms. He is also involved in national vocation networks. All of this work has halted.
"It's a feeling of being violated," he said. "And it's awful."
Between the time of the theft and his discovery of it, as many as four days passed.
"(The thief) read and answered all of my mail," Ricci said.
His parish secretary has been swamped with calls about the plea for money, to which she responds: The letter is not real.
What is real is the effort that is now required to do what Ricci calls "proving his identity." Before Gmail will release his personal records he has to jump through some mighty demanding hoops to prove he is who he says he is.
"It's going to be a long haul to rebuild my work," he said.
Both Berg and Ricci, though stung, maintain a sense of humor and Berg admitted that there is actually a little more to the story. To add insult to injury, in addition to the $500, he forfeited another $1 to Ricci. Every year the two men bet on the Packer/Viking game (played on Sept. 30 this year) and the Vikings lost. "He's a good man, but a Vikings fan," Ricci said: "We pray for him."
In the future, Ricci, Berg and others afflicted with hackers, thieves or just impossibly tangled computer cords may be lighting candles to Saint Isidore of Seville who has been named the patron saint for the Internet and computer users.
If there can be any humor in getting caught in such a situation, perhaps this stanza of an invocation by Mary W. Cox (found on the Internet) can ease some of the pain:
"When downloads fail, when disks erase, when life-work's lost in cyberspace, / remind us in our dire frustration: The goal here is communication. / "Oh, heed our pleas (but don't keep score)--pray for us, St. Isidore!"
Editor's note: In his Vocation Viewpoint column, dated Oct. 11, 2007, Ricci comments on this unsettling experience.
Some hints for choosing a secure password According to the Information Technology Division at University of Michigan, a password is a "magic word... (to) prove you're who you say you are."If someone guesses, steals or is told your password he or she can access files, e-mails, funds, personal information and more. This thief can modify or destroy your files, send e-mails in your name, subscribe to unwanted services for which you would have to pay.
Many people share their passwords with others but others make passwords easy to steal. Hackers use dictionary programs and other programs called sniffers to get passwords. The programs run through every word in dictionaries (foreign words are no safer) to see if it will eventually match your password.
U of M suggests that a good password is usually a combination of numbers, symbols and upper- and lowercase characters and offers the following guidelines.
Don't use:
* Dictionary words (mackerel, dandelion, millionaire).
* Foreign words (octobre, gesundheit, sayonara).
* Simple transformations of words (tiny8, 7eleven, dude!).
* Names, doubled names, first name and last initial (mabell, kittykitty, marissab).
* Uppercase, or lowercase words (MAGAZINE, licorice).
* An alphabet sequence (lmnop) or a keyboard sequence (ghjkl).
* Very short words or just one character (dog, *, hi!, me, love).
* Words that have the vowels removed (sbtrctn, cntrlntllgnc).
* Phone numbers, social security numbers.
* Numbers substituted for letters, like a zero instead of the letter O or a number 1 in place of the letter l.
Strategies for choosing a good password:
* Use at least seven characters.
* Intersperse punctuation marks or symbols such as #, $, %, etc. Don't use blank spaces.
* Use upper- and lowercase characters.
* Never write down your password.
* Select a unique password. Do not use a password that you are using for your PIN at the bank or your password to another system.
Here are some examples of good passwords:
* Use lines from a childhood verse--Verse line: Yankee Doodle went to town--Password: Ydwto#town
* Use expressions inspired by the name of a city--City expression: Chicago is my kind of town--Password: CimYKot
* Use foods disliked during childhood--Food: boiled broccoli--Password: boi%Brocc
* Substitute synonyms--Coffee break--Password: java*rest
Change a password if your password does not meet the criteria set out in the rules and strategies listed above; if you have had the same password for more than six months; if you have told your password to anyone else or if you have written your password down anywhere.
© Superior Catholic Herald, 2007