A few weeks ago, I got a direct message on Twitter from one Larry Summers. Yes, the Larry Summers, if that nasty little aquafresh checkmark beside @LHSummers was to be believed.
Larry Summers of Harvard. Larry Summers of the World Bank. Larry Summers of the Treasury Department, for the love of god. Secretary Summers, President Summers. Receiver of medals for epochal contributions to macroeconomics, public finance, labor—not to mention his rare insight into women’s gender-borne intellectual shortcomings.
Yes sirree, Lawrence Henry Summers was just casually DM’ing me, because, well, he’d read an article of mine and found it astute. And now Larry Summers wanted feedback from me on an article of his.
Virginia Heffernan (@page88) is an Ideas contributor at WIRED. She is the author of Magic and Loss: The Internet as Art. She is also a cohost of Trumpcast, an op-ed columnist at the Los Angeles Times, and a frequent contributor to Politico. Before coming to WIRED she was a staff writer at the New York Times—first a TV critic, then a magazine columnist, and then an opinion writer. She has a bachelor’s degree from the University of Virginia and a master’s degree and PhD in English from Harvard. In 1979 she stumbled onto the internet, when it was the back office of weird clerics, and she’s been in the thunderdome ever since.
See where this is going? I gazed at his formidable Twitter profile photo. One of those the-world-and-all-its-banks-are-mine skulls that looks like it’s made of feldspar and weighs a metric ton.
I was a new caliber of flattered; maybe inebriated. Granted, Larry Summers didn’t say exactly which piece of mine he admired—and I wouldn’t have picked Larry Summers for a fan of essays about Reddit or feminism (remember: women lack “intrinsic aptitude”). But I didn’t ask questions. I wanted to believe.
Would I look at an article of his and give him notes? Um, is spearphishing an internet scourge? Yes, I would.
I clicked on his link, larrysummers.ml. (Maybe don’t click till you see how this plays out.) This dot-ML seemed—because I was blinded by Larry Summers’ marquee macroeconomic celebrity—perfectly credible. Whoosh. I landed on a hinky page that asked for my … Twitter credentials.
I wasn’t born yesterday. And what kind of file-hosting service used by the former secretary of the treasury, whose name is on some of our paper currency still, is accessed by cutesey Twitter handles?
But I was intoxicated by my longing to believe Larry Summers wanted my professional, astute opinion of some article of his on maybe, probably, economics. Well, don’t worry. I’m not without every instinct: I did manage to ask Larry Summers a cursory question. If nothing else, he would respect me more. “Is this legit?” I asked.
Looking back, why didn’t I test Larry Summers on the arguments he put forth in Understanding Unemployment (1992)? Or just give him a damned captcha.
Would you believe it, Larry Summers said it was indeed legit Larry Summers.
And that’s all I needed. Entered name, password, and…
Like that poor, poor dude who worked for John Podesta, the wretch (coulda been any of us) whose typo opened the door to Fancy Bear, the DNC hack, and the downfall of man, just like him, I was phished and hacked and night fell fast.
Zenci Musa was his name. Man or machine, he—not standing on pronoun ceremony here—seized my Twitter account. He told me “Relax Relax” in DMs, as Larry Summers evaporated. And then Zenci Musa was suddenly in Twitter’s main room, under my handle, posting images that looked like Assassin’s Creed or Ultimate Fighting tattoos. Under my handle!
It was confusing: He sent a message to me that looked like a tweet by me. “Your account has been hacked by the Turkish Cyber Army Ayyildiz Tim. Your DM correspondence and important data have been captured!”
“Oh no, V,” tweeted my friend Holly.
And then I was shut out of Twitter. Account not found. I asked another friend to tweet that I’d been hacked and to ignore my tweets, and any suspicious phishing DMs, till further notice. I didn’t want to hand on misery to my fellows, as @LHSummers had handed on his to me because I am a woman who lacks intrinsic aptitude.
Google and Twitter, both on my laptop and phone, switched over to Turkish language. I couldn’t switch back to English. This, surprisingly, was the worst part. Zenci Musa had at least posted in English. But now that every single tab I opened on the Web was in Turkish, and I couldn’t read the internet, I became entirely impotent. I jabbed around the Turkish alphabet trying to get an Apple Store appointment. My location seemed to be Ankara, and I even looked out the window, anxiety rising; no minarets. I was in New York. I was also frantic.
Zenci Musa, I later learned, is Turkish for “Black Moses.” That was the name given to the fourth-century Egyptian ascetic Abba Moses the Black, who wandered the desert and was among the early Christian monastics known as the Desert Fathers. But Abba Moses is an unlikely patron saint for contemporary Turks. Almost certainly, my Zenci Musa pays homage to another Black Moses, a Sudanese Ottoman citizen born in 1880 and renowned for his otherworldly physical strength and his feats of heroism in the Ottoman army.
“Erdoğan followers may revere that Zenci Musa for loyalty to the empire,” a Turkish scholar told me. (Very few Turks in the US use their names publicly when speaking of Recep Tayyip Erdoğan, Turkey’s president.)
Larry Summers, whether he’d approached me on behalf of gender essentialism or labor policy, was long gone. In his place was this new ghost, Zenci Musa, elegantly styled to terrify me. He spoke on behalf of Turkish Cyber Army, Ayyıldız Tim, or “Team Moon and Crescent,” and announced he had my DMs and data. For some reason this didn’t bother me. Doesn’t everyone have my DMs and data now?
Later, a hit on Snopes told me that this same group hacked Twitter accounts of Greta Van Susteren, Eric Bolling, the president of the World Economic Forum, and an Indian envoy to the UN. Were their traps also baited with the name of the former president of Harvard? Would the president of the World Economic Forum, Børge Brende, ever admit he still seeks Larry Summers’ approval? In every case, the most Ayyıldız Tim seemed to want from any of us was “to show you the power of the Turk!”
As I prepared to abandon my kids to secure my phone, I showed them the frontman of Ayyıldız Tim, the Turkish Cyber Army. “He looks like Peter Dinklage,” my son said. “He’s the coolest villain I’ve ever seen. Do you mind if I root for him?”
Hours later, I was replacing my phone at the Apple Store, every password changed, while Twitter support briskly exiled the overlords who had my account in chains. Twitter was efficient, I must say, though the transaction all went down in the automated help system, and I didn’t hear even a note of contrition. Not even my bank’s pro forma “I can understand how frustrating that must be for you.” (Lately we all seem to be waiting on a sincere apology from the big tech companies; it may never come.)
The Apple Geniuses were much nicer—and more smug.
But at first they didn’t believe me. With all the Genius gaslighting, I felt like a victim of domestic abuse or sexual harassment. “I’ve been hacked,” I told them. “I want a new phone, and a new—”
“Hold on,” the Genius said, slowly smiling, like he’d heard it all before. “Have you really been hacked?”
I pulled up my screenshot of Zenci Musa, hoping the cool villain would frighten this twerp. Did he think I was an hysteric, scared to trembling because my daughter had read a text over my shoulder?
I’d show him. Check out Zenci motherfucking Musa. I explained it was a real hack. I walked him through my experience. He was impressed, though I could tell he didn’t know who Larry Summers is.
The Geniuses jumped into action. Later I learned that they hadn’t thought I was hysterical—or not just hysterical—but rather that they firmly believe Apple products aren’t hackable. And to some extent, they’re right; Apple is aloof and styles itself, by and large, as too cool for the internet disco. Tim Cook’s been dragging Facebook right and left for privacy violations, venality, and data breaches, saying, most recently, that Facebook should have regulated itself, but “we’re beyond that here.”
With TWTR and FB looking peakèd, where AAPL’s intact, Cook and his Geniuses might be forgiven for gloating.
At last, the phone was fixed. I had new, less-crackable passwords. And I knew my weakness, and could better correct for it: vanity. I had fallen for Larry Summers. Had been brought low by a word of flattery. What is wrong with me?
But then: When the Justice Department handed down indictments of nine Iranian hackers for ruthless and massive cyberattacks last week, something in the documents caught my eye. Many of the universities targeted by the so-called Mabna Institute, in Tehran, who had stolen more than 31 terabytes of data, had been phished in a suspiciously familiar way.
From the indictment: “In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included.”
Aha. So I’m not alone in my vulnerability to what I’ve come to think of as the Academic Vanity Honeypot. Maybe you’re vulnerable too. Consider this, therefore, news you can use, and learn from my mistake. “Larry Summers” approaches you like a sex worker from the former Soviet states; he says, “I read your article.” (That’s “My, you have such broad shoulders” in the Academic Vanity Honeypot.) That’s when you lash yourself to the mainsail. Blindfold yourself. Tell yourself your work is good enough for you, has always been good enough, and Larry Summers, sexist economist, doesn’t matter. DO NOT CLICK.
When Hackers Attack
Photograph by WIRED/Getty Images