Daniel Ju.
This is a strange, strange feeling. As Goderators, we're supposed to be the ones pulling the strings and reporting the action from a completely objective, unbiased viewpoint (hah). This time, however, we were part of the action, and the strings were being pulled on us. So maybe when we say that this was a story of epic proportions, we're being a little biased. But you know what? We'll let you decide for yourself. And since we don't have any pictures, we'll make our own!
Note: The details in this story are gathered from both our perspectives and the Hackers' perspectives. Yes, we had a calm, civil conversation with them afterwards. What can we say, we needed the scoop.
We now understand what you all feel like when you're chasing after your targets or plotting a trap to ensnare your targets. The heart starts pumping, the mind starts racing, and the adrenaline starts flowing. On this high-speed chase, we literally felt like we were in a spy movie like Mission Impossible or the Bourne series. Of course, as we mentioned in yesterday's post, we do not condone hacking and any future attempts to compromise or use our account without authorization will result in disqualification. But, just as everything has a bright side, so too did this adventure. Namely, we got a kickass story, and we felt like badasses.
The badassery began with the Hackers (congrats, you're important enough to have your very own pronoun!). The time is Friday morning. Part way through their first period class, the Hackers decided they didn't want to do their online research anymore. So, obviously, they did what any bored Lynbrook student would do. Attempt to hack a friend's email account just to mess with them. Except the Hackers must've really been feeling the Spoons spirit because, they thought to themselves, why not hack the Goderators' (real) email account and mess with 265 people simultaneously!
Well, more accurately, they tried “recovering” our email account. Going through the “Forgot Your Password?” system after typing in our email address, they managed to guess our security questions, which we hadn't really set up. We checked later, and our neglect to set up a proper security validation system resulted in Google setting some pretty dumb default questions (we shall get to that, shortly).
A real facepalm moment for us. Come on, now. It was too easy for the Hackers. When did we login? Probably the day before, since we need to check things every day. When was the account created? Probably January, since Spoons started in February. And with that, they were in. Props to them for thinking of that route (but again, we do not condone hacking by any means). Once in, they changed everything. Password. Recovery email. Recovery phone. They found out that our more sensitive files weren't in there (tybg), but they decided to send a mass email to gather information from all the Spoons players. And, on the way, they sent some phony emails to Trump Card participants telling them that they had won. After all, why not abuse their newfound power?
When we Goderators got to our second period eyes, bleary-eyed and asleep, we were each confronted with people who ran up to us and shoved the email in our faces. At first, we didn't think much of it. After all, it was probably just another one of those fake email addresses that changed a letter or two trying to screw with people. Which was perfectly valid and kind of funny, to be honest. But when we saw the actual email address it was sent from, we flipped out. Then, Rags checked his own inbox (our original recovery email) and saw a bajillion unread emails titled “Your Account Password Has Been Changed” and “Your Recovery Email Has Been Changed” and “Your Recovery Phone Number Has Been Changed”.
We were not so bleary-eyed and asleep after that. Disregarding everything going on in class (which, let's be honest, is normal for most of us), we texted each other, freaked out, and tried recovering the account through our phones. After failed attempts to login, we saw the faulty security questions. And we saw the changed recovery email and recovery phone number, which Google showed us as “(***) ***-**##” (won't actually be showing you the last two digits). Well, shoot. Someone changed our only way of retrieving the information to get us back into our account.
After freaking out for all of class, at the start of tutorial, a Sherlock-worthy idea occurred to us. More likely than not, the perpetrator was someone who was somewhat involved with Spoons at one point or another. So we cross-referenced the last two digits of the recovery phone number with all 265 phone numbers of signed-up Spoons players. Six people matched the criteria. But the minute we saw this person's name, we smiled and knew he/she was the one. Without a doubt. Hopefully.
Tutorial was a high-speed chase. We took a quick time-stamped photo so that when we did recover the account, we could send an email with proof that we had gained control of it back. We called this Hacker's number. No answer. So we checked all the possible places he/she might be. Iams' room? No. AP Physics? No. Bale? No. Physio? No. A lot of heads turned as we barged into random classrooms, scanned all the faces, and left without a word. Every few minutes, someone would yell “HEARD YOU GOT HACKED”, and we'd yell back “WE TRACED IT”. On the outside, we were badasses. Inside, we felt giddy. This was frickin cool. But, of course, we do not condone hacking.
At the corner of the school, we saw our person. He/she dipped into the computer lab, and we were about to follow him/her in... But we stopped at the door, came up with our cornering strategy, and went in one by one to not arouse suspicion. When we were all inside, we couldn't find him/her. It was like he/she vanished... Just kidding, he/she was studying something on a computer in the corner. We literally cornered him/her, stood there for a second, before launching the accusations. Awkwardness ensued.
And that's how we knew, we had the right Hacker. Thankfully, once we clarified that “we come in peace”, he/she willingly gave us access to the account again and even helped us set-up our Two-Step Verification that we had neglected to do in order to protect against future incidences (pro-tip: set up yours RIGHT NOW). Our email of relief was sent, and at last, the chase had come to a close. A fairly happy ending, too.
The Hackers felt badass. The Goderators felt badass. All around badassery.