"3 Voices, 1 Threat: Personal Stories Of Cyberhacking"

RACHEL MARTIN, HOST:

This is WEEKEND EDITION from NPR News. I'm Rachel Martin. And this is For The Record. It wasn't the first time President Obama has talked about this issue, but mentioning cyber security in the recent State of the Union address underlines this problem in America in a new way.

(SOUNDBITE OF ARCHIVED RECORDING)

PRESIDENT BARACK OBAMA: So we're making sure our government integrates intelligence to combat cyber threats just as we have done to combat terrorism. And tonight I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber attacks, combat identity theft and protect our children's information.

MARTIN: Cyber threats have evolved over time from basic identity theft to a computer virus that holds your digital life for ransom.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED MAN: Seven is on your side tonight with a warning about a fast-moving computer virus that isn't just locking up your computer, but it could also scam you out of your hard-earned money.

UNIDENTIFIED WOMAN: Now experts call it ransomware.

MARTIN: For The Record today - the fight for cyber security. We're going to introduce you to three people who had very different experiences but carry some of the same scars - first up, Jim Higgs.

JIM HIGGS: I'm the owner and general manager of WAKV in Plainwell, Michigan.

MARTIN: It's an AM radio station in Southwest Michigan that he and his wife run out of the basement of their house.

HIGGS: We're known as the memory station. It's everything from Frank Sinatra to Bob Seger. How's that for a variety?

MARTIN: Jim remembers the day of the crime very clearly.

HIGGS: It was a Friday afternoon. I had pretty much finished my work for the day and had gone upstairs and fixed myself a cocktail, sat down on my lazy boy and put my feet up.

MARTIN: About an hour later, he went back downstairs. He noticed something, and it wasn't good.

HIGGS: There was silence which is about the worst thing you can hear on a radio station. And that's when I noticed on the screen of my office computer were these two icons - large ones - which said we have locked your files, and you have to pay us $500 to get them back. All of the music files were gone, all of the station jingles, all of the commercials - all of that was locked and encrypted.

KATIE: My name is Katie.

MARTIN: That's a nickname. Katie doesn't want her full name broadcast.

KATIE: I live in Madison, Wisconsin. And I'm 45 years old. And in 2013 my identity was stolen.

MARTIN: Katie came home one Saturday after running some errands and checked her voicemail. Kohl's department store had called.

KATIE: The Kohl's fraud department had left a message at home saying please call us regarding some recent activity on your newly opened account. And I froze because I didn't have a newly opened account.

MARTIN: But someone posing as Katie did. They had a fake ID with all her information on it, including her Social Security number.

KATIE: They got $18,000 in total in a matter of - it was two days. They were at an outlet mall. And you could tell on a map. Literally you could watch. They went from store to store - Macy's, Kohl's, Best Buy, Bass Pro Shop, Sears, OfficeMax.

MARTIN: Our third voice today comes from Jonathan Agin from Virginia.

JONATHAN AGIN: I'm an attorney childhood cancer advocate lobbyist.

MARTIN: Jonathan and his family were the victims of an especially hurtful kind of identity theft. In 2011 Jonathan's 4-year-old daughter Alexis passed away. She had suffered from an inoperable brain tumor.

AGIN: Prognosis is generally the child passes away between 9 to 12 months after diagnosis. Alexis was diagnosed at 27 months and she actually survived and battled valiantly for 33 months.

MARTIN: He and his wife were still in the middle of grieving the death of their child when they got a call from their accountant. He was doing their taxes, and he had disturbing news.

AGIN: He said that somebody had used to set Alexis's Social Security number to file a return. So we couldn't file electronically. We were going to have to file by paper. We were going to be late, and ultimately we were going to have to prove that Alexis was in fact our child.

MARTIN: That same day, Jonathan went online looking for answers.

AGIN: I put her name in Google, and I put Social Security number. And immediately a genealogical website popped up. And on that website was her date of birth, her date of death, her full address and her full Social Security number. It was right there for anybody and everybody to see.

MARTIN: Those are the types of crimes that can get wrapped into discussions about cyber security. And they are each very different - a ransom hack, credit card fraud and the theft of a Social Security number. But the emotional reaction to this kind of crime can be similar. When Jim Higgs realized his computer was being held ransom by hackers, he didn't overreact.

HIGGS: I went upstairs and poured another drink and decided I'd deal with it in the morning.

MARTIN: You sound like you are taking all of this in stride.

HIGGS: What can you do? I mean, really, Rachel, what can you do about it? You get hit. There's nothing the police can do.

MARTIN: Did you feel angry?

HIGGS: Absolutely I felt angry. I felt invaded.

KATIE: Having someone pose as you is just - I can't explain. It's very violating.

MARTIN: For Katie, the credit card fraud was also insulting.

KATIE: I wanted to throw up to be honest with you because you work so hard to - that's just not who I am. I pay my bills on time. I save money. And someone out there was pretending to be me and just frivolously going through and spending money willy-nilly.

MARTIN: Jonathan Agin says he and his wife each reacted differently.

AGIN: My wife was more emotional, and I was angry at the fact that somebody would obviously prey upon my daughter who passed away from cancer and utilize her for their own financial gain.

MARTIN: When the shock wears off, then there's the sometimes long and complicated process of assessing the damage and, if possible, righting the wrong. Jim Higgs was lucky. He had backed up his entire audio collection on another computer. But there were losses he never recovered.

HIGGS: Among the audio files that I lost was one of my grandkids singing a Christmas song or my granddaughter recording a commercial as a class project in high school. You know, those are gone.

MARTIN: And the hackers who attacked him were never caught. Katie isn't sure how her personal information was stolen. It could've been a clerk at a store or it could've been a cybercrime. Regardless, the whole thing has made her anxious, so afraid, she didn't want to use her full name. And Jonathan Agin, he has spent the last few years working hard with state and federal lawmakers to make Social Security numbers harder to access online. But he too reconsidered how much personal information he puts out into the world. He and his wife continue their work as advocates for families caring for children with cancer. It is a close-knit community, and a lot of the counseling he does is online.

AGIN: I can't imagine not being available and not trying to help people. And so you put yourself out there because the benefits outweigh the risks.

MARTIN: The Obama administration is pushing legislation that would tighten up punishments for cybercrime and improve information sharing between the private and public sectors to prevent cyber attacks. But there's only so much the government can do when it comes to protecting American citizens on this front.

ADAM LEVIN: You have to assume that breaches and hacking and the identity theft that flows from it - this is the new certainty in life.

MARTIN: This is Adam Levin. He's the chairman and cofounder of an online security company called IDT911. His first practical bit of advice... [POST-BROADCAST CORRECTION: Adam Levin is referred to as chairman and co-founder of IDT911. In fact, he is the chairman and founder of the company.]

LEVIN: Never use your email address as your user id because if somebody gets your email address, all of a sudden they have one half of your login process for many sites.

MARTIN: Next, he says, sign up with your bank or credit card company for something called transactional monitoring.

LEVIN: That's where they notify you anytime there's activity in your accounts. No one is in a better position to know what you're doing or what you have done than you. You will see things the bank won't see.

MARTIN: Finally, if you are the victim of some kind of online theft or sabotage, there are some easily accessible places to go for help.

LEVIN: Many organizations, as a perk of your relationship with them - it could be your insurance company, your bank, your credit union or the HR department where you work - offer plans that will help you get through a problem - identity related problem, a fraud related problem. You won't know unless you ask. And it could be free.

MARTIN: Levin says minimizing your risk is important, and sometimes it's really just not that hard. You've heard it a million times. Change your passwords. Make them more complicated. And while Levin says all these steps aren't a failsafe, if you don't take responsibility for your own online security, it will be far easier for someone else to compromise it.