What's the difference between a 'malevolent presence' and an 'unauthorized actor'?

Tim Rowland
·3 min read

Last week I got one of those “don’t sue us” letters from Arcadia Publishing whose accounting department had been hacked and robbed of its records. The letter beats around the bush for a few paragraphs before mentioning what they let slip away — nothing too serious mind you, just Social Security numbers, bank account numbers, number of family cats.

You’ve probably gotten a letter like this too from any number of institutions you’ve done business with and, up until now, trusted. I think of them every time I hear one of those admonishments on helpful TV consumer pieces, “... of course never give out your personal information over the phone.” There’s no need! Your credit card company has already done that for you!”

It’s not theft, of course, it’s “unauthorized access” and it’s not a thief, it’s an “unauthorized actor.” That makes me feel better. A crook might have malicious intent, but an unauthorized actor probably was probably just a janitor who found a printout in the trash.

Tim Rowland
Tim Rowland

Arcadia says it is “unaware of any fraudulent misuse,” which is like a bank admitting it was robbed but, happily, there’s no proof that the bandit has actually spent any of the cash.

By the end, Arcadia is making it sound like it was my fault not theirs, and generously suggesting “what you can do to better protect against misuse of your information.” It’s Otter’s line from “Animal House”: “Flounder, you (screwed) up, you trusted us. Hey, make the best of it; maybe we can help.”

So Arcadia’s “help” is to offer a free(!!) year of protection from Kroll Credit Monitoring Services, which best I can tell is like a body guard that lets you know if you’ve been shot.

I’m not going to sign up, of course, because you know it’s just a matter of time before the Kroll Credit Monitoring Services is hacked, and I’ll get the same letter all over again.

Besides, I don’t have that much to steal. I’m not like FTX, the Crypto castle that, as it was going down the tubes as they all do, lost $474 million to an unknown hacker just as the company was declaring bankruptcy and falling under criminal scrutiny.

According to Wired magazine, “By the evening of November 11 of last year, FTX’s staff had already endured one of the worst days in the company’s short life. What had recently been one of the world's top cryptocurrency exchanges, valued at $32 billion only 10 months earlier, had just declared bankruptcy.”

As he watched crypto balances mysteriously draining out of an online ledger, one staffer recalled thinking, “After all this, we’re being hacked?” Whoever stole the money is described as a “malevolent presence,” which I gather is one step up from an “unauthorized actor.”

I guess Crypto Bros are still buying and selling this play money among each other, but the rest of society has pretty much moved on. No one writes me angry emails anymore when I mildly suggest that crypto might not be on the brink of revolutionizing the global financial structure. Or maybe they just figure I’m a hopeless case.

For example, the way this FTX theft has evolved is way over my head, or the head of anyone, I assume, who still owns something as archaic as a checkbook.

As I understand it, everyone can “see” this stolen crypto online and track its movements, but they do not know who’s controlling it. They can watch as it’s being laundered and, like Rumpelstiltskin, being spun from pretend money into real money. But no one can do anything about it. I don’t know why.

In one supreme irony, some of the crypto was laundered through FTX’s own sister company, the Alameda Research hedge fund.

Hedge funds. Crypto. Credit monitoring. Identity theft. And I’m old enough to remember guys who used to get nervous just being in the same room with an ATM. Maybe they weren’t being so silly after all.

Tim Rowland is a Herald-Mail columnist.

This article originally appeared on The Herald-Mail: Data hacks, crypto currency thefts leave one distrustful