An abusive comment, a faceless scammer and an invasion of privacy have left the owners of one Hawke’s Bay community organisation reeling after having to spend hundreds on private cybersecurity protection to secure their safety.

Now, the couple are speaking out about their harrowing experience to warn others about the dangers of targeted cybercrime and the challenges that come with putting an end to it. Mitchell Hageman reports.

An omniscient presence lurks in the background of Sreejith Nair and Deepthi Krishna’s lives.

It doesn’t have a face, or a real name, but it knows their passport details, bank numbers and who knows what else about their private lives.

Two people trying to do good by spreading the joy of Indian arts and culture are now fighting to keep their organisational and personal profiles secure online.

Thousands have been spent on private cybersecurity expertise to fix the problem, and its impact and psychological toll on the organisation and its people.

“It’s draining, both financially and mentally,” Nair told Hawke’s Bay Today.

So how did this all start?

As with many community organisations, the pair had been subject to instances of dodgy online personas reporting their growing Facebook page from its inception, targeting them and voicing abuse for an unknown reason.

The page, run by Krishna, is used to promote the Hawke’s Bay Indian Cultural Centre, which was established in 2015 promoting Indian classical dance and organising theatrical productions of epic dance-drama since 2018.

It’s since blossomed into a well-known charitable organisation that does plenty of good for the Hawke’s Bay community.

Krishna and Nair said the online attacks were semi-manageable at first, but things really kicked off in June 2023 when the group released the poster for its latest production.

Someone from a fake profile posted an abusive comment, so the couple reported it to Netsafe.

“[Netsafe] called me and said the person had deleted the profile, so there was no threat,” Krishna said.

After initially thinking everything would be fine, the attacks ramped up even further.

“After that, we were getting a lot of messages saying that we were violating community standards.”

Things got worse after the pair returned from a trip to India and uploaded photos of their latest show.

“One day, we got a message after uploading photos of the show that there was a serious copyright issue, and that if you don’t click this link within 24 hours, they will take action.”

The pair, unaware it was a scam, clicked on the link, and the next morning Krishna was logged out of all her social media accounts.

“I was really panicking. I called a few friends, and they said they had received messages saying I had violated community standards.”

Within no time, the assailant had full control over all Krishna’s pages, even changing the HBICC profile to a picture of shoes.

Efforts to recover the accounts were fruitless, and the barrage of cyber threats continued in the following days when the attacker disabled the organisation from appearing in Google searches and gained access to Nair and Krishna’s personal devices.

“After a few days when we opened our laptop, we could see our documents were getting viewed by someone that wasn’t us.”

Krishna and Nair said they lodged a case with police that their laptop had been compromised, but were told there were limited options because of not knowing the identity of the offender. They were also advised by authorities to bolster their multi-factor authentication protocols and passwords.

Frustrated with the lack of action or help from authorities and Facebook, the pair reached out to a friend in Canada who was versed in cybersecurity.

“We were told there were six viruses in the laptop and that the Wi-Fi was hacked. He also found three to four unknown devices connected to our Wi-Fi,” Krishna said.

“I found the person had accessed my camera and workplace email. The extent was huge.”

The pair believe their son’s laptop may have also been hacked as he lost a significant amount of schoolwork.

Krishna said the expert took countless days, and they spent hundreds of dollars on equipment and services to try to get things back to normal, but eight years of work was gone and the threat still felt present.

They even tried avenues in the United States, reaching out to the California Attorney General’s office, but they could not help because the incident happened in New Zealand.

“Later I found out that people often paid for services on the dark web to do harm to small organisations. I kept asking, why me? I had sleepless nights and was really paranoid,” Krishna said.

Nair said all they knew was “the perpetrator accessed our laptop using an Android phone [Samsung Galaxy] from somewhere before hacking the Facebook page”.

“These cyberattacks, which have now been going on over a year, are draining our mental strength as well as mounting financial burden. We are left with no authorities to seek help from.”

Krishna and Nair were also devastated that their students suffered by way of the removal of the posts on the Facebook page.

“It was the only platform left for us to showcase, promote and market our productions and it has now been stolen from us. This also sabotaged and tarnished the goodwill and brand building acquired over several years of teamwork.”

A spokesperson for the National Cyber Security Centre(CERT NZ is now part of the NCSC) said it did not generally comment on whether it was involved in providing investigation or incident response support on specific matters, but it was aware of the group’s situation.

The NCSC, through the CERT NZ reporting tool, receives reports about compromised or duplicated social media accounts.

“The NCSC provides cyber security advice to New Zealanders and New Zealand organisations. In the case of ongoing harassment online, this is a matter of online safety rather than cyber security.

“As such, we recommend for this to be reported to Facebook’s support centre and the NZ Police. It is up to social media platforms to support their users.”

The spokesperson said unauthorised access to social media accounts could be prevented with long, strong, unique passwords and by using two-factor authentication.

“The latter is vital in keeping your accounts secure as it requires two different methods to get into the account: something you know – your password – and something you have – like a code sent to your phone. This means the attackers would need access to your personal device, which is unlikely.”

Netsafe chief online safety officer Sean Lyons said while the organisation could not comment on individual cases, he could comment generally on the types of threatening behaviours being used by criminals.

“We are certainly seeing an increase in people trying to exploit social media groups and followings in order to target the following and use the grouping to subject them to all types of scams and activity,” he said.

“It means if we are the curator of one of these groups, we have to be a bit more aware of what is going on and if we see this happening, we need to take action to secure the groups as quickly as we possibly can.”

Lyons said the opportunity to invade members’ personal content was exactly what criminals were looking for when they targeted a group.

“Often, because they require access to a particular page to begin with, some [criminals] might be using kinds of social engineering, or they might be using brute force attacks by figuring out how to break passwords and password banks on a particular service. They usually target weak passwords and a lack of multi-factor authentication.”

He said incidents like this generally reduced people’s faith in the integrity of social media platforms.

“Ultimately it is something they want to fix, and they are getting better, but it doesn’t mean they are perfect every time and we know they aren’t. Netsafe, and others as well, need to keep applying pressure on those organisations and platforms to make sure they respond in a way that’s right for their users.”

Police have confirmed they are aware of the case and would continue to work with the couple.

“Following an assessment of this complaint, we can confirm it’s under further investigation, and Police will be speaking with the complainants. While that work is ongoing, we’re unable to comment further.”

Krishna and Nair said they were appealing for any further information and assistance, including any legal avenues they could take.

They stressed the importance of multi-factor authentication and encouraged others to look into good preventative measures.

“We’re still not sure the clear motive behind this as it seems like a planned sophisticated invasion to our system and our personal life,” Nair said.

“We need a system here or some kind of support to prevent this kind of thing. It can cause a lot of damage to businesses and also mental health,” Krishna said.

Mitchell Hageman joined Hawke’s Bay Today in January 2023. From his Napier base, he writes regularly on social issues, arts and culture, and the community.