Slashdot Mirror
The Rise of Political Doxing (schneier.com)
An anonymous reader writes: Security guru Bruce Schneier predicts a new trend in hacking: political doxing. He points to the recent hack of CIA director Jack Brennan's personal email account and notes that it marks a shift in the purpose of email hacking: "Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press." Schneier continues, "As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it. ... In the end, doxing is a tactic that the powerless can effectively use against the powerful."
I guess this is why Bruce Schneier is a guru and gets the big bucks....
My eyes reflect the stars and a smile lights up my face.
Bob Novak did it already.
In the end, doxing is a tactic that the powerless can effectively use against the powerful.
If you believe that "the powerful" won't implement a countermeasure that makes us all regret the doxing, you're a moron. Although there is something to be said for waiting for the grains of sand to slip out of their clenching grasp...
There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
we have to become one (crook) first? sounds fake.. ask ed snowden your questions continues.... truth mercy & justice all in the same breath .... little miss dna cannot be wrong.. what a gig
In the end, doxing is a tactic that the powerless can effectively use against the powerful.
...Or keep the powerless in their place.
We have secrets and embarrassing things on Facebook and other places online that will never go away and can be found if you look hard enough. Most of us don't have the luxury of being groomed from birth to be politicians and avoid these pitfalls.
Going through Sarah Palin's emails (either the official ones the judge ordered released and the New York Times attempted to crowdsource finding embarassing stuff OR the ones that the 4chan hacker whose father was an elected Democrat released) was an attempted doxxing.
What Bradley Manning did was a doxxing. Hell, so was the release of the Pentagon Papers.
Jumping even further back, the XYZ Affair was revealed by a doxxer leaking details to the (partisan) press.
Releasing your opponent's embarrassing documents has probably been going on for as long as we've had written language.
But what about Russians, Chinese, Iranians, French, Brazilians, Indians, Japanese, etc, etc, etc?
"I don't know, therefore Aliens" Wafflebox1
Because doxing has never been using against people that haven't done anything but mind their own business. Right?
Your hair look like poop, Bob! - Wanker.
Richard Nixon and his political team are glad people have forgotten why the press loves to "-gate" tag every scandal https://en.wikipedia.org/wiki/Watergate_scandal
When the CIA director has his AOL account "hacked", it is a demonstration of his utter incompetence, not "doxing". And the inability of top government officials to control even their own, valuable private information is politically highly significant, given how much information the US federal government is increasingly collecting about us: detailed financial and banking information, medical records, detailed census information, and lots more.
The CIA wants to read my email, know what websites I visit, etc. turn about is fair play.
.. when they have access to your data.
Ever wonder about the 'embarrassing' leaks of personal information (whether they be from email, voicemails, etc) - especially on celebrities who speak out on subjects where the government wants you to believe their version of a story? (Especially 9/11?).
How about journalists? Michael Hastings was about to publish a story on the CIA. Had contacted Wikileaks and died in an accident (if you believe the official story contrary to history or evidence) shortly after?
The US government has already shown they cannot be trusted with our data, but lesser known is that this data collected is SHARED with other nations, even if you trusted yours do you think other governments should have access to your data?
How about private companies that provide services to those security apparatii?
We need to take our privacy back - we have already seen that laws aren't the answer (because they will ignore the law and lie to us about it)
It's a pity our intelligence community have taken on the belief that they are better than everyone else, and don't serve the citizens any more, but the interests of the power elite. They could have been our best protection from them.
when I remember it was done to Palin and it was a good thing.
Good times, good times.
It's going to take a while, but eventually the masses will understand the importance of privacy. There are many crazy people out there that have nothing to lose and their only mission in life is to destroy others for whatever illogical reason they choose.
JFK doxed Nixon a couple of times back in the 1960 campaign. You can look it up.
It's nice to see people finally getting on board with Shockwave Rider (pub. 1975) : https://en.wikipedia.org/wiki/The_Shockwave_Rider
I don't like the word 'doxing'. To me it looks like it would be pronounced d'oh-xing. I prefer doxxing. Who's with me?
But how could this cause any damage to anyone? Surely, they have nothing to fear if they have nothing to hide, right? It offends me when the CIA, some media or anyone else behaves as if a) this is a serious problem and b) we should give anything more than 0 shits.
When the CIA director has his AOL account "hacked", it is a demonstration of his utter incompetence, not "doxing".
This is an excellent example, a departure point for discussion.
Per Bruce's article:
The CIA director did nothing wrong. He didn't choose a lousy password. He didn't leave a copy of it lying around. He didn't even send it in e-mail to the wrong person. The security failure, according to this account, was entirely with Verizon and AOL. Yet still Brennan's e-mail was leaked to the press and posted on WikiLeaks.
Also, unlike a certain presidential hopeful, Brennan didn't have any CIA sensitive information in his personal E-mail. It was simply personal stuff about him, nothing that compromised security.
And yet, internet sheep immediately jump to a conclusion of "incompetence", a charge that would ordinarily haunt a person in future job prospects for the rest of their life.
One obvious step would be to hold the providers accountable for security failures.
Just like statistics, data is all about the presentation. You can be painted as a bad character for even the most harmless of actions depending on how it is presented.
There are plenty of reasons for people to hack into politician's email. Doxing is one of them, but so is investigating wrong doing. Sometimes searching for the wrong doing can lead to bashing. People can get caught early, or have access to the "other" mail server and just dump for their 5 minutes of fame. Is that Doxing? *shrug* I think that depends on intent, and in most cases no.
Yeah, this guy tells us what security people have been saying for more than a quarter of a century. How can the rest of us cash in on this scam of repeating common knowledge and making money?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
YOU say "hosts=bad" (but they add security, speed, & reliability) & bitch on admin privelege to UPDATE vs. threats:
"So, have you figured out why privilege escalation is a bad thing yet?" - by Coren22 on Tuesday September 22, 2015 @05:15PM (#50577809)
Hypocrite - You use admin priv admitting it
&
How else can I programmatically update hosts minus it in Windows?
---
"Of course it requires elevation to write to the hosts file" - by Coren22 (1625475) on Wednesday September 23, 2015 @05:35PM (#50585879)
You FINALLY later admit there's no other way!
FACT:
Even MalwareBytes AntiMalware (best one) DEMANDS you use admin privelege (you saying it's "bad" too?) it can't do its job fully otherwise, like many security tools do!
---
Aryeh Goretsky NOD32/ESET says hosts = good security-> http://it.slashdot.org/comment...
Oliver Day (Symantec) does-> http://www.securityfocus.com/c...
MalwareBytes' hpHosts hosts & recommends my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...
---
* HOW MANY SECURITY PROS DO I NEED TO KNOCK THE CHOCOLATE OUTTA YOU?
---
Those security pros INCLUDE me: I work w/ guys from malwarebytes' hpHosts on a regular basis!
I've professionally worked for decades as a combined domain-wide network admin & software engineer since 1994 (Even showing you HOW to migrate a hosts across an enterprise-> http://slashdot.org/comments.p... )
I've also been securing computers + WRITING GUIDES using CIS Tool (who took fixes from me http://slashdot.org/comments.p... - bonus) http://www.bing.com/search?q=%...
You told me you learn from guides?
I write good ones that MILLIONS USE & was PAID FOR IT http://pcpitstop.com/news/winn...
+ WARES TO PROTECT USERS that are endorsed & hosted by security pros -> http://hosts-file.net/?s=Downl...
You did all that? No!
(& that's ONLY a SMALL part of what I could put out)
APK
P.S.=> You're all TALK -> http://slashdot.org/comments.p... & a "ne'er-do-well" as far as security...apk
Re: "... In the end, doxing is a tactic that the powerless can effectively use against the powerful."
This is exactly what doxxing is, and in that respect it shares tactical (strategic?) space with IED's, hostage taking, beheadings, destruction of historical monuments, etc. There is also a notable lack of a reliable, respectability-seeking leadership to control the troops (doxxing is even more extreme in this respect than the currently hot terrorist groups).
As such I cannot support doxxing, not even in the abstract. It's too much like an anarchic free-for-all. While the leaders of the Three Letter Agencies have done little to endear themselves to me, I cannot rule out that they may become respectable again in the future. Yet who will turn down the mute button on Anonymous and all the other self-appointed determiners of truth, beauty and freedom?
It's just all too much like the Red Faction, Symbionese Liberation Army, and Aum Shinrikyo of days gone by. While information release isn't quite in the same class of damage as killing and maiming, it can still cause plenty of damage and the victims don't get any due process. Too bad the Three Letter Agencies don't believe in due process these days but I still do.
awesome !
best way to mobilize politicians. They'll finally understand why cryptography, privacy are important !
You forgot: (5) Live too long.
Socially acceptable behaviour changes over time in unpredictable ways. 10-20 years ago a mildly homophobic comment would have drawn no notice today you would get drummed out of office. Go back another decade or two and casual sexism was socially acceptable. People's, and society's, view of what is ok changes with time something become taboo and others become more accepted.
"APK doesn't think that DNS servers are worth running and seems to believe that somehow Microsoft Active Directory can run without DNS." - by Coren22 (1625475) on Tuesday October 27, 2015 @12:58PM (#50811615)
Where'd I say AD will run minus DNS Coren22? I've said AD = internal network DNS dependent back in 2007 http://forums.tweaktown.com/wi...
(Searching this in BOLD "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers!" referring to OpenDNS suggestions for those using AD stupid in the POST BEFORE IT in my security guides for users (geared to stand alone single machines no less), & right there on that page proves it stupid - so even if you posted as myself someplace here on /. "impersonating me", I have your ass NOW, shithead!)
I've also stated MANY TIMES I use remote DNS in OpenDNS @ home (but not @ work on AD networks since the free model does NOT work with AD specifically you lying little imbecile).
I also don't hardcode in "every site there is under the sun" is why, so I have to use DNS, but OpenDNS & rarely.
I also RARELY MISS A LOOKUP since I put where I spend a good 95++% of my time online in my favorite sites into hosts @ the TOP of hosts for utmost LOCAL FASTER RESOLUTION SPEEDS and more reliability vs. Open DNS (not OpenDNS) resolvers being abused, Kaminsky redirect poisoned DNS servers (of which 99.999% of ISP DNS are not proofed against to this very day even though a patch exists which OpenDNS uses), rogue DNS servers, and yes ROUTERS with bushwhacked by malware DNS settings (happening a LOT lately).
Hardcodes in hosts are faster than remote DNS, waste less resources than local dns in power, cpu cycles, RAM, & other I/O by FAR considering ALL THE PARTS of such a setup in programs, data, I/O, & power (especially if setup as a separate machine). Most people out there don't run a home LAN. They have single systems.
APK
That law enforcement and security agents seem to believe that they are the guards in the panopticon, when in fact they're just another prisoner.
"I guess we should avoid your crap, it looks like it is marked as malware. Good luck getting that removed." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)
False positive: I've wrote 'em long ago, no response vs. 60++ REPUTABLE sources (not nobodies) below that fries you Coren22!
Is that YOUR fake site for MORE LIES Coren22?
Lying about me LIKE YOU DID HERE punk? -> http://slashdot.org/comments.p... ??
---
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...
&
It's safe proven by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...
+
Its 32-bit model too https://www.virustotal.com/en/...
More "SALT IN YOUR WOUNDS" -> http://f.virscan.org/APKHostsF...
APK
P.S.=> /.'ers say my work is good too:
"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10, 2015 @03:34PM (#50287195)
"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015 @03:57PM (#50489401)
"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015 @11:30AM (#50736071)
"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg (948359) on Friday September 25, 2015 @09:57AM (#50596461)
left wingers engaging in computer crimes for political purposes?
The hacking of Sarah Palin's e-mails ring any bells? How about the main stream press actively embracing that criminal act and encouraging the public to help them dig for dirt in her private e-mails.
I still laugh at the FACT that they went through Sarah's PRIVATE e-mails (her government ones were ALWAYS available on the server in the Alaska government, unlike Hillary Clinton's which Hillarty kept on a private server) where one might expect evidence of wrong-doing and they found NOTHING.
Now Let's see what was in all the tens of thousands of emails Hillary deleted rather than hand over to the courts or congress as lawfully ordered.
Come to think of it.... where's all the social justice warrior hacking of left-wing politicians???? Oh. yeah. It's NOT the pursuit of TRUTH or JUSTICE; it's just partisan criminal action like the Watergate break-in that will not be investigated because a leftist is in the White House. Fred Thompson, the lawyer, actor, Republican Senator and, former congressional staffer on the Republican side of the Watergate investigation just died - HE was one the the many Republicans in Washington who helped get rid of Republican Richard Nixon for his political crimes (Thompson was the guy who asked Butterworth the question that unmasked the White House taping system). There ARE no Democrats in Washington who will EVER help fight corrupt Democrats.
Valerie Plame was NOT outed by Bob Novak, nor by Dick Cheney or Scooter Libby. The leaker confessed to Patrick Fitzgerald (the independent prosecutor) long before Fitzgerald nailed Libby.
It is a well-documented historical FACT that the leaker was Colin Powell's assistant Richard Armitage (NOT a Cheney stooge or ally). Fitzgerald went on to prosecute and jail Libby for having a different recollection of a phone call from that of the other person on the line at the time (a "crime" with no proof or documentation and which was not part of what he was charged to investigate) and NOT for leaking Plame's name, which Libby did not in fact do. I am NOT a fan of Bush or Cheney or anybody else involved on either side in this affair - I just detest false history being passed-around until it becomes so "accepted" that more people believe it than believe in the actual facts (for this reason, I am a HUGE fan of Buzz Aldrin punching-out the moon-hoaxer who used to follow him around (smile))
Oh, and note to all you Cheney-haters who still cite the Plame case: Valerie Plame was NOT an undercover CIA agent in the field when she was "outed"; she was working in a comfortable office in Washington D.C. and plenty of people knew who she was. Are any of you "outraged" that President Obama "outed" our actual under-cover CIA station chief in Kabul Afghanistan????? Yeah, I thought so. Your faux-outrage over the Plame matter was just a political tactic - you people cared nothing for Plame or national security - if you did you'd be calling for Obama to be prosecuted and jailed as many of you were clamoring for with Cheney over Plame.