The Rise of Political Doxing

An anonymous reader writes: Security guru Bruce Schneier predicts a new trend in hacking: political doxing. He points to the recent hack of CIA director Jack Brennan's personal email account and notes that it marks a shift in the purpose of email hacking: "Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press." Schneier continues, "As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it. ... In the end, doxing is a tactic that the powerless can effectively use against the powerful."

What a clever prediction

[The-Ixian]

I guess this is why Bruce Schneier is a guru and gets the big bucks....

Re:What a clever prediction

[thedonger]

More like, "Bruce Schneier predicts current trend will continue based on observance of current trend continuing."

There's already a word for it.

Simple counter-measure

[BarbaraHudson]

There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

Re:Simple counter-measure

[Shoten]

There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

Interesting. This is effectively the same as the argument put forth by the surveillance hawks who want to monitor everything. "Don't do anything that makes you look guilty, and there's nothing to worry about."

The fact is that it's not just about personal shame. People have been pilloried over things they didn't have any problem with personally, but which in turn caused massive backlash...with real consequences...from the public. And also noteworthy is that in this case, personal information (like SSNs, names of family members, etc.) were also put out in the open. So it's not just about shame.

Re:Simple counter-measure

[RabidReindeer]

You should be ashamed of yourself, you do-nothing!

Re:Simple counter-measure

[LaurenCates]

I always said to myself that if I were to ever run for office, that I would create a website that listed all my dirty laundry. Anything that might be considered something that someone, somewhere might use to say "she's got something to hide" goes on there. Nothing off-limits. Because I've made mistakes like any dumb kid might have.

Point I would be making in such a site would the line I'd put at the end:

"Okay, now that we're done with bullshit that has nothing to do with the job I'm applying for, let's get to talking about things that are relevant."

Re:Simple counter-measure

There are things in E-mail that I don't want out, even though I'm not ashamed about them:

1: Password change/requests. This is easily identifiable info for ID thieves.
2: Personal items from family/friends. Why does the world need to know that my RV leaks from the cabover and I'm having a carpenter in to rip out the interior and rebuild it?
3: What I buy from Amazon. Again, nothing illegal, but I don't care to have the fact that my taste (or lack of) in music and literature be for all to see.
4: I don't want all and sundry to know my work schedule or what type of alarm I use for my house.

Yes, it is easy to say, "what do you have to hide?", but privacy is still necessary.

Re:Simple counter-measure

[soloes]

context is everything. Just because you do something that is good, does not mean that people cannot just publicize part of it and make it look bad.

Re:Simple counter-measure

[DarkOx]

Right but this is the very argument against collecting and aggregating the information at all. It is harmful when its released and sooner or later it does get out or does get aggregated.

The very politicians crying about this today will be the ones arguing to create another national registry or list of some kind tomorrow unless they fell the pain from this.

The public needs to see how harmful this stuff is and unfortunately the only way we are ever going to get Jane and Joe average to care is if they see some good people ( or people they think are good people) get really really hurt by this stuff. Otherwise the "won't somebody thing of the children" argument is always going to win.

Most of this doxing stuff ultimately comes from public records, yes there are some private records that doxers go after as well but the really hurtful stuff tends to be public records. Government knows to much about us. We need that to change. So the next time some dumbshit thinks something like a national health care program is a good idea let alone national id, it will go down in flames like it should.

Re:Simple counter-measure

[LaurenCates]

I'm surprised someone hasn't already said "yeah, but your social security number", or "yeah, but your nude photos".

Or, simply, yeah, well, you support that, and I don't agree with you, therefore I can classify you as an idiot and ignore anything else you have to say.

*shrug*. The former can be dug up ("dig it up if you really need it for something"), and there's nothing I can do to stop it, the latter would have to be photoshopped ("those don't exist, but I wouldn't be ashamed of them if they did"), and the last...well, I guess if someone were looking to find a reason to think I was an idiot, they would have come to the conclusion long before reading the list, if they bothered to read it at all.

On the other hand, I suspect it would cause a great deal of support for me if I actually decided to go with the campaign slogan I intend to use:

"The c*nt who gets sh*t done."

Lack of decorum aside, at least nobody can paint me as thin-skinned or afraid of the "sexism" boogeyman.

Re:Simple counter-measure

[BarbaraHudson]

The downside is that the only people that can run for office are people who knew they wanted to be politicians when they were kids.

Those are the last people to put in charge of anything important. Remember the student council suckups? Those are the only people living boring enough lives to be politicians.

Not true. Obama admits to having used crack, GWB is known to have an alcohol and drug problem, nobody believes Clinton didn't inhale ... Heck, internationally notorious former mayor of Toronto Rob Ford got re-elected to city council despite admitting to crack and alcoholism, and all the videos out there of him losing it time after time. Anyone who looks too good is immediately suspect.

Re:Simple counter-measure

[gurps_npc]

Wrong. On so many levels.

Ever hear about Bridget McCain? She is the very dark skinned adopted daughter of John McCain. His wife found her - a child with a facial deformity and a serious heart condition. They adopted this wonderful girl in need and gave her all the love and medical help they could. Mr. McCain was never embarrassed by her. But during the 2000 election, George Bush's lying scumbag allies sent out a phone poll asking:

"Would you be more or less likely to vote for John McCain if you knew he had fathered an illegitimate black child?"

McCain lost the South Carolina primary in part because of this bold faced lie. In this particular case, they never hid anything about her, but the point is fairly clear - there are lots of things that LOOK bad but aren't bad. Politics is a game of perceptions.

Merely not doing actually bad things isn't enough. You also have to avoid doing anything you can stretch and deform into an attack.

So no, actual innocence is not enough of a protection, we also need legal rights to privacy.

Re:Simple counter-measure

[Jason+Levine]

As a counter-point, I've been the target of a stalker online. She stalked an account where I used a pseudonym and didn't use my real name/address at all. Another person she stalked used his real name. She contacted his employer (a school) and told them he molested children. She contacted everyone on Facebook who shared his last name and lived in his general area to tell them this also. She even claimed to have contacted the police about him. Needless to say, this was all made up by her. (She claimed that god told her all this so you can guess how effective arguing with her is. After all, how can you argue against "god told me this directly"?) These allegations could easily have gotten him fired. He was lucky enough that he was able to warn his employer and his family/friends/police ignored her. Still, she was able to make his life miserable for years.

I'm thankful that this person DIDN'T know my real name, home address, employer, or any other information about me. Do I have anything to hide? No. However, people can do damage with false allegations if they have the right information about you. By the time you refute the allegations, the damage might already have been done.

Re:Simple counter-measure

[BarbaraHudson]

If you're not ready to fight for your rights and freedoms, you deserve neither.

Translation: "Fuck everyone less fortunate than me".

No. It's the less fortunate who too often are the only ones with the guts to fight for their rights, as opposed to the well-off sheeple. People who are well off and content don't want to change their situation, so the initial push for all social progress comes from those who aren't so privileged. Simple fact of life.

Note that the "If you're not ready to fight for your rights and freedoms, you deserve neither" also applies to the fat contented cows of society as well, who simply can't imagine that anyone would dare take away *their* freedoms, because they're privileged. Moo!

I see it differently

[Howitzer86]

In the end, doxing is a tactic that the powerless can effectively use against the powerful.

...Or keep the powerless in their place.

We have secrets and embarrassing things on Facebook and other places online that will never go away and can be found if you look hard enough. Most of us don't have the luxury of being groomed from birth to be politicians and avoid these pitfalls.

Political Doxxing has been going on forever

[jmac_the_man]

This isn't the rise of political doxxing, simply because it has been going on forever.

Going through Sarah Palin's emails (either the official ones the judge ordered released and the New York Times attempted to crowdsource finding embarassing stuff OR the ones that the 4chan hacker whose father was an elected Democrat released) was an attempted doxxing.

What Bradley Manning did was a doxxing. Hell, so was the release of the Pentagon Papers.

Jumping even further back, the XYZ Affair was revealed by a doxxer leaking details to the (partisan) press.

Releasing your opponent's embarrassing documents has probably been going on for as long as we've had written language.

Re:HA .. oh god .. HA

[Giant+Electronic+Bra]

Exactly. How long will it be before such people start to just vanish into some black hole somewhere. If that doesn't work then their family, friends, etc will likewise suffer. This is always the last resort of the more powerful to the weaker. That's what being weaker MEANS, you can't protect yourself.

And if the tactic does work? It will just become another tool of the scumbags. Turds always float to the surface.

CIA directory

[NostalgiaForInfinity]

When the CIA director has his AOL account "hacked", it is a demonstration of his utter incompetence, not "doxing". And the inability of top government officials to control even their own, valuable private information is politically highly significant, given how much information the US federal government is increasingly collecting about us: detailed financial and banking information, medical records, detailed census information, and lots more.

Re:CIA directory

[NostalgiaForInfinity]

As far as I know he didn't have any government information on his AOL account and at best minor information in his account. But still. The point remains. What did Brennan do that was incompetent?

Apparently, he kept a completed SF-86 form in his account. Apart from any possible government security concern, that is a serious problem for him as an individual, because it places him at grave risk of identity theft. And he kept that information in accounts with known weak security. A competent security professional wouldn't place his personal information at this kind of risk.

So, if the CIA director lacks the competence to safeguard even his personal information, how can we trust him with safeguarding the information of our nation?

Kennedy says hello

[tomhath]

JFK doxed Nixon a couple of times back in the 1960 campaign. You can look it up.

Re:Smallest violin ever

[Noah+Haders]

The CIA wants to read my email, know what websites I visit, etc. turn about is fair play.

that's such an ignorant comment! Everybody knows that CIA is prohibited from taking action on domestic soil and can only work in foreign countries.

Re:Incompetent poster?

[NostalgiaForInfinity]

The CIA director did nothing wrong. He didn't choose a lousy password. He didn't leave a copy of it lying around. He didn't even send it in e-mail to the wrong person. The security failure, according to this account, was entirely with Verizon and AOL. Yet still Brennan's e-mail was leaked to the press and posted on WikiLeaks.

Yes, and Bruce is wrong. The fact that Verizon and AOL have weak security is well known and ought to be obvious to anybody with any kind of knowledge of computer security. If a CIA director stores information that he obviously values on systems that he ought to know can be trivially breached, it calls into question his competence.

One obvious step would be to hold the providers accountable for security failures.

It would be. But since these security holes have been well known for many years and have hurt many people, the fact that these providers haven't been held accountable for them in the past shows that the government doesn't give a fuck. If they now crack down on providers because a government official was caught with his pants down, that is simple vindictiveness and arbitrariness.

It was simply personal stuff about him, nothing that compromised security.

For high government officials, the release of personal information does compromise security, because it makes them susceptible to identity theft and blackmail. But even if it didn't, evidently he didn't like this information being released, yet he stored it on a system he ought to have known was woefully insecure.

And yet, internet sheep immediately jump to a conclusion of "incompetence", a charge that would ordinarily haunt a person in future job prospects for the rest of their life.

I sure hope so!

Re:HA .. oh god .. HA

[ShanghaiBill]

If you believe that "the powerful" won't implement a countermeasure that makes us all regret the doxing, you're a moron.

I already regret it. This doxing is just one more reason for good people to avoid public office. There are reasons that many of our leaders are narcissistic sociopaths, and by driving away good people, this is just making it worse.