information imbalance - The Rise of Plitical Doxing [ bonus points for contrast with AP! :]
http://motherboard.vice.com/read/the-rise-of-political-doxing Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive. It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible. Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more. Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million. In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA. These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it. On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against. What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals. Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private. In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult. There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments. When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen. If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Where is the OPM link in .7z format? - - intelemetry oshwm:
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJWNldEAAoJEEN278Ja4tg+TBML/RWpC/tyJmDWcqRb+XXgxGeD zCxaWgqgxSJaqzxe4YR2qwyRQBg5zqTSZA4vxLVPjaXUpQ+0cqFpDfhVxRXoJvk8 Ei40bNGhRXorjQBKkSyb9OCQeljzmK4a8Hbyjw7AtVZmHJtBlj/jzVr2xPpJC5lk KGKYInfi+hIIMstKHMjao1ZCU0F1nUJqRbisxDAIoZRoOozRFHUkmxNN4Pj75L0t egMfpdUrh657Vgdrc1pz8EEtr72lofCGjeQ+ZbSD4z++nrrbuMVicodPrV9I0Z0m ZJhY4gPazDnQa4JvgzJ9+lASoCwxaQz3eKM5pr/GpU3lWiJ+Xn2YG1K8A4PIu04F 8GfNjNtSu6dViaLl7fKoKkLicDL9wOIeFOsChUztYBflbYyjvoot+WKdOIXecs+0 /elzxQaTyIqPjrayRdVzX+8r1x4l+lB35ciQu/rh495qgXQVZq9fX+wWU26ECDXO obCzKZR+Gmr9ryvcImvaTmhfF04NvxEExas8mvcsaQ== =0yTd -----END PGP SIGNATURE-----
On 01/11/15 18:17, intelemetry wrote:
Where is the OPM link in .7z format?
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data? As for the real question, my ethical argument still stands:- Those people in the OPM leak who were using personal resources to conduct government business got what they deserved (leaked). Those who were being honest and kept business dealing to the appropriate and democratically accountable systems did not deserve their details to be leaked. Then there is another group who work to deceive the public and preserve the state at any cost, those also deserve to be leaked (NSA, CIA, FBI etc etc). The hack on OPM also proves another thing that Governments (or indeed anyone) should not create large databases of personal information because they become huge and irresistable targets for crackers.
- intelemetry
oshwm:
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 It proves peoplesoft is a piece of shit. oshwm:
On 01/11/15 18:17, intelemetry wrote:
Where is the OPM link in .7z format?
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data?
As for the real question, my ethical argument still stands:-
Those people in the OPM leak who were using personal resources to conduct government business got what they deserved (leaked).
Those who were being honest and kept business dealing to the appropriate and democratically accountable systems did not deserve their details to be leaked.
Then there is another group who work to deceive the public and preserve the state at any cost, those also deserve to be leaked (NSA, CIA, FBI etc etc).
The hack on OPM also proves another thing that Governments (or indeed anyone) should not create large databases of personal information because they become huge and irresistable targets for crackers.
- intelemetry
oshwm:
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim
of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJWNmjwAAoJEEN278Ja4tg+nW8MAIY0FdT9O08i/lEjTx6PuZIo kaPwFve8vsTbK4zSC5KDh9aBaLdTkMqmSl2sVAIyCtDXA/pfbhq2gbT4NzwEzOcy FldFdRlU6pQcKLEfyA5R+bnvRepB6htciJznGdnknTtd0p97F6eugkMF/ifV5XpC qicLWLucLPo4lRaLIIk6OXruaMGxnpQOwRMPMFFv4h2zxDMIbfNFsibRQJXnp0QL FaXKCQh5+v/YAYWUp0SmK5XaDxyK//8Y3FkPUa+bXwHP/w48txJ0ljZXxtsrsWAF qj/HO0wT4P6hlyiizmxFWJ6AxI3yx9c4RqaqG/kRvU6fp13yHqRfytBUGKQJqbyY zmjsGp6IyX8k0GChqp/57pwmuaUNwFo7mX4Be9HyDMh+kZQdDlcSpFjCbnPooR8j UE9KKpp4ggOpa5RO75sFtJamiW/bT6uBRdGrcvIP9JxXIV/ZAczQt2/Ev3Kok6Ib FC79SnjV11QGUj5qgM9zK9Z6L9S4dtLvBSZkOKQgCw== =FLPZ -----END PGP SIGNATURE-----
On 01/11/15 19:33, intelemetry wrote:
It proves peoplesoft is a piece of shit.
ha ha, I'm not sure government uses any corps that actually know what they're doing :D
oshwm:
On 01/11/15 18:17, intelemetry wrote:
Where is the OPM link in .7z format?
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data?
As for the real question, my ethical argument still stands:-
Those people in the OPM leak who were using personal resources to conduct government business got what they deserved (leaked).
Those who were being honest and kept business dealing to the appropriate and democratically accountable systems did not deserve their details to be leaked.
Then there is another group who work to deceive the public and preserve the state at any cost, those also deserve to be leaked (NSA, CIA, FBI etc etc).
The hack on OPM also proves another thing that Governments (or indeed anyone) should not create large databases of personal information because they become huge and irresistable targets for crackers.
- intelemetry
oshwm:
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim
of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 My question here is regarding the covert exfil of the hack. Check out somebody like darktrace: https://www.darktrace.com/ https://en.wikipedia.org/wiki/Network_Behavior_Anomaly_Detection That egress would be a monumental NOC IDS trigger, especially for an anomaly detection system. Have to imagine the database is big. Especially if you do anomaly detection on the SIEM collecting things like DNS, flow, etc. Probably a pivot into the Oracle database. The coupling between PeopleSoft and the backend is weird. The question is whether this is everybody because agencies sponsor clearance and may or may not partition their own records on the backend. Something doesn't make sense here. If they can catch the white house non-classified penetration with low traffic and no exfil the OPM hack seems like it should have been detected easily. Moreover, there are automatic kill-chains in a lot of this infrastructure: == begin white house == http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclass ified-emails-officials-say.html?_r=0 http://fortune.com/2015/04/07/russians-hacked-white-house/ == end white house == http://www.lockheedmartin.com/us/what-we-do/information-technology/cybe rsecurity/tradecraft/cyber-kill-chain.html http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-ki ll-chain/a/d-id/1317542 I have to imagine they have a switch with inline and span analytics and IDS/IPS, anomaly detection, and logging from multiple telemetry sources. Grabbing that data from that network and running remotely seems like a hefty attack without compromising the actual reporting devices. Which has been done: http://www.phenoelit.org/stuff/CiscoInTheSkyWithDiamonds.pdf ^^ virtual networking It would be interesting to know how much is virtual networking out there these days in the government. - - intelemetry oshwm:
On 01/11/15 19:33, intelemetry wrote:
It proves peoplesoft is a piece of shit.
ha ha, I'm not sure government uses any corps that actually know what they're doing :D
oshwm:
On 01/11/15 18:17, intelemetry wrote:
Where is the OPM link in .7z format?
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data?
As for the real question, my ethical argument still stands:-
Those people in the OPM leak who were using personal resources to conduct government business got what they deserved (leaked).
Those who were being honest and kept business dealing to the appropriate and democratically accountable systems did not deserve their details to be leaked.
Then there is another group who work to deceive the public and preserve the state at any cost, those also deserve to be leaked (NSA, CIA, FBI etc etc).
The hack on OPM also proves another thing that Governments (or indeed anyone) should not create large databases of personal information because they become huge and irresistable targets for crackers.
- intelemetry
oshwm:
On 01/11/15 03:53, coderman wrote:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim
of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account and published emails and documents found inside, many of them personal and sensitive.
It's called doxing—sometimes doxxing—from the word "documents." It emerged in the 1990s as a hacker revenge tactic, and has since been as a tool to harass and intimidate people on the internet. Someone would threaten a woman with physical harm, or try to incite others to harm her, and publish her personal information as a way of saying "I know a lot about you—like where you live and work." Victims of doxing talk about the fear that this tactic instills. It's very effective, by which I mean that it's horrible.
Brennan's doxing was slightly different. Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press. This doxing was a political act, and we're seeing this kind of thing more and more.
Lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private
Last year, the government of North Korea allegedly did this to Sony. Hackers the FBI believes were working for North Korea broke into the company's networks, stole a huge amount of corporate data, and published it. This included unreleased movies, financial information, company plans, and personal emails. The reputational damage to the company was enormous; the company estimated the cost at $41 million.
In July, hackers stole and published sensitive documents from the cyberweapons arms manufacturer Hacking Team. That same month, different hackers did the same thing to the infidelity website Ashley Madison. In 2014, hackers broke into the iCloud accounts of over 100 celebrities and published personal photographs, most containing some nudity. In 2013, Edward Snowden doxed the NSA.
These aren't the first instances of politically motivated doxing, but there's a clear trend. As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it.
On the internet, attack is easier than defense. We're living in a world where a sufficiently skilled and motivated attacker will circumvent network security. Even worse, most internet security assumes it needs to defend against an opportunistic attacker who will attack the weakest network in order to get—for example—a pile of credit card numbers. The notion of a targeted attacker, who wants Sony or Ashley Madison or John Brennan because of what they stand for, is still new. And it's even harder to defend against.
What this means is that we're going to see more political doxing in the future, against both people and institutions. It's going to be a factor in elections. It's going to be a factor in anti-corporate activism. More people will find their personal information exposed to the world: politicians, corporate executives, celebrities, divisive and outspoken individuals.
Of course they won't all be doxed, but some of them will. Some of them will be doxed directly, like Brennan. Some of them will be inadvertent victims of a doxing attack aimed at a company where their information is stored, like those celebrities with iPhone accounts and every customer of Ashley Madison. Regardless of the method, lots of people will have to face the publication of personal correspondence, documents, and information they would rather be private.
In the end, doxing is a tactic that the powerless can effectively use against the powerful. It can be used for whistleblowing. It can be used as a vehicle for social change. And it can be used to embarrass, harass, and intimidate. Its popularity will rise and fall on this effectiveness, especially in a world where prosecuting the doxers is so difficult.
There's no good solution for this right now. We all have the right to privacy, and we should be free from doxing. But we're not, and those of us who are in the public eye have no choice but to rethink our online data shadows.
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
-----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJWNnKjAAoJEEN278Ja4tg+RRcL/2OjYhzQPR42GddWdgg5OJjn EZ4BnXPug9wJlAjXpAufpF4dOX8EzYLtFbwdn6lcxJpxie6R2v6OBVHnU+dw8srW 0iKqUs2VT/zebBw+mt809od97pQz3MCPjbFgMrNGiPY1nOArQvzj7XanHF91QOcd hKrrwmWkIR+hjMAErUgtw0an2RoXSW9hxSjQkKY1vt44TnGxBLWCOECQLtBm5+8D fCK9T1vsl+6aqqOa8iEIHMQV8YEl/Q/P3XY3ilbwPtFDZdwKmAatRhvAMDRQkKn5 DGTdDURlSWUe/lt5iswQTPKMv2lf2FIqlAQpSgfNuVKN9fNdzPjhAbBwo2MmsSss tNLiMLcI3CVKWLieVOIN674piVoscLZKaemYGYFU4l02iVpG9NphFbPrxIuwwxaZ MCWeiMi/Llp7+cKqlkeFINOteYntswV/XAp1zw/v7cPZaIsFgwi62PKTNhDltuFE oB1YSoV+X58a/Yjsv54/M5beMsNsjjLbkH95oqSzuw== =Mz0p -----END PGP SIGNATURE-----
A lot of reading there for me to be able to answer intelligently but I see what you're saying - how to walk out of the door with all that data on a Lady Gaga CD :D On 01/11/15 20:14, intelemetry wrote:
My question here is regarding the covert exfil of the hack.
Check out somebody like darktrace: https://www.darktrace.com/
https://en.wikipedia.org/wiki/Network_Behavior_Anomaly_Detection
That egress would be a monumental NOC IDS trigger, especially for an anomaly detection system. Have to imagine the database is big. Especially if you do anomaly detection on the SIEM collecting things like DNS, flow, etc.
Probably a pivot into the Oracle database. The coupling between PeopleSoft and the backend is weird.
The question is whether this is everybody because agencies sponsor clearance and may or may not partition their own records on the backend.
Something doesn't make sense here. If they can catch the white house non-classified penetration with low traffic and no exfil the OPM hack seems like it should have been detected easily. Moreover, there are automatic kill-chains in a lot of this infrastructure:
== begin white house == http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclass ified-emails-officials-say.html?_r=0
http://fortune.com/2015/04/07/russians-hacked-white-house/ == end white house ==
http://www.lockheedmartin.com/us/what-we-do/information-technology/cybe rsecurity/tradecraft/cyber-kill-chain.html
http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-ki ll-chain/a/d-id/1317542
I have to imagine they have a switch with inline and span analytics and IDS/IPS, anomaly detection, and logging from multiple telemetry sources. Grabbing that data from that network and running remotely seems like a hefty attack without compromising the actual reporting devices. Which has been done:
http://www.phenoelit.org/stuff/CiscoInTheSkyWithDiamonds.pdf
^^ virtual networking
It would be interesting to know how much is virtual networking out there these days in the government.
- intelemetry
oshwm:
On 01/11/15 19:33, intelemetry wrote:
It proves peoplesoft is a piece of shit.
ha ha, I'm not sure government uses any corps that actually know what they're doing :D
oshwm:
On 01/11/15 18:17, intelemetry wrote:
Where is the OPM link in .7z format?
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data?
As for the real question, my ethical argument still stands:-
Those people in the OPM leak who were using personal resources to conduct government business got what they deserved (leaked).
Those who were being honest and kept business dealing to the appropriate and democratically accountable systems did not deserve their details to be leaked.
Then there is another group who work to deceive the public and preserve the state at any cost, those also deserve to be leaked (NSA, CIA, FBI etc etc).
The hack on OPM also proves another thing that Governments (or indeed anyone) should not create large databases of personal information because they become huge and irresistable targets for crackers.
- intelemetry
oshwm:
On 01/11/15 03:53, coderman wrote: > http://motherboard.vice.com/read/the-rise-of-political-doxing > > >
> Last week, CIA director John O. Brennan became the latest victim > of what's become a popular way to embarrass and harass > people on the internet. A hacker allegedly broke into his > AOL account and published emails and documents found > inside, many of them personal and sensitive. > > It's called doxing—sometimes doxxing—from the word > "documents." It emerged in the 1990s as a hacker revenge > tactic, and has since been as a tool to harass and > intimidate people on the internet. Someone would threaten > a woman with physical harm, or try to incite others to > harm her, and publish her personal information as a way > of saying "I know a lot about you—like where you live and > work." Victims of doxing talk about the fear that this > tactic instills. It's very effective, by which I mean > that it's horrible. > > Brennan's doxing was slightly different. Here, the > attacker had a more political motive. He wasn't out to > intimidate Brennan; he simply wanted to embarrass him. > His personal papers were dumped indiscriminately, fodder > for an eager press. This doxing was a political act, and > we're seeing this kind of thing more and more. > > Lots of people will have to face the publication of > personal correspondence, documents, and information they > would rather be private > > Last year, the government of North Korea allegedly did > this to Sony. Hackers the FBI believes were working for > North Korea broke into the company's networks, stole a > huge amount of corporate data, and published it. This > included unreleased movies, financial information, > company plans, and personal emails. The reputational > damage to the company was enormous; the company estimated > the cost at $41 million. > > In July, hackers stole and published sensitive documents > from the cyberweapons arms manufacturer Hacking Team. > That same month, different hackers did the same thing to > the infidelity website Ashley Madison. In 2014, hackers > broke into the iCloud accounts of over 100 celebrities > and published personal photographs, most containing some > nudity. In 2013, Edward Snowden doxed the NSA. > > These aren't the first instances of politically > motivated doxing, but there's a clear trend. As people > realize what an effective attack this can be, and how an > individual can use the tactic to do considerable damage > to powerful people and institutions, we're going to see a > lot more of it. > > On the internet, attack is easier than defense. We're > living in a world where a sufficiently skilled and > motivated attacker will circumvent network security. Even > worse, most internet security assumes it needs to defend > against an opportunistic attacker who will attack the > weakest network in order to get—for example—a pile of > credit card numbers. The notion of a targeted attacker, > who wants Sony or Ashley Madison or John Brennan because > of what they stand for, is still new. And it's even > harder to defend against. > > What this means is that we're going to see more > political doxing in the future, against both people and > institutions. It's going to be a factor in elections. > It's going to be a factor in anti-corporate activism. > More people will find their personal information exposed > to the world: politicians, corporate executives, > celebrities, divisive and outspoken individuals. > > Of course they won't all be doxed, but some of them > will. Some of them will be doxed directly, like Brennan. > Some of them will be inadvertent victims of a doxing > attack aimed at a company where their information is > stored, like those celebrities with iPhone accounts and > every customer of Ashley Madison. Regardless of the > method, lots of people will have to face the publication > of personal correspondence, documents, and information > they would rather be private. > > In the end, doxing is a tactic that the powerless can > effectively use against the powerful. It can be used for > whistleblowing. It can be used as a vehicle for social > change. And it can be used to embarrass, harass, and > intimidate. Its popularity will rise and fall on this > effectiveness, especially in a world where prosecuting > the doxers is so difficult. > > There's no good solution for this right now. We all have > the right to privacy, and we should be free from doxing. > But we're not, and those of us who are in the public eye > have no choice but to rethink our online data shadows. >
Political figures in most countries have been using their personal email accounts to conduct business 'under the radar' in order to avoid information being subject to oversight, most probably because its illegal, unconstitutional or at the very least not good for the image of governments.
When they started to do this, they threw the book on ethics in the bin and opened themselves up to any abuse of their personal life that may happen.
If people in power act properly in their professional dealings then their is an argument against d0xing their personal information but once they start to try to hide information then it's open season on every aspect of their life.
On 11/01/2015 01:33 PM, intelemetry wrote:
Didn't Barrett Brown end up in Solitary Confinement for giving out links to data?
My article at Revolution News analyzing the transcript to his second and final sentencing hearing, answers this question in detail. http://revolution-news.com/barrett-brown-vs-the-dept-of-justice-defining-the...
On 11/1/15, Douglas Lucas <dal@riseup.net> wrote:
... My article at Revolution News analyzing the transcript to his second and final sentencing hearing, answers this question in detail.
http://revolution-news.com/barrett-brown-vs-the-dept-of-justice-defining-the...
thanks for pointing out OPSEC failures against federal agents. while i think it is unreasonable to expect anyone but hardened #infosec malcontents to be able to do this, reliably, i understand why you point this out as most significant liability for Barry. my selfish take: his writing from prison is much more potent. it will be good for him? (it is at least entertaining to me. and his commissary can always use a tip! :) best regards,
Dnia sobota, 31 października 2015 20:53:09 coderman pisze:
http://motherboard.vice.com/read/the-rise-of-political-doxing
Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the internet. A hacker allegedly broke into his AOL account (...)
He still used AOL? No need for the contents of the account, the mere fact is embarassing enough. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
participants (6)
-
coderman -
Douglas Lucas -
grarpamp -
intelemetry -
oshwm -
rysiek