information imbalance - The Rise of Plitical Doxing [ bonus points for contrast with AP! :]

coderman coderman at gmail.com
Sat Oct 31 20:53:09 PDT 2015 

http://motherboard.vice.com/read/the-rise-of-political-doxing

Last week, CIA director John O. Brennan became the latest victim of
what's become a popular way to embarrass and harass people on the
internet. A hacker allegedly broke into his AOL account and published
emails and documents found inside, many of them personal and
sensitive.

It's called doxing—sometimes doxxing—from the word "documents." It
emerged in the 1990s as a hacker revenge tactic, and has since been as
a tool to harass and intimidate people on the internet. Someone would
threaten a woman with physical harm, or try to incite others to harm
her, and publish her personal information as a way of saying "I know a
lot about you—like where you live and work." Victims of doxing talk
about the fear that this tactic instills. It's very effective, by
which I mean that it's horrible.

Brennan's doxing was slightly different. Here, the attacker had a more
political motive. He wasn't out to intimidate Brennan; he simply
wanted to embarrass him. His personal papers were dumped
indiscriminately, fodder for an eager press. This doxing was a
political act, and we're seeing this kind of thing more and more.

    Lots of people will have to face the publication of personal
correspondence, documents, and information they would rather be
private

Last year, the government of North Korea allegedly did this to Sony.
Hackers the FBI believes were working for North Korea broke into the
company's networks, stole a huge amount of corporate data, and
published it. This included unreleased movies, financial information,
company plans, and personal emails. The reputational damage to the
company was enormous; the company estimated the cost at $41 million.

In July, hackers stole and published sensitive documents from the
cyberweapons arms manufacturer Hacking Team. That same month,
different hackers did the same thing to the infidelity website Ashley
Madison. In 2014, hackers broke into the iCloud accounts of over 100
celebrities and published personal photographs, most containing some
nudity. In 2013, Edward Snowden doxed the NSA.

These aren't the first instances of politically motivated doxing, but
there's a clear trend. As people realize what an effective attack this
can be, and how an individual can use the tactic to do considerable
damage to powerful people and institutions, we're going to see a lot
more of it.

On the internet, attack is easier than defense. We're living in a
world where a sufficiently skilled and motivated attacker will
circumvent network security. Even worse, most internet security
assumes it needs to defend against an opportunistic attacker who will
attack the weakest network in order to get—for example—a pile of
credit card numbers. The notion of a targeted attacker, who wants Sony
or Ashley Madison or John Brennan because of what they stand for, is
still new. And it's even harder to defend against.

What this means is that we're going to see more political doxing in
the future, against both people and institutions. It's going to be a
factor in elections. It's going to be a factor in anti-corporate
activism. More people will find their personal information exposed to
the world: politicians, corporate executives, celebrities, divisive
and outspoken individuals.

Of course they won't all be doxed, but some of them will. Some of them
will be doxed directly, like Brennan. Some of them will be inadvertent
victims of a doxing attack aimed at a company where their information
is stored, like those celebrities with iPhone accounts and every
customer of Ashley Madison. Regardless of the method, lots of people
will have to face the publication of personal correspondence,
documents, and information they would rather be private.

In the end, doxing is a tactic that the powerless can effectively use
against the powerful. It can be used for whistleblowing. It can be
used as a vehicle for social change. And it can be used to embarrass,
harass, and intimidate. Its popularity will rise and fall on this
effectiveness, especially in a world where prosecuting the doxers is
so difficult.

There's no good solution for this right now. We all have the right to
privacy, and we should be free from doxing. But we're not, and those
of us who are in the public eye have no choice but to rethink our
online data shadows.

More information about the cypherpunks mailing list