Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security Politics

The Rise of Political Doxing (schneier.com) 176

An anonymous reader writes: Security guru Bruce Schneier predicts a new trend in hacking: political doxing. He points to the recent hack of CIA director Jack Brennan's personal email account and notes that it marks a shift in the purpose of email hacking: "Here, the attacker had a more political motive. He wasn't out to intimidate Brennan; he simply wanted to embarrass him. His personal papers were dumped indiscriminately, fodder for an eager press." Schneier continues, "As people realize what an effective attack this can be, and how an individual can use the tactic to do considerable damage to powerful people and institutions, we're going to see a lot more of it. ... In the end, doxing is a tactic that the powerless can effectively use against the powerful."
This discussion has been archived. No new comments can be posted.

The Rise of Political Doxing

Comments Filter:
  • by The-Ixian ( 168184 ) on Monday November 02, 2015 @10:14AM (#50846963)

    I guess this is why Bruce Schneier is a guru and gets the big bucks....

    • More like, "Bruce Schneier predicts current trend will continue based on observance of current trend continuing."

      There's already a word for it.

      • There are plenty of reasons for people to hack into politician's email. Doxing is one of them, but so is investigating wrong doing. Sometimes searching for the wrong doing can lead to bashing. People can get caught early, or have access to the "other" mail server and just dump for their 5 minutes of fame. Is that Doxing? *shrug* I think that depends on intent, and in most cases no.

        Yeah, this guy tells us what security people have been saying for more than a quarter of a century. How can the rest of us

  • by BarbaraHudson ( 3785311 ) <barbara.jane.hud ... minus physicist> on Monday November 02, 2015 @10:20AM (#50847025) Journal
    There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.
    • Its simply not that easy. People are always looking for weaknesses. Even if you own up to everything you have done, people will still look to take advantage of the information. Its a huge massive attack surface.
      • Kind of hard to "take advantage of it" if it's old news to everyone.
        • Its just not that simple and you know it. Things that you do today, might become a problem later due to cultural or political shifts. Privacy is important, full disclosure is not an option for humans. The only way this would work is if we had true human telepathy and a hive mind.
          • If it becomes a problem later, then fight for your rights. If you're not ready to fight for your rights and freedoms, you deserve neither.
            • by mjm1231 ( 751545 )

              So your proposal is:

              1. Release everything
              2. Determine which bits are "a problem"
              3. Fight for your right to privacy.

              Of course, as a political candidate, you'll then be branded as flip flopping on the issue.

              • So your proposal is:

                1. Release everything 2. Determine which bits are "a problem" 3. Fight for your right to privacy.

                Of course, as a political candidate, you'll then be branded as flip flopping on the issue.

                No.
                1 Release everything
                2 If after this, people won't vote for you, that is their free and informed choice.

                There is no "right to win" a political office despite what the Bushes seem to think, just a right to run for it. People have a right to a free and informed vote, despite political wankers believing that once you can fake sincerity, you've got it made.

                • by mjm1231 ( 751545 )

                  This is only true if all information about a person is relevant to their candidacy. I reject this as completely and ridiculously false. There are many things I don't need or want to know about anyone.

                  There is some information that does nothing at all in the way of making one more informed.

          • A good example of this was the Mozilla CEO that was ousted because he supported an anti-gay group when that was the norm.

        • Then they simply either make up something you did (perhaps basing it on something that really happened so there's a grain of truth) or they take something that happened out of context so that it sounds much worse.

          For example, suppose your list includes "drove drunk once when I was 19." A political hit squad could spread the word that you actually were arrested after you drove drunk, hit another car, and killed an 8 year old girl. Is it true? Of course not. But now you're spending time refuting this stor

          • If you've already put the facts out there, before anyone else makes the allegations, most people won't be stupid enough to fall for it. Those that do would have voted republican / conservative anyway, so no increased losses either way.
    • by Shoten ( 260439 ) on Monday November 02, 2015 @10:49AM (#50847287)

      There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

      Interesting. This is effectively the same as the argument put forth by the surveillance hawks who want to monitor everything. "Don't do anything that makes you look guilty, and there's nothing to worry about."

      The fact is that it's not just about personal shame. People have been pilloried over things they didn't have any problem with personally, but which in turn caused massive backlash...with real consequences...from the public. And also noteworthy is that in this case, personal information (like SSNs, names of family members, etc.) were also put out in the open. So it's not just about shame.

      • by DarkOx ( 621550 )

        Right but this is the very argument against collecting and aggregating the information at all. It is harmful when its released and sooner or later it does get out or does get aggregated.

        The very politicians crying about this today will be the ones arguing to create another national registry or list of some kind tomorrow unless they fell the pain from this.

        The public needs to see how harmful this stuff is and unfortunately the only way we are ever going to get Jane and Joe average to care is if they see som

      • The two arguments couldn't be farther apart. The OP's statement is an action plan for dealing with the consequences of a potential leak of personal information, not an excuse of the perpetrators actions. The statement the "If you didn't do anything wrong you have nothing to worry about" is a justification of the state sponsored invasion of privacy. It is by definition an excuse of the perpetrators action.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      There are things in E-mail that I don't want out, even though I'm not ashamed about them:

      1: Password change/requests. This is easily identifiable info for ID thieves.
      2: Personal items from family/friends. Why does the world need to know that my RV leaks from the cabover and I'm having a carpenter in to rip out the interior and rebuild it?
      3: What I buy from Amazon. Again, nothing illegal, but I don't care to have the fact that my taste (or lack of) in music and literature be for all to see.
      4: I don't

      • And exiting the realm of e-mail, there's thing about myself that I don't want the become common knowledge. As a victim of identity theft, I can personally attest to the fact that someone getting your name, address, date of birth, and social security number can wreck havoc with your life. Am I "ashamed" of any of that information? Of course not. However, that doesn't mean I want them to be public knowledge.

      • You are correct in your post.

        No need to post as AC.

    • by soloes ( 415223 )

      context is everything. Just because you do something that is good, does not mean that people cannot just publicize part of it and make it look bad.

      • context is everything. Just because you do something that is good, does not mean that people cannot just publicize part of it and make it look bad.

        So let them. They're going to do it anyway, and they're just setting themselves up for looking like stupid dishonest manipulative SOBs to anyone who looks into it.

        • Do you think politicians really care about "looking like stupid dishonest manipulative SOBs"? They care about winning and only winning. Some might say campaign contributions from businesses/wealthy donors also, but these are honestly only a means to an end. If money somehow could be decoupled from politics, politicians wouldn't care about the donations, but would still only care about that which helps them win.

    • don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

      That only works up to the point that it's something that nobody cares about either.

      • don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

        That only works up to the point that it's something that nobody cares about either.

        Actually, no. As long as you don't care, then you're also not going to care if someone else is getting bent out of something. Case in point - there are plenty of people who voice negative opinions about transsexuals, but it doesn't bother me that what I am upsets them. As far as I'm concerned, they're the ones with the problem. Same thing with anything that some people attach stigma to, such as mental illness. It's not "who gives a damn?" but "who in MY life gives a damn?"

        TANSTAAFL, which is another way o

        • Actually, no. As long as you don't care, then you're also not going to care if someone else is getting bent out of something.

          Good thing no teachers have ever been fired due to things they've done in their private lives that have no affect on their teaching. Oh wait.

          • Actually, no. As long as you don't care, then you're also not going to care if someone else is getting bent out of something.

            Good thing no teachers have ever been fired due to things they've done in their private lives that have no affect on their teaching. Oh wait.

            If they shouldn't have been fired, then they should have fought it. They might lose, but it will make it easier to fight the next time.

            • Yes, but it still completely proves the point that it's not whether or not you are ashamed, but what society as a whole things of the subject. Saying "Just dont care what others think" isn't a solution.

              • It doesn't "prove the point" that it's what society thinks as a whole. It's hard to argue with the facts when the facts include a court judgment 100% in your favor. Anyone who still wants to believe in unsupported rumor-mongering is an idiot or worse, and if you're worried about what idiots and fools think of you, you have some serious self-esteem issues.
                • You're still missing the point. But I'm not surprised.

                  • I'll make it simple - I don't care what "society as a whole" thinks of me. I'm long done with that crap. :-) As well, if you can't be honest about who and what you are, then you don't merit being a politician in the first place, even if it seems that putting up a false front is part of the whole deal.
                    • Unfortunately for you and anybody else who has such a fantasyland world view, the concept of "meriting" being a politician is meaningless. In the real world, people who get to be real politicians don't give a fuck about merit. Anybody who does is so far from being electable they probably don't understand why nobody takes them seriously. If you don't pay attention to what society thinks of the things you have done (and been), then you aren't even going to going to be able to pretend to mount an effective cam

        • In your personal life, this is a great lesson to learn/apply. I realized this back in college after coming out of a horrid high school bullying experience. I decided that there was a small circle of people whose opinion mattered to me. Outside that circle, people could call me whatever they wanted and I just didn't care.

          However, when you're talking about politics, ALL voters are "that circle." A negative opinion can spread rapidly and cause a downturn in your campaign even if you don't care about why pe

          • We just saw in Canada again that negative campaigns hurt the one pushing the negativity. Just like we've seen in the US that the republican base doesn't care how much true negative stuff is out there - it won't affect their vote. As for the rest, the republican Benghazi tactics kind of backfired, and everyone is sick and tired of "because EMAIL".
    • by gurps_npc ( 621217 ) on Monday November 02, 2015 @12:26PM (#50848327) Homepage
      Wrong. On so many levels.

      Ever hear about Bridget McCain? She is the very dark skinned adopted daughter of John McCain. His wife found her - a child with a facial deformity and a serious heart condition. They adopted this wonderful girl in need and gave her all the love and medical help they could. Mr. McCain was never embarrassed by her. But during the 2000 election, George Bush's lying scumbag allies sent out a phone poll asking:

      "Would you be more or less likely to vote for John McCain if you knew he had fathered an illegitimate black child?"

      McCain lost the South Carolina primary in part because of this bold faced lie. In this particular case, they never hid anything about her, but the point is fairly clear - there are lots of things that LOOK bad but aren't bad. Politics is a game of perceptions.

      Merely not doing actually bad things isn't enough. You also have to avoid doing anything you can stretch and deform into an attack.

      So no, actual innocence is not enough of a protection, we also need legal rights to privacy.

    • " don't be ashamed of anything you do"

      Whether or not *you* are ashamed of what you do does not necessarily affect how *other people* behave.

      • Why do I care about how people I don't know behave? And for those I know, they already pretty much know all about me, so again, why do I care when it doesn't make a difference to my life?

        Besides, if someone doesn't like me for who and what I am, I'd rather know it so I can choose more intelligent company :-)

        • Um... because they vote? You seem completely unaware of what being a politician requires. If you aren't ashamed of the things society demands you be ashamed of, society won't vote for you (or support you in any other way).

          "If you're going to be a jerk I'm going to ignore you" works fine in private life. It will get you absolutely nowhere in public.

          • The topic was doxxing in politics. Releasing everything ahead of time is the simplest solution to having someone make a big deal later on that you deemed "not important." For those who feel that they can't be open because they have some shameful secret, the answer is simple - don't run, because secrets have a way of coming out at the worst possible time.

            You're also missing out on those who want to run to make a statement, even though they know their chance of winning is slim to none, and slim just left tow

        • "Why do I care about how people I don't know behave?"

          Because it's unlikely that the lynching will be conducted by your friends.

    • by mjm1231 ( 751545 )

      In the context of running for office, this makes no sense. It doesn't matter if the candidate doesn't give a shit, or if they are not ashamed. What matters is if the people voting (or the people who decide who will be running, which, depending on where you are, may not be the same thing) think you should be ashamed or embarassed or whatever.

      I don't know about your corner of the world, but from what I see of the US, there are enough people who care about things that don't matter that the distinction matters.

      • It's all going to come out in the end. If you want to represent the people you're asking to vote for you, shouldn't you actually BE representative of them instead of putting up a false image? If you're not, then maybe the job would be better suited to someone who is.
    • The problem isn't that I'm ashamed of fucking a goat. The problem is that other people will be outraged.

    • There's a simple counter-measure - don't be ashamed of anything you do. Kind of hard to exert pressure on someone by revealing their personal stuff if they don't give a sh*t.

      It would still be effective against politicians who need the votes of people who do give a shit.

  • by Howitzer86 ( 964585 ) on Monday November 02, 2015 @10:23AM (#50847049)

    In the end, doxing is a tactic that the powerless can effectively use against the powerful.

    ...Or keep the powerless in their place.

    We have secrets and embarrassing things on Facebook and other places online that will never go away and can be found if you look hard enough. Most of us don't have the luxury of being groomed from birth to be politicians and avoid these pitfalls.

  • by jmac_the_man ( 1612215 ) on Monday November 02, 2015 @10:23AM (#50847053)
    This isn't the rise of political doxxing, simply because it has been going on forever.

    Going through Sarah Palin's emails (either the official ones the judge ordered released and the New York Times attempted to crowdsource finding embarassing stuff OR the ones that the 4chan hacker whose father was an elected Democrat released) was an attempted doxxing.

    What Bradley Manning did was a doxxing. Hell, so was the release of the Pentagon Papers.

    Jumping even further back, the XYZ Affair was revealed by a doxxer leaking details to the (partisan) press.

    Releasing your opponent's embarrassing documents has probably been going on for as long as we've had written language.

  • But what about Russians, Chinese, Iranians, French, Brazilians, Indians, Japanese, etc, etc, etc?

  • Because doxing has never been using against people that haven't done anything but mind their own business. Right?

  • CIA directory (Score:5, Insightful)

    by NostalgiaForInfinity ( 4001831 ) on Monday November 02, 2015 @10:31AM (#50847121)

    When the CIA director has his AOL account "hacked", it is a demonstration of his utter incompetence, not "doxing". And the inability of top government officials to control even their own, valuable private information is politically highly significant, given how much information the US federal government is increasingly collecting about us: detailed financial and banking information, medical records, detailed census information, and lots more.

    • Why is this insightful? What did Gates do that was incompetent? Oh. He had an AOL account. What a F**king dinosaur. Of course he's incompetent.

      I ask again - what did Gates do that " is a demonstration of his utter incompetence"?
      • Oh. He had an AOL account. What a F**king dinosaur. Of course he's incompetent.

        No, what makes him incompetent is that he stored sensitive information on it; you know, the kind of information he, the government, and Schneier are actually getting upset about getting released. If he had just used his AOL account for sending birthday greetings to his grandchildren, that would have been fine.

        What did Gates do that was incompetent?

        Are you fucking kidding me? "Gates"? Seriously?

        • As far as I know he didn't have any government information on his AOL account and at best minor information in his account.

          Just did a quick check:
          The Times further reported that there is nothing "classified or hip" in Brennan's AOL account, and it dates to the days when he was CIA station chief in Riyadh, Saudi Arabia. However, if accurate, the material is at least sensitive, given that the SF86 form discloses contact information for Brennan's relatives and professional connections.
          http://arstechnica. [arstechnica.com]
          • As far as I know he didn't have any government information on his AOL account and at best minor information in his account. But still. The point remains. What did Brennan do that was incompetent?

            Apparently, he kept a completed SF-86 form in his account. Apart from any possible government security concern, that is a serious problem for him as an individual, because it places him at grave risk of identity theft. And he kept that information in accounts with known weak security. A competent security profession

          • Note that Brennan himself shows anger and concern at the hacking of his E-mail:

            "I was certainly outraged by it," Brennan said Tuesday at an intelligence conference at George Washington University when asked about his reaction to learning of the hack. "I certainly was concerned about what people might try to do with that information," Brennan added. "I was also dismayed at how some of the media handled it, and the inferences that were in there."

            http://www.cnn.com/2015/10/27/... [cnn.com]

            The point is: it doesn't matter

    • When the CIA director has his AOL account "hacked", it is a demonstration of his utter incompetence, not "doxing".

      This is an excellent example, a departure point for discussion.

      Per Bruce's article [schneier.com]:

      The CIA director did nothing wrong. He didn't choose a lousy password. He didn't leave a copy of it lying around. He didn't even send it in e-mail to the wrong person. The security failure, according to this account, was entirely with Verizon and AOL. Yet still Brennan's e-mail was leaked to the press and posted on WikiLeaks.

      Also, unlike a certain presidential hopeful, Brennan didn't have any CIA sensitive information in his personal E-mail. It was simply personal stuff about him, nothing that compromised security.

      And yet, internet sheep immediately jump to a conclusion of "incompetence", a charge that would ordinarily haunt a person in future job prospects for the rest of their life.

      One obvious step would be to hold the providers accountable for

      • The CIA director did nothing wrong. He didn't choose a lousy password. He didn't leave a copy of it lying around. He didn't even send it in e-mail to the wrong person. The security failure, according to this account, was entirely with Verizon and AOL. Yet still Brennan's e-mail was leaked to the press and posted on WikiLeaks.

        Yes, and Bruce is wrong. The fact that Verizon and AOL have weak security is well known and ought to be obvious to anybody with any kind of knowledge of computer security. If a CIA dire

    • To reiterate: The Director of the CIA still has and uses an AOL account.

      Does he have a CompuServe email address, or perhaps GeoCities website, too? Perhaps a MySpace account? A hotmail or yahoo email account?

      He is clearly so stupid and out-of touch with modern technology that he has no business in the spook industry.

  • awesome !

    best way to mobilize politicians. They'll finally understand why cryptography, privacy are important !

  • That law enforcement and security agents seem to believe that they are the guards in the panopticon, when in fact they're just another prisoner.

You know you've landed gear-up when it takes full power to taxi.

Working...