| 摘要 | On July 22, WikiLeaks published nearly twenty thousand internal emails of the Democratic National Committee. The consensus at this point is that the emails were originally obtained by Russian intelligence agencies, and then passed to WikiLeaks in an attempt to influence the US presidential election. The following week, Donald Trump said he hopes Russia also has Hilary Clinton’s missing emails, and urged the country to release them to the US media.
This debacle has raised questions over whether we are witnessing a new form of propaganda, and whether we should expect foreign actors to release (real or fabricated) email troves to influence American politics.
Bruce Schneier has used the term “organizational doxing” to describe the relatively new tactic of stealing internal electronic communications and subsequently releasing them to the public.
The DNC is not the first organization to be the victim of organizational doxing: a similar attack was mounted against Sony last year, again with the likely involvement of a foreign intelligence agency. However, the tactic is relatively new. The first example I am aware of was the publication in 2011 of the internal correspondence of the HBGary Federal security consultancy by the “Anonymous” hackers.
Why is this happening now? After all, email has been widely used for at least 15 years. We can point to two explanations, one technical and one social.
First, email has gotten more centralized over time. Originally, the typical model for email within an organization was that email would be sent to the recipient’s server, then downloaded to the recipient’s computer and read. Server-side mailboxes were relatively small, and users would have to regularly delete old emails to make room for new ones. The price of disk storage has been steadily and rapidly falling, however, and by the mid-to-late 2000s, it was routine for users to keep all their email on a server forever.
This new model has many advantages for users, but it also makes the stored email a newly appealing target for intruders. With centralized storage of emails, an attacker can break in once and get all the data. If email is merely passing through the server and is primarily stored on each user’s computer, the attacker’s challenge is much harder.
There is also a social change that has made document dumps more effective, and that is the rise of WikiLeaks. Ten years ago, a foreign intelligence agency with a cache of stolen emails would have had some trouble publishing the results in a way that would achieve its propaganda aims. If the release was acknowledged as the result of foreign espionage, outrage about the spying might overwhelm any propaganda value from the contents. WikiLeaks has served to legitimize the publication and discussion of leaked information, without regard to how it was obtained. This is likely a major step backwards in responsible reporting.
Many pre-computer era attempts to use documents for political effect were founded on forgeries or possible forgeries. In the late 1880s, anti-Irish nationalist factions in Britain attempted to tie parliamentarian Charles Parnell to a political assassination in Dublin on the strength of forged letters published in the Times. And in 1924, just before a British General Election, the Daily Mail published a letter, purportedly from Politburo member Grigory Zinoviev but likely forged by anti-communist factions, asserting the resumption of diplomatic relations between the United Kingdom and the USSR would help the communists. In both these cases, the forgeries were denounced by the victims, and investigation at the time confirmed that they were forged ̶ albeit, after the political consequences had already been felt.
Organizational doxing has a different set of authenticity issues. As past episodes show, it is not very challenging to forge a letter of a few paragraphs. Forging many thousands of emails is a much harder challenge, especially if they have to stand up to casual scrutiny. The forger would have to do a lot of work to make sure that none of the emails have timestamps or routing headers that conflict with the known whereabouts of the purported authors.
Moreover, the validity of organizational doxing can be confirmed much more accurately than past purported leaks. With email, there will be many copies held by third parties (such as the email service provider or correspondents outside the hacked organizations.) There may be digital signatures that prove where the email came from. As a result, outside experts would have an easy time, in many instances, in confirming or refuting the validity of a document dump.
However, we should still be wary of forgeries. A clever attacker might obtain a large volume of genuine email and then slip in a few additional documents calculated to achieve some particular end. In a body of many thousands of documents, not all will be scrutinized at once. We could imagine a situation in which a number of leaked documents are authenticated, without any particular attention being paid to the forgeries at first. Then, once the public has firmly in mind that the documents are genuine, journalists are pointed to the forgeries. A careful forensic analysis would likely be able to sniff out the forged from the genuine documents. But if the analysis is only done after the initial public discussion of the documents, it may be too late to counteract the propaganda impact.
We now live in a world where hacking has been fused with propaganda and the combination is used as a tool of foreign policy. Until recently, organizational doxing was impaired by the dispersed storage of emails and the lack of intermediaries to publish stolen material. These factors are gone and are unlikely to return. The DNC is not going to be the last target of politically-motivated organizational doxing. Organizations should therefore take increased care to protect their correspondence from disclosure. |
