*Just Wait Until Data Thieves Start Releasing Altered and Fake Emails*
[image: Description: Sooner or later, the hackers who steal an
organization's data are going to make changes in them before they release
*In the past few years*, the devastating effects of hackers breaking into
an organization’s network, stealing confidential data, and publishing
everything have been made clear. It happened to the Democratic National
Committee, to *Sony*
to the National Security Agency, to the cyber-arms weapons
to the online adultery site *Ashley Madison*
and to the Panamanian tax-evasion law firm *Mossack Fonseca*
This style of attack is known as *organizational doxing*
hackers, in some cases individuals and in others nation-states, are out to
make political points by revealing proprietary, secret, and sometimes
incriminating information. And the documents they leak do that, airing the
organizations’ embarrassments for everyone to see.
In all of these instances, the documents were real: the email
conversations, still-secret product details, strategy documents, salary
information, and everything else. But what if hackers were to alter
documents before releasing them? This is the next step in organizational
doxing—and the effects can be much worse.
It’s one thing to have all of your dirty laundry aired in public for
everyone to see. It’s another thing entirely for someone to throw in a few
choice items that aren’t real.
Recently, Russia has started *using forged documents*
part of broader disinformation campaigns, particularly in relation to
Sweden’s entering of a military partnership with NATO, and Russia’s
invasion of Ukraine.
Forging thousands—or more—documents is difficult to pull off, but slipping
a single forgery in an actual cache is much easier. The attack could be
something subtle. Maybe a country that anonymously publishes another
country’s diplomatic cables wants to influence yet a third country, so adds
some particularly egregious conversations about that third country. Or the
next hacker who steals and publishes email *from climate change researchers*
<https://www.wired.com/2009/11/climate-hack/> invents a bunch of
over-the-top messages to make his political point even stronger. Or it
could be personal: someone dumping email from thousands of users making
changes in those by a friend, relative, or lover.
Imagine trying to explain to the press, eager to publish the worst of the
details in the documents, that everything is accurate except this
particular email. Or that particular memo. That the salary document is
correct except that one entry. Or that the secret customer list posted up
on WikiLeaks is correct except that there’s one inaccurate addition. It
would be impossible. Who would believe you? No one. And you couldn’t
It has long been easy to forge documents on the internet. It’s easy to
create new ones, and modify old ones. It’s easy to change things like a
document’s creation date, or a photograph’s location information. With a
little more work, pdf files and images can be altered. These changes will
be undetectable. In many ways, it’s surprising that this kind of
manipulation hasn’t been seen before. My guess is that hackers who leak
documents don’t have the secondary motives to make the data dumps worse
than they already are, and nation-states have just gotten into the document
Major newspapers do their best to verify the authenticity of leaked
documents they receive from sources. They only publish the ones they know
are authentic. The newspapers consult experts, and pay attention to
forensics. They have tense conversations with governments, trying to get
them to verify secret documents they’re not actually allowed to admit even
exist. This is only possible because the news outlets have ongoing
relationships with the governments, and they care that they get it right.
There are lots of instances where neither of these two things are true, and
lots of ways to leak documents without any independent verification at all.
No one is talking about this, but everyone needs to be alert to the
possibility. Sooner or later, the hackers who steal an organization’s data
are going to make changes in them before they release them. If these
forgeries aren’t questioned, the situations of those being hacked could be
made worse, or erroneous conclusions could be drawn from the documents.
When someone says that a document they have been accused of writing is
forged, their arguments at least should be heard.[image: Description:
[image: Avast logo] <https://www.avast.com/antivirus>
This email has been checked for viruses by Avast antivirus software.
Posted by: "Beowulf" <beow...@westerndefense.net>
Visit Your Group
[image: Yahoo! Groups]
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum
* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.