Organizational Doxing and Disinformation

In the past few years, the devastating effects of hackers breaking into an organization's network, stealing confidential data, and publishing everything have been made clear. It happened to the Democratic National Committee, to Sony, to the National Security Agency, to the cyber-arms weapons manufacturer Hacking Team, to the online adultery site Ashley Madison, and to the Panamanian tax-evasion law firm Mossack Fonseca.

This style of attack is known as organizational doxing. The hackers, in some cases individuals and in others nation-states, are out to make political points by revealing proprietary, secret, and sometimes incriminating information. And the documents they leak do that, airing the organizations' embarrassments for everyone to see.

In all of these instances, the documents were real: the email conversations, still-secret product details, strategy documents, salary information, and everything else. But what if hackers were to alter documents before releasing them? This is the next step in organizational doxing­ -- and the effects can be much worse.

It's one thing to have all of your dirty laundry aired in public for everyone to see. It's another thing entirely for someone to throw in a few choice items that aren't real.

Recently, Russia has started using forged documents as part of broader disinformation campaigns, particularly in relation to Sweden's entering of a military partnership with NATO, and Russia's invasion of Ukraine.

Forging thousands -- or more -- documents is difficult to pull off, but slipping a single forgery in an actual cache is much easier. The attack could be something subtle. Maybe a country that anonymously publishes another country's diplomatic cables wants to influence yet a third country, so adds some particularly egregious conversations about that third country. Or the next hacker who steals and publishes email from climate change researchers invents a bunch of over-the-top messages to make his political point even stronger. Or it could be personal: someone dumping email from thousands of users making changes in those by a friend, relative, or lover.

Imagine trying to explain to the press, eager to publish the worst of the details in the documents, that everything is accurate except this particular email. Or that particular memo. That the salary document is correct except that one entry. Or that the secret customer list posted up on WikiLeaks is correct except that there's one inaccurate addition. It would be impossible. Who would believe you? No one. And you couldn't prove it.

It has long been easy to forge documents on the Internet. It's easy to create new ones, and modify old ones. It's easy to change things like a document's creation date, or a photograph's location information. With a little more work, pdf files and images can be altered. These changes will be undetectable. In many ways, it's surprising that this kind of manipulation hasn't been seen before. My guess is that hackers who leak documents don't have the secondary motives to make the data dumps worse than they already are, and nation-states have just gotten into the document leaking business.

Major newspapers do their best to verify the authenticity of leaked documents they receive from sources. They only publish the ones they know are authentic. The newspapers consult experts, and pay attention to forensics. They have tense conversations with governments, trying to get them to verify secret documents they're not actually allowed to admit even exist. This is only possible because the news outlets have ongoing relationships with the governments, and they care that they get it right. There are lots of instances where neither of these two things are true, and lots of ways to leak documents without any independent verification at all.

No one is talking about this, but everyone needs to be alert to the possibility. Sooner or later, the hackers who steal an organization's data are going to make changes in them before they release them. If these forgeries aren't questioned, the situations of those being hacked could be made worse, or erroneous conclusions could be drawn from the documents. When someone says that a document they have been accused of writing is forged, their arguments at least should be heard.

This essay previously appeared on TheAtlantic.com.

Posted on September 14, 2016 at 6:21 AM • 57 Comments

Comments

XXXSeptember 14, 2016 7:42 AM

Russian didn’t “recently” start spreading fake documents, it’s their long-favorite practice all the way back to the Cold War. Google "U.S. Army Field Manual 30-31B”.

Harald KSeptember 14, 2016 8:09 AM

"But what if hackers were to alter documents before releasing them? This is the next step in organizational doxing"

The private defence company Britam was hacked in 2013 and their internal documents posted. Most of them were apparently real, but one mail had been snuck in suggesting that they had been hired to stage a false flag operation, fingering Assad for war crimes.

A similar thing happened to a US officer stationed in Egypt as I recall. His personal correspondence was leaked, along with one mail reassuring his family that the images they saw on television (of children dying after a chemical attack) were staged.

I suspect Syrian or Iranian hackers were behind these disinformation attempts, not Russians. The fakes were rather clumsy, and the hacks were nothing sophisticated (awful security on Britam, and a stolen/guessed gmail password for the US guy). The false email in the Britam leak had headers crudely copied from another mail.

Frank LambertSeptember 14, 2016 8:59 AM

Does anyone seriously believe that only the Russians do that? Reality check please.

ScottSeptember 14, 2016 9:24 AM

How long do you think it will be before corporations start requiring all internal documents to be signed with their corporate key, so when they leak, they'll at least be able to point out forgeries? And then, someone will think that they should require some be intentionally miss-signed, so they can deny real documents, if their release was damaging.

wiredogSeptember 14, 2016 9:32 AM

Another thing I've thought of is, what if they hack, and then release data from, a honeypot? Most of the data on a well constructed honeypot is real. Most. But some is faked, and you might want the opposition to act on the fake data, so you might have reasons not to expose the fake.

Jim NSeptember 14, 2016 10:14 AM

A thinking man is never to judge a book by its cover, whether the book is government issued or not shouldn't matter at all. If the written fact defies common logic, take it with a grain of salt. Be skeptical because there is no metric for trust.

Even if a document is authentic, it could very well be a lie, so we shouldn't confuse authenticity with truths.

Have a Plan in PlaceSeptember 14, 2016 10:16 AM

The USA government laws allows citizens most personal data including security investigations, emails, photos, tax filings, affairs, criminal records, medical data and thousands of invisible trackers to legally following citizens around the Internet.
The most popular operating system in the world recent data collection methods are prized by both the Chinese and USA governments. It’s pure spyware.
Every phone call in the world can easily be tapped at the backbone level anywhere in the world, just using their phone number. There is no security!
Add in the no-morals West, bankers Ponzi economies, Middle East Conflicts and China and North Korea Nuclear and EMP equipped long range missiles. Little wonder several European governments have stated to stock up on life’s essentials WHEN cyber-attacks take down the entire Internet. The best personal strategy is to have a backup plans in place when the Internet and phones go dark. It’s no different than other calamities except in nationwide scope.

One solution is for USA and Europe to dump the wild-west open networks. They should be physically and electrically isolated networks with checkpoints run by the Intelligence agencies and Customs. Critically no encrypted data allowed and only trusted verified identities with limited exceptions.
Aren’t China and Russia and North Korea already using these secure techniques?
As Bruce implies the USA would suffer grave damage. Similar to dangerous intersections where someone has to die to before the necessary changes are made.

RamriotSeptember 14, 2016 10:21 AM

As well as the above comment on signing, it might well be a very useful tactic all round for any organisation to use a blockchain to authenticate document signing and have that blockchain running through one or more third parties.

Thus, any released document without attached signature is automatically untrusted. But even a signed document cannot be trusted unless is blockchain issuance ticket is also attached, unique and provable.

Just to note, there is no need to release the content of a document when performing any of the above blockchain operations, only the signature is needed and the blockchain provides timestamp, origin, order of release and uniqueness proof.

Clearly an organisation can avoid its own issuance provisions for one or more documents that it wanted to remain deniable. But then if the above process offered provable authentication sufficient for action then a recipient of such a deniable document would be unable to prove its source and thus would by ill advised to action it.

XavierSeptember 14, 2016 10:41 AM

Already append in France, a few years back, but not exactly a hack, more an insider document theft.

https://en.wikipedia.org/wiki/Clearstream#The_Clearstream_Affair

Someone leaked some documents from Clearstream, a major european banking clearing house, and for political reasons, some lines where added/modified to smear some politician, including soon to be French president Sarkozy

The smear operation failed, but it helped killing the original story about money laundering.

YYYSeptember 14, 2016 10:51 AM

Charming vintage war propaganda in the first comment. It conflates alleged Soviet fabrications with the practice of the Russian Federation. You can get away with that because the crude discrimination is ethnic rather than racial. It wouldn't fly if you tried muddling Afrikaner Apartheid and the ANC to make a point about those nasty South Africans.

More to the point, XXX calls FM 30-31B a fake because CIA says so. Yeah, that proves it. CIA's spectacularly lame rationale was that field manuals are not classified Top Secret. No they aren't, not if they don't direct armed attacks on civilian populations.

If anybody's poisoning the data here, we should look first to the US architects of Operation Northwoods and Operation Gladio, which has been extensively documented by official European investigations. FM 30-31B is consistent with the forensically tested facts of NATO attacks on civilian populations.

The US is the world leader in data poisoning. Everybody knew GW Bush was a cokehead deserter, but that National Guard memo let the wurlitzer fixate on the authenticity of a single document instead. That helped install the chosen CIA brat in the White House. FM 30-31B was CIA's template for that ruse.

r / agent rngSeptember 14, 2016 11:22 AM

@XXX, YYY

Since we have both of you at the same table, how about we discuss


mutually assured dumps?

woody weaverSeptember 14, 2016 12:13 PM

It is interesting to note that we usually sign corporate documents as a control against insider threat. I don't think I've ever been asked to evaluate the value of signing to control document integrity against external threat.

The problem of course is that it is perceived that by dumping a large amount of data, the document store is believed to be authentic. Bruce comments "Forging thousands -- or more -- documents is difficult to pull off" -- but why should that be the case? There are already routine computer authors that write documents, e.g. Computer-Generated Articles Are Gaining Traction - The New York Times . With a specialized corpus, why should it be hard?

Why do we believe any dump?

YYYSeptember 14, 2016 12:27 PM

@r/ agent rng, ha ha MAD, funny poke at Bruce's beltway-bandit sales pitch. To sell stuff to the military-industrial conference, the secret is, pretend that everything's a threat. If somebody exposes the Democrat party subverting your right to free expression of the will of the electors, that's a threat. If somebody defends your right to seek and obtain information, that's a threat. Civil society and the international community are combating impunity by freeing information, and the police state can't handle it. Not my problem.

This data-poisoning business is a flaccid attempt to hype the non-problem of enhanced freedom of information. Fabricated data has always been with us - especially in sanctioned leaks - and the solution is inductive logic and critical habits of mind.

The misstep here is publicizing the cheap tricks that work when you're selling MIPRs to military mediocrities. Those tricks tend to flop in gales of laughter when you pitch them to educated audiences. Like if some human rights defender serves mankind, just blame it on the Russians. Because the evidence of crime we solicit from whistleblowers is somehow wrong if Russians supply it. When you're a beltway moron, everything's a war. And now you're getting sicced on Russia, so Arf Grr Woof, no reasoning required, just training. Bruce is just dispensing dog treats.

DanielSeptember 14, 2016 12:54 PM

Bruce writes, "but slipping a single forgery in an actual cache is much easier. The attack could be something subtle."

Sure, like blaming Russia. In an op-ed. In a national magazine. Without any proof.

Brad TempletonSeptember 14, 2016 2:04 PM

One defence, both against this and general dox attacks would be to deliberately seed your corporate document servers with fakes to begin with, and possibly to openly declare you have done so. Employees would be trained, verbally on how to identify them. You could also put the hashes of them on the blockchain or similar escrow location.

You could also produce a database of the hashes of all the valid documents in your servers, and escrow that away. This would allow you to produce the original document and prove it is the original at any time.

This is actually pretty easy -- just produce a hash of your backups and store it in the blockchain. This would not protect documents on private PCs that are not backed up, but a good organization has fewer of those.

This would give you superb deniability of these forgeries. Usually it is not expected you knew which ones were the smoking guns, as you would not have stored them if you knew that. So the fact that the fake document is somehow not in your backups, or that a different version without the bad number is in your backups, should make people believe you.

r / agent rngSeptember 14, 2016 2:18 PM

@Templeton,

That sounds like a lot of work, where are you going to find the Hollywood masters of believable document creation foundation? Bollywood??

Not even Microsoft has been able to pull off a completely believable human-esq information forgery system. The most believable thing about their system was it's propensity towards bullshit feeds and the KKK.

IMHO OFC. :)

yoshiiSeptember 14, 2016 2:24 PM

This entire website and it's individual components at times seem to be classic examples of quote "doxing" and "disinformation" quote as sloppily depicted and defined by the afforementioned article(s).

Please exercise caution when separating any potential conceptual value from any article of or referred to this site: schneier.com.

Facts are important. Please do not pollute information with data corruption. Please do not pollute data with information corruption. Please do not pollute information with other information. Please do not pollute data with other data.

Choices are always available to those still capable of free will.

SomeoneSeptember 14, 2016 2:31 PM

This is something that blockchains could help out. Simply hash your data and post it to a public ledger on the same schedule as your backups. If the hash are granular enough, it could help prove data manipulation. Bonus point for transparency... Yea its not perfect but there are surely good use case.

r / agent rngSeptember 14, 2016 3:07 PM

@Someone,

Granularity for anything more complex than a checksum shouldn't be an issue, you have to come up with an insidious manipulation + collision to avoid data being tampered with? outside of maybe manipulating numbers (financial data) I really don't see language/document tampering as dangerous if you use the method you discuss.

The problem the blockchain introduces is accountability, you remove deniability with such a deployment.

Fake NameSeptember 14, 2016 4:07 PM

Actually, it's my understanding our own CIA is the world's leader in forged documents.

I suppose one motto might be, "Be anyone you want to be"

I would hazard a guess cyber forgeries are a piece of cake for them. Don't even need real paper.

Wisner ate a gunSeptember 14, 2016 6:22 PM

@DAniel

Schneier's Bushoid resort to dogged reaffirmations of CIA bullshit suggests a way forward.

After Syria, Serbia, France, and Latin America fell victim to US subversion, the victimized countries each ratified the Convention on the International Right of Correction, http://hrlibrary.umn.edu/instree/u1circ.htm The CIA regime was never going to become a contracting party, of course, because of CIA's divine right to lie like a rug. However the treaty can curb CIA's practice of planting vilification in foreign media. And the treaty parties became a bloc supporting one specific type of integrity the US regime manifestly lacks.

Now with CIA and its useful idiots parroting war propaganda again, it would not be too surprising to see Russia join up and lead the BRICS, the SCO, and the G-77 to another spate of accessions. With CIA implicated in crimes against humanity, the civilized world is tightening the screws on USG coercive interference, of which CIA's Goebbels-style Volksaufklärung is the mainstay. A solution based on diplomatic dispute resolution won't rake in the big defense-contracting bucks, but this is the way the world outside the beltway works.

Markus OttelaSeptember 14, 2016 6:31 PM

@Bruce

The even scarier thing is what will happen to whistle blowing when alteration of the documents becomes the norm and the truth is revealed in a few cases. Companies and governments can then play down the most condemning pieces of information as lies.

Angled Bangles September 14, 2016 6:37 PM

"Daylight is the best disinfectant".

If an organisation runs open, or mostly open, there will be little value in re-publishing already accessible documents. Secondly, bring open, or mostly open, the readers will have a feel for the track record of the organisation and so be less likely to believe falsehoods.

Slime Mold with MustardSeptember 14, 2016 6:46 PM

I think some of the commenters here are missing Bruce's point here. He is not speaking of completely forged memos chains or emails, but subtle changes that multiply the damage.

I am reminded of a scene from the comedy "Trading Places" where Dan Akroyd, having been framed by his feckless employers, is told by his Society fiancé that she will "have nothing to do with a heroin dealer!", shouts back "It wasn't heroin! It was PCP!"

When I was in High School, my friend's unbearable sister put a large solid dent in the fender of their vacationing parents' car while driving drunk. Arriving home in the dark and no condition to assess the damage, she went to sleep it off while we went to work with padded tools. In the morning, she cried. Lawyers don't read this blog, do they?

@ XXX / YYY

1. I don't want to know which bathroom you use.

2. One problem the Soviets and Russians always had when forging official US documents was getting official language use right. Similar to your usage when describing the DNC hack.

Robert Mugabe: Yes, I was dead - I resurrectedSeptember 14, 2016 8:05 PM

Art of Spying 101, keep some identified spies for the express purposes of feeding the enemy with false leads.

I enjoyed the look on their eyes when they saw me disembarking from the plane as fit as a teenager after all th death rumors!

WmSeptember 14, 2016 8:44 PM

Always be ready with:

Knock! knock! knock! Police!

We need to talk to you about .

Answer:

Having nothing to do with any crime, I therefore exercise my right to remain silent. If I am arrested or taken to a police station and detained, I wish to see a lawyer asap. I can not afford one and wish for one to be appointed.

(NEVER make ANY statements to the authorities.)

Kyle SchuantSeptember 14, 2016 9:28 PM

"In many ways, it's surprising that this kind of manipulation hasn't been seen before."

Maybe it has happened, we just didn't see it and the organisations involved didn't bother revealing it since it'd be futile and just make them look worse.

John SmithSeptember 14, 2016 9:46 PM

Markus Ottela's comment:

"The even scarier thing is what will happen to whistle blowing when alteration of the documents becomes the norm and the truth is revealed in a few cases. Companies and governments can then play down the most condemning pieces of information as lies."

This is called "poisoning the well". It's standard procedure for spooks and corporate psychopaths.

As an example, HBGary, on behalf of Bank of America, planned to do this against Wikileaks.

I, for one, welcome our grasping thieving overlords.

Jim NSeptember 14, 2016 11:50 PM

@ r / agent rng

"That sounds like a lot of work, where are you going to find the Hollywood masters of believable document creation foundation? Bollywood??"

Responsible journalism may have something to say about that. In many of the leaks, handed over to career jouranlists, there were names, numbers, contacts redacted. By your definition, that was Bollywood-esque because an altered document loses its authenticity.

r / agent rngSeptember 15, 2016 1:15 AM


@Jim N E,

First of all, props to journo's. Many beans (muito beuno) to leakers. They're all (MIC included) keeping us safe in their own way, you wouldn't want your safeguards to stagnate or not be tested would you? But yeah, I didn't mean redaction editing I meant addition editing and fabrication. I kind've like the blockchain idea but I can't see it being at all possible to implement. Too many holes, too little eyes, too little time. I can't see the banks and sony adopting it #1, #2 I've never seen a keyboard with a built in iris/fingerprint scanner and automatic signing of "key"streams, have you? We pay hollywood and bollywood to write movie scripts, I don't think you understood I meant "cheap" content creation.

tyrSeptember 15, 2016 1:33 AM


Clive will give you the longer version. Every sin
contains the seeds of its own retribution. So the
short term effects might work but making everyone
mistrust everything is a really bad idea. These
things have a long tail where the poison stinger
resides when they come back to haunt the liars.

OT @woody weaver

Is that you Oob ?

The Rus, having learned their paranoia the hard
way will probably be motivated to respond early.
The Chinese are chilling their revenge for the
many insults in a helium bath. Revenge is a
dish best served cold.

The trouble with document verifications in digital
form is that a major actor has everything you do
stored away and probably will have access to your
hashes and blockchain materials. That's why when
it is important you keep a physical copy as safe
from access as you can get it. The problem with
DRM is when your tech mutates enough you wind up
locked out of your own materials later. Spreading
copies everywhere works better if the material is
important.

My InfoSeptember 15, 2016 6:57 AM

"When someone says that a document they have been accused of writing is forged, their arguments at least should be heard."

Oh, excuse me, I need my space. I'm trying to write a letter to my attorney, and an abusive boyfriend / cop / sex offender has a secret video camera aimed over my shoulder. Unfortunately that's just the way it is when you use a computer in this day and age, and the NSA is tickled pink with sexual gratification over this state of affairs.

Binary CompareSeptember 15, 2016 9:30 AM

Everyone with a brain makes backup copies stored off-line.
Simply do a binary compare like using Beyond Compare or a Linux command line. Automatically report differences.
Software developers use a CMS to easily see a file revision history and who made the changes.

Jim NSeptember 15, 2016 10:27 AM

@ r / agent rng

Redacting is editing. You can't authenticate a modified document, otherwise authenticity loses its purpose. Whether hollywood or bollywood does it, shoudn't matter.

Sancho_PSeptember 15, 2016 10:38 AM

It’s easy to distinguish between “hacks” and the disinformation by “legal state actors”.

I’ll try a “How To”:

Hackers publish what they found, their motive is to present what they got.
The truth. The content would be the message.

But the content is ignored by the officials + mass media:
The facts that
- (bad, embarrassing, unneeded, … data) was there in the first place,
- it wasn’t secured accordingly (this would be a broad field to discuss …),
- the breach wasn’t detected for long time (no one on duty, to save $$$),
- no trap prepared to automatically detect abuse (e.g. flow of certain data),
- there was no a honeypot installed to embarrass the intruder (e.g. false data),
- there was no deadly virus prepared for the intruder, as even the dumbest Russian “hacker” will send you by clicking the link in the email,
- national intelligence also seems to lack artificial intelligence (What to protect? How? DoS? The world’s traffic is routed through Russia, isn’t it?)
...
are simply disregarded.

Instead,
the whole discussion is focussed on the messenger / hacker.

Like Manning, Assange, Snowden.

But if “unknown” (note the contradiction!):
Trusted sources, ex-officials and experts, mostly speaking in anonymity, plus celebrities (like @Bruce) quickly hint at classified but well known “evidence” and “the arch enemy”.
Now the media know it was either Russia, China, North Korea or worse, likewise Putin himself (probably with a helping hand of Ed, the traitor).

Then they play the anthem, hiss the flag and mourn for poor little America, fighting alone against these over-mighty America - haters and inventors of that hostile IT crap (sorry, must grab a tissue now).

In the meantime the message silently passes away behind the smokescreen.

So it is easy to detect “legal” state actors:
If only one bit in that chain is missing and they start talking about the leaked content,
- we know it was faked.


PS:
As everything in life this isn’t digital, e.g. the disgruntled employee / ex-lover / … is between “hacker” and “legal” state actor.
These are the tragic cases, but no one cares because it’s not their (big) business.

***

Be aware:
Nearly no one is interested in the truth. Today’s scandal is the business.
Hashes (“evidence” for what exactly?) are useless:
Would you publish and confirm more dirty laundry and shady business just to prove one detail was forged?
Take it as it is: Electronic “documents” are intangible, not evidence.

EtienneSeptember 15, 2016 10:59 AM

I was thinking it was the whole point about giving away for free these dumps of information.
Not long ago, it was the list of people using some commercial services to do tax evasion.
I would bet the list was quite old, to give some time to contact each individual and try to sell them (at a price depending on how much tax they evaded) the removal from that list - very quick way to make large amount of money, very safely.
Moreover you use the journalists reporting the dump of information without needing to pay them (and they even did not noticed it)...

Jim NSeptember 15, 2016 7:44 PM

@ r / agent rng

One more thing...

After picking up Snowden leak, Poitras had a large sum of money funnelled to her NGO, in the tunes of 170M USD, I believe. Food for thought. Too lazy to google/duckduck the who when what at the moment, but I believe it was from a media mogul.

Bong-Smoking Primitive Monkey-Brained Spook September 15, 2016 7:53 PM

@Jim N,

Can you see the irony? I posted this just one minute before you:

I'm your Huckleberry ;)

Bong-Smoking Primitive Monkey-Brained SpookSeptember 15, 2016 8:17 PM

@Jim N,

wrong thread

I know. Look at the 100 latest comments, posted on: September 15, 2016 7:43 PM. We're one minute apart, on two different threads. This is the other thread, for future reference when the 100 latest gets updated...

Jim NSeptember 15, 2016 8:30 PM

@ Bong-Smoking Primitive Monkey-Brained Spook

There are only a few roots where that phrase came from, but I'm not sure whats the relevance of it to these discussions. What are you trying to say besides pertending to be a Spook?

Bong-Smoking Primitive Monkey-Brained SpookSeptember 15, 2016 8:50 PM

@Jim N,

Trying to say it's a strange coincidence. Huckleberry Finn and Jim N.

Real spooks say nothing, NSA stands for: Never Say Anything.

Marcos MaloSeptember 16, 2016 1:24 PM

@Sancho

So it is easy to detect “legal” state actors: If only one bit in that chain is missing and they start talking about the leaked content, - we know it was faked.

Your "philosophical" investigations/rumination/meditations are bearing fruit! I'm so glad you've been devoting thought to this and sharing with us. I put philosophical in quotes because you wrote some early posts that appeared quite metaphysical but now you are showing us a práctical result of the thought process.

The funny thing is that upon reading it, it doesn't seem profound at all. My reaction is "of course!" But I remember some of your previous "philosophical" posts and I can connect those with this one,

Brown I. E.September 16, 2016 5:33 PM

My thid eye says something must've just 'slipped' out.

What smells?

Sometimes, the best place to hide something is in plain sight. A little Miss Information can g[r]o[w] a long weigh.

Sancho_PSeptember 16, 2016 5:51 PM

@Marcos Malo (“it doesn't seem profound at all.”)

Glad you found that, thanks for reading ;-)

Uncle Joe StalinSeptember 16, 2016 8:58 PM

Here goes Bruce again.

We used to have whistle blowing, but not anymore, its private docs, stolen illegally and released as propaganda so don't believe stuff like 2 million Wells Fargo Bank customers ripped off, or Powell's emails or DNC emails or anything from Wikileaks or Snowden or those spy gadget manuals published on Bruce's column.

But do believe:
Powell at the U.N.,Gulf of Tonkin, Curveball at NYT,the above mentioned Niger Uranium docs,Kuwait babies in incubators smashed against walls,Ukraine's non-Nazi Maiden,Kony2012 to get AFRICOM juiced up,NATO attack on Serbia for humane tail wagging,Sudan Al-Shifa pharmaceutical factory bombing, Syria gas attacks,UN "helping" Haiti,Libya genocide, and the rest since WWII. And don't forget FBI's COINTELPRO.

"That F'n Putin harkarz" meme is getting tiresome, and what happened to the old Bruce "Those F'n Chinese hackarz" meme? I miss that one.

Didn't You Hear?September 16, 2016 10:51 PM

China already got out of the doghouse by "incarcerating" the real OPM hackers. Give some other talented kids a chance, why dontchya

Some PondererSeptember 16, 2016 11:14 PM

Imagine trying to explain to the press, eager to publish the worst of the details in the documents, that everything is accurate except this particular email. Or that particular memo. That the salary document is correct except that one entry. Or that the secret customer list posted up on WikiLeaks is correct except that there's one inaccurate addition. It would be impossible. Who would believe you? No one. And you couldn't prove it.

Actually it would be easy, you just described it, and plenty of people would believe you because Bruce Schneier has published convenient papers describing the situation and it's likelyhood in traditional threat analysis.

Also, I think any researchers should note that years ago a different sort of activity was labeled "doxing" or "organizational doxing". I.e. gathering public lists of employee's contact or other public information, and releasing in an aggregate format previously unavailable. I.e. so that activist petitioners could for instance write a letter to each member of a company, or a government committee. Or dial up their mobile phones. This clearly being considered undesired and a nuisance by some, but in my mind being clearly on the other side of a line that involves breaking and entering and copying or theft of information. I kind of get the feeling the big powers that be have a clear intent of blurring that specific line.

Heavenly SpookSeptember 19, 2016 6:23 AM

@the topic and post

Very impressive and interesting, however I would note that the list of major organizations having been dox'd far exceeds the ones given, including the dumping of classified works at some major US defense contractors which exposed a lot of embarrassing work. Very likely disinformation has already been substantially at play.

But, who really pays attention, and will any of that really matter? So much information stolen and dumped online, and one should not forget, so very much information stolen and not dumped online.

Nations stealing data from each other in incalculable amounts. Do they really make any meaningful sense of any of it? Or is it all not simply distracting for them and misleading?


@the pro russia - anti america drivel above

Wow. Someone really needed a soapbox and is easily offended. Truth does not need such an approach.

@Bong-Smoking Primitive Monkey-Brained Spook • September 15, 2016 8:50 PM

@Jim N,Trying to say it's a strange coincidence. Huckleberry Finn and Jim N.Real spooks say nothing, NSA stands for: Never Say Anything.

Is this the definition people have of real spooks. It really kills the horror of it all. Real spooks, for me, are certainly not geeks who drive into work everyday, trivializing over the mundane and wrapping the meaningless with silence.

Real spooks don't exist to the world, nor do their parent organizations. They are one way, green glass. They can see out, no one can see in. Modern fiction could not present them, because no one would believe it.

They can change names and organizations with ease. They are masters of legends across the nations, capable of being anyone, anywhere.

They don't exist to the world, but they control the world.

They aren't lizards or greys.

They are the reality behind it all.

Driving creation to the end game. The meaning of it all.

"Workers in the field", "birds in the air", they have many names and many wrappings of metaphor over the years. The millenia.

Sickle carrying harvesters.

Andre DevereauxSeptember 25, 2016 9:51 PM

Fake letters are nothing new. A few readers of this blog are likely old enough to remember the Canuck Letter. It wasn't even a good fake, rife with spelling mistakes and bad grammar, yet it caused its target, Senator Edmund Muskie, a tonne of grief.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.