Monday, August 15, 2016

Guccifer 2.0 Uses Doxing in a Curious Call for Curation

Guccifer 2.0 leaked a series of documents from the Democratic Congressional Campaign Committee (DCCC) on Friday, August 12, 2016.

Since the hacker's blog entry for the 12th was later censored by WordPress, the hyperlink above allows readers to view the original post via the Internet Archive Wayback Machine.

Of all the posts from Guccifer 2.0, this one is likely to seem the most schizophrenic to readers because it couples a callous exposure of private information (including unlisted phone numbers) with a respectable plea to journalists for help with curation.  

In his preamble to the hacked data, Guccifer 2.0 wantonly singles out a particular DCCC worker (Nirali Amin) as the source of various passwords that enabled him to access much of the leaked data.

It's certainly a failure on the institutional level for the DCCC to have kept "the user name and password the same" in so many cases, as Amin indicates in one email--but I'm not sure that many people would blame Amin herself for the oversight. And since Amin's specialization appears to be accounting (rather than cybersecurity), most people will be reluctant to fault her for responding by email to various emailed requests for passwords. (Should she have known better? We all know better on some level, but those of us who work at computer screens all day also know how customary it is to respond to requests for information without wondering who might be spying on our correspondence.)

Beyond singling Amin out for blame, however, the Guccifer 2.0 blog post goes on to provide readers with private phone numbers and unlisted email addresses for many Democrats serving in (or campaigning for) the House of Representatives.

Representative Nancy Pelosi, for example, complained of receiving "obscene and sick" messages on her private number after the blog post appeared. (Incidentally, that's about as close as any Democrats have come to confirming the authenticity of any documents leaked by Guccifer 2.0.)

In an article for Newsweek, Nicholas Loffredo explained why ordinary Americans (and not just those whose information was compromised) might question the integrity of the Guccifer 2.0 project:
[I]t's difficult to identify what public interest is served by sharing cellphone numbers and contact lists from within the DCCC, as Guccifer 2.0 did, or what truth is being uncovered by the release of a program from a political fundraiser. Despite Guccifer 2.0's gleeful tone, Friday's release is a minor footnote to the hack of the DNC, which showed committee officials arguably conspiring against former Democratic candidate Bernie Sanders and which lead to the resignation of DNC chair Debbie Wasserman Schultz
On the one hand, our political representatives are so difficult for ordinary citizens to contact that there is something to be said for releasing their private contact information. But on the other hand, they are still private citizens (at least part of the time), and those of us who seek to protect the Fourth Amendment should respect their right to privacy as much as anyone else's.

And this is precisely what makes the blog post from the 12th so tricky: Clearly Guccifer 2.0 is concerned, on some level, with releasing information in a responsible manner. After sharing lots of personal information and passwords, he ends his blog post with a curious request for assistance from journalists:
Dear journalists, you may send me a DM if you’re interested in exclusive materials from the DCCC, which I have plenty of.
That's a strange move for a completely reckless hacker to make. If bringing information to light is all Guccifer 2.0 cares about, then why does he need to bother with journalistic middlemen? Why didn't he just post all the hacked documents directly to his WordPress site?

In other words, why should a hacker who doesn't mind doxing Democratic Congresspeople suddenly show scruples about exposing their internal documentation willy-nilly? 

Depending on what one assumes about the identity of Guccifer 2.0, there are lots of different ways to answer that question. But if we assume for the moment that the hacker is who he says he is (a lone cyber warrior attempting to expose the failure of democracy in the U.S. to the entire world), then his decision is a predictable result of anxiety over document curation.

He seeks to expose all of the publicly sensitive information that warrants exposure, but he doesn't want to expose it without professional guidance. Unfortunately, professionals won't give him guidance until they realize that he should be taken seriously--so releasing the privately sensitive information must seem (from this perspective at least) like an efficient way of demonstrating the validity of the hack.

Concerns about how Julian Assange would curate information leaked to him by Chelsea Manning led to persistent problems in his working relationship with The New York Times and Der Spiegel back when journalistic hacktivism was first establishing itself as an important 21st-century phenomenon.

Edward Snowden's asylum in Russia is indisputably a product of his relationship with Assange and WikiLeaks, but many people forget that Snowden reached out to Laura Poitras and Glenn Greenwald--not Assange--for help in disseminating his information, in part because of his concerns about how his sensitive materials would be curated.

The tension between Greenwald's journalistic approach to curation and Assange's increasingly strident commitment to exposing pristine documents is perhaps best illustrated by this tweet from Snowden:

I don't believe Guccifer 2.0 is who he says he is, but if he is, then it makes sense for him to be somewhat bewildered by the same questions that led to disagreements between luminaries such as Snowden and Assange.

Guccifer 2.0 does not appear to have broken any laws by publishing the contact information in the DCCC leaks. According to Thomas Fox-Brewster of Forbes, the hacker's entry from the 12th was censored by WordPress because it violated the website's "policy on sharing private information"--not because of a specific federal statute that forbids the sharing of such data.

Fox-Brewster also reports that the Guccifer 2.0 Twitter account was temporarily suspended, but it's not clear what justification Twitter used for the suspension. In any case, the account has been restored as of this writing, and the hacker used it to promote a new batch of leaked documents made available today (August 15th):
Those documents have not been censored by WordPress, and they don't seem to warrant censorship.

Complex questions about curation and censorship are too difficult to be resolved in a single blog post, but if we assume that there is only one bad actor in this scenario (the Democratic Party as an institution), then the seemingly schizophrenic behavior of Guccifer 2.0, Twitter, and WordPress is easy to explain as an attempt to process confusion and anxiety about how information should be regulated when the government that was supposed to be in charge of regulating it can no longer be trusted to do its job.

No comments:

Post a Comment