What We Can Learn From the Russian Hack of the DNC

By

Last Friday, WikiLeaks unleashed a trove of nearly 20,000 emails from the Democratic National Committee, the fallout of which has already brought down party chair Debbie Wasserman Schultz. As Motherboard points out, signs that the DNC was infiltrated have been percolating over the last couple of months, and there are signs that the documents passed through Russian intelligence before appearing on the site. The release was initially attributed to supposed hacktivist Guccifer 2.0, a highly suspect pseudonym.

“The Dump” has come of age.

Before the internet, the publicly accessible, easily searchable document dump didn’t exist. Journalists might receive large caches of documents, but they’d act as sieves, filtering out (what they believed to be) the important stuff before it was passed on to the public. Even since the dump has become a common news event over the last few years, helped along by Wikileaks and similar operations, the actual document caches have still largely been consumed through the work of reporters and analysts, as in the December 2014 Sony hack or the recent Panama Papers hack. Consequently, those dumps have lived and died on reporters’ ability to find stories in them that have traction with readers.

By now, though, the public — especially the social-media-using public — is familiar with the dump as a format, and while high-profile stories can help drive coverage, they’re not necessary for a document dump to have real impact. Stories from the DNC dump, with a few notable exceptions, have largely been pointed out and distributed through Twitter and other social media, thanks to Wikileaks’ indexed and searchable database. People who were once outside observers can make themselves part of the story, digging through emails themselves to find interesting or mundane tidbits.

The ability to turn document caches into fodder for public debate has the potential to turn general email communication into a dangerous tool. Intelligence agencies have been spying on other countries for nearly a century, but relatively speaking, only a small percentage of gathered intelligence is actionable. (Russia’s intelligence agencies, to name one example, do not particularly care about Pablo, the DNC media booker.) But the realization that even the most boring of communications can be deeply damaging — as the Sony hack and subsequent email release demonstrated — makes the dump a powerful weapon.

Everyone’s a target — especially nongovernmental organizations

The Democratic National Committee is a great target for hackers precisely because it’s the sort of government-affiliated nongovernmental organization that touches many important events and people without requiring state-quality security. As recently demonstrated, their cybersecurity regimen was easily penetrable — in fact, leaked emails from the DNC show members laughing at reports of how shoddy their security system really was. One official called a BuzzFeed report on national committee security “the dumbest thing I’ve ever read.”

Reading that email can’t feel good today. We’ve known this for a while, but the DNC leak is a good object lesson: Government agencies aren’t the only target of state-sponsored attacks. Any person or organization that does business with the government opens themselves up to infiltration. If nothing else, lobbyists, contractors, unions, and think tanks might want to do a security audit.

Aaand: That the documents passed through a foreign government before ending up in Wikileaks’ hands also designates the site as a useful proxy for any foreign government looking to embarrass another. In fact:

WikiLeaks kinda sucks.

No one expects WikiLeaks to protect the DNC, or the U.S., but it could at least protect individuals’ privacy. Also included in the trove of emails were “unencrypted, plain-text listings of donor emails addresses, home addresses, phone numbers, social security numbers, passport numbers, and credit card information,” according to Gizmodo. WikiLeaks isn’t exactly a journalistic organization — they’re committed to radical transparency, rather than a “do no harm” guiding principle, but still: dick move.

They also sent out and then deleted this anti-Semitic tweet over the weekend.

The U.S. does this too.

I mean, this isn’t really new, but if the thought of a foreign government monitoring the emails of Washington power players and skillfully deploying them to disrupt the election process has you worried, then you should get a load of what the NSA’s been doing for the last decade and a half.