Organizational Doxing and The Future of Massive Leaks
What if governments start to dox us?
When a group calling itself The Impact Team dumped 25GB of files lifted from cheating site Ashley Madison’s servers, they were unusually honest in their demands: shut down your site and dissolve your company. A few months before that, 400GB of files from an Italian surveillance contractor called Hacking Team were uploaded to torrent sites, and the politically motivated hacker claiming credit posted, “[Hacking Team] down, a few more to go :)”.
Over the past few years, activists, trolls, and governments have learned that one of the best ways to destroy an organization they don’t like is to get into their servers, grab everything they can find, and publish it all online without redactions.
Security researcher Bruce Schneier calls this “organizational doxing”, but makes the mistake of conflating massive leaks to journalists – like the Saudi foreign ministry cables slowly dribbling out of WikiLeaks – with unredacted and unfiltered data dumps meant to wipe out a target organization and cause maximum harm to the people associated with it.
The latter is a tactic that emerged in 2010 during Operation Payback, when members of Anonymous published 350MB of data from a law firm that represented copyright holders, leading to an investigation by British regulators and the shuttering of the firm. In the years since, it has been used against a variety of targets to devastating effect.