Wikileaks Bait

One of the interesting developments in the 2016 electoral cycle is the use of offensive cyberespionage.  Wikileaks is publishing internal email from the campaign of Hillary Clinton, with the publications timed to attempt to damage the campaign.

Maybe this is the work of Russian spies, with Wikileaks an unwitting stooge, maybe not, but the case is quite interesting.

What should a campaign organization, or corporation, or government agency do?  Their emails may be next.

One possibility is to salt the email stream with really tempting tidbits suggesting illegal, immoral, or unethical behavior, but also put these emails in escrow somewhere.  Then, when the tidbits come to light, you can derail the news cycle with one about how your infosec team has pwned the leakers and trolled the media.

The technique will only work the first time, but even later, professional news organizations are not going to want to take the chance that their scoop is a plant.  That is how Dan Rather lost his job.

If the plants are subtly different, they could also be used to identify the leaker or access path.  (This was suggested in “The Hunt for Red October” by Tom Clancy, written in 1984, but the idea is surely older than that.)

More on point, it should be obvious at this point that email is not secret, nor is any electronic gadget secure.  [[ How do you identify the spook? She’s the one with a mechanical watch, because she doesn’t carry a phone. ]]

Until we get secure systems, and I’m not holding my breath, conspirators really shouldn’t write anything down.  In the alternative, their evil plans must be buried in a sea of equally plausible alternatives.

 

Leave a Reply

Your email address will not be published. Required fields are marked *