[BreachExchange] WikiLeaks fights The Man by, er, publishing ordinary people's personal information

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 25 18:46:14 EDT 2016


http://www.theregister.co.uk/2016/07/22/wikileaks_keep_fighting_the_man_by_er_publishing_the_personal_details_of_ordinary_citizens/

WikiLeaks prides itself on taking on The Man by finding and publishing
information that the world's most powerful organizations want to keep
hidden.

Unfortunately, on Friday, WikiLeaks took a swing at The Man by standing on
the heads of thousands of innocent citizens whose personal details it has
published, including their names, home addresses, phone numbers, and even
credit card, social security and passport numbers.

Just to make it even easier for identity thieves, the veritable goldmine of
personal information is provided online in plain text and is even
searchable.

The records are included in nearly 20,000 emails sent by senior operatives
in the Democratic National Committee's campaign and communications
department between January and May of this year. WikiLeaks obtained the
internal memos and published them in full on the web.

The sad truth is that the emails are fantastically free of useful or
interesting information – unless it's genuinely a surprise to you in 2016
that PR people the world over try to control stories (emphasis on try), or
that the Democrat party machine favors Hillary over Bernie, or that Hillary
wants to distance herself from Wall Street. None of these should surprise
you.

A significant chunk of the files are simply mailing list-style emails
providing news highlights, or calendar items for long-past events.

If anything, the release shows that the people whose accounts were
compromised, including communications director Luis Miranda, national
finance director Jordon Kaplan and finance chief of staff Scott Comer, are
very careful about not sharing confidential information over email.

And then

Unfortunately, the database theft also scooped up automated messages sent
through the Democrats.org signup and contribution page. Those emails
provide the personal details of people who have contributed to the campaign
– even if it was just $5.

It is regrettable that this sensitive information was stored in plain text
in such a way that, by one means or another, it could be obtained by
WikiLeaks. That is something Democrat officials will have to explain.

That aside, far from exposing the corruption of high politics – which,
presumably, is what WikiLeaks intends – its data dump has put ordinary
citizens at the very real risk of having their identities stolen.

By simply searching on obvious keywords like "contribution" or "passport"
or "SSN," it is possible to instantly track down a wealth of information on
over a thousand individuals.

Perhaps in the world of WikiLeaks boss Julian Assange, anyone who
contributes to a political party is by definition a part of the vast global
conspiracy and deserves to be exposed to the kind of risks to their
financial well-being that those unlucky souls will now almost certainly
experience.

But for everyone else, it looks as though WikiLeaks has been grossly
irresponsible and, frankly, idiotic, not to screen, review or filter this
information before publishing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160725/49ae6ac6/attachment.html>


More information about the BreachExchange mailing list