Phishing emailReports indicate that in mid-March of this year, John Podesta and various Clinton campaign staff members received individual notifications from Google like this one, telling them to change their Google passwords, pronto.  Just one problem – the security alerts weren’t from Google.  Months later, a barrage of Mr. Podesta’s hacked emails were published by WikiLeaks, serving up yet more artillery shells in this war zone of a presidential election.

Let’s look at this through a different lens. What if there was a bank, Podesta Savings & Loan, and the bad guys scammed their way in, emptied the vault, and then scattered the currency all over Main Street.  You’re a bystander, and you see the bank’s cash being strewn on the street in front of the bank – is it OK for you to pocket the money?

We’re witnessing a new form of cybercrime – the weaponization of information.  The hackers aren’t breaking into private accounts to monetize PII by selling it on the black market to identity thieves.  Instead, they are airdropping purloined private data on the public, to damage reputations, promote discontent, and disrupt an election.  Aside from the election angle, this all sounds eerily familiar – remember the Sony hack?

Cyber theft only works when there’s a reliable market for the stolen information.  With filched SSNs or PHI, there’s the black market.  With weaponized information, the “market” is us, the general public.  Our prurient interest in the private matters of others is what fuels this variant of cybercrime.  It doesn’t matter whether it’s stolen currency or stolen content – our propensity to pick it up on the street is what energizes this criminal ploy.  And while Clinton campaign staffers (and the DNC, and Colin Powell … ) are the targets now, no political party, nor any particular business, is immune – just wait for it.

We come up with all sorts of justifications for why it’s OK for us to “pocket” the stolen content, don’t we?

We have a right to know.

Sure, we’d like to know what really goes on behind closed doors in political campaigns, or in corporate America … but isn’t there a right to privacy for the individuals involved, and also a right of individuals and organizations to not to be the victims of cybercrime?  Open records laws indeed require transparency for public officials conducting public business, just as securities law requires a degree of transparency for publicly-traded companies, yet does this mean that individuals’ privacy rights evaporate, or that criminal theft of information is fine, so long as it serves our “right” to know?

It’s the media’s job to report on this.

The First Amendment is a beautiful thing, protecting the press from governmental overreach.  Yet arguing that the media’s involvement absolves us from responsibility is like saying that the currency we bystanders pocketed after the bank robbery was “cleaned” by the press as our intermediary – sounds a bit like money-laundering, doesn’t it?

This is whistle-blowing.  The system’s “rigged”, the hacked person/organization is “corrupt”, and maybe we’ll find a smoking-gun to prove it.

 

This excuse is particularly lame.  Whistleblowing is commonly understood to involve a person disclosing illegal conduct within an organization.  But here, the disclosure precedes any showing of illegal conduct by the hacked target.  The individual cyber-target may not even be the person suspected of misconduct, but merely an acquaintance or associate.  And these disclosures are wholesale – immense volumes of stolen, private data are dumped in the street, to be parsed by the public to see, after the fact, if anything wrong was afoot (or to “confirm” what folks already believe).  No warrant, no civil discovery constrained by rules of procedure … just mob justice, a vigilante free-for-all.

The weaponizing of hacked information is a troubling trend, regardless of one’s politics, because its modus operandi is apolitical.  It feeds on our willingness to accept stolen information, to pay attention to it, and to be influenced by it.  We are attracted to the stolen information because we believe it might reveal something disturbing about others.  Ironically, what’s actually revealed is something disturbing about us.