Suppose a government military agency of a country not friendly with us were to develop a data mining capability extensive in nature and well-funded. Suppose that they were to understand that the mining itself could be weaponized and that one need not develop a cloud or botnet to distributed-denial-of-service (DDOS) backbone servers of a country's infrastructure "off the air", so to speak... but to attack in a way that avoids the network completely.
Suppose that said agency were to realize that the number of citizens in Country X (like ours) was not a terribly large number given the scale upon which a computer can operate. Suppose it were to build a file (using known data breaches and publicly available information) on every citizen in this country. With those files as targets, one simply could then prepare a rudimentary "identity attack" script to mess with every citizen's digital presence. Some citizens would not have a presence yet (being toddlers) but many at even a young age now have smart phones, laptops, smart TVs and so forth - lots of things with IP addresses. And the parents, who function as their own NETWORK ADMINISTRATORS, are possibly not current on their firewall rule skills... or any others...
The file on every person could contain email addresses, IMEI device numbers for cell phones, MAC addresses for desktop or laptop computers, social security numbers and birth dates (particularly if intimate processes like tax filing had been done via smart phone) and if a real name and public viewability were part of a Facebook or other social media presence then that would be interesting to include as well. There was a movie years ago called "Pacific Heights" (Melanie Griffith, Michael Keaton, Tippi Hedren) which told of a renter that tormented his landlord by using every low-tech form of harassment imaginable. This was in 1990 so the 'net as we know it had not arrived (pre dub dub dub popularity). The tormentor used such things as junk (snail) mail, the city complaint process and physical blocking of nearby driveways to create a buildup of problems in the lives of the property owners. The same sort of mischief could be leveled at the lives of citizens person-by-person with scripted attacks to change account passwords, delete address books and perhaps close credit card accounts.
Consider how many people have had the same email account for years and use the same simple password for many different things. Consider how many people do banking, insurance and other bill payment over computers or phones. Consider how insecure government and medical records no doubt are. Banks are probably the most secure overall as electronic entities in society but you hear of a breach at least a few times a year at some financial institution.
I'll call it, not DDOS - distributed denial of service but PDOS - personal denial of service. Simple scripted attack directed at only one could become like losing one's purse or wallet.
And everybody in the target country could lose their stuff all at the same time...
