The previous post pitched the idea that a shifty operator might craft a customized attack on each of the citizens individually in a target area, region, city or even country that had a digital presence or litter trail. These days, that could be most people.
Once every citizen in the target zone had a file built, a script could run a series of attacks on citizens using the file information on say, person 349384. In sequence, that script could try password cracks on email accounts, simple google searches on the uncontrolled net, requests for city services changes or disconnections, stop payments on checks or debit card uses, cancellation of credit cards, intentional violations introduced so as to trigger fraud alerts interrupting service... and so on.
Ever see the film Pacific Heights (the one I mentioned two posts ago under "Prediction")? It's from 1990. Released prior to internet growth, it shows how a dishonest renter goes after the property owner with legal and municipal trickery. All very low-tech. And as I also indicate earlier, a personalized digital Pearl Harbor sneak attack could just be the equivalent of misplacing your digital "wallet" - except that it could happen to 70% of the population at the same time. Add to that some assorted nationwide traffic signal and industrial control misconfigurations and you've at least got a rough commute home.
Anyway, to pull off the personalized attack you'd need the information on the marks before starting. So what would an assembled, finished citizen file have in it? Oh, maybe something like this:
name
address
city
state
country
previous addresses
phone number(s)
phone provider
previous phone providers
smart phone install application list
known email addresses
birthdate
tax number or SSN
DMV license
lawsuit case numbers
previous names
previous phone numbers
voter registration info
previous voter registration info
party primary affiliation from voter registration
employer
previous employers
declared income
religious or PAC memberships or affiliations
military service
hospital record control numbers
bank customer info or profile
insurance company customer info or profile
brokerage company customer info or profile
union membership info or profile
degrees or certifications from posted resumes/CV's
entire content of posted resumes if available
connections from known email to social media accounts
connections from known email to conventional HTML posting boards
internet service provider
previous internet service providers
social media screen names if different from account name
charitable contributions or affiliations
any previous web activity recorded by archive.org
---
What? A world in which information on someone or something from many sources could be combined in one place? Not possible, you say. Larry Ellison says we got there five or six years ago.
Broadly, the issue is that much of our personal information is stored by businesses or public entities that have poor security practices. We should clean up our security act, of course, but as to information compromise, that ship has probably already sailed. We should assume compromise and proceed from there.
[What can one do? My earlier post here keeps it simple.]
