Tuesday, November 12, 2019
November 12. 2019
For Immediate release.
Dateline: Washington, DC
Headline: Will #SearchJacking and #CookieJacking be how Russia wins the 2020 election?
Executive summary: As the plumbing of the internet allows massive opportunity for hackers to secure and misdirect users, it is clear that the solution is not to have 50 attorney generals attempt to fix it, but we must use the resources of the US Govt to come up with a clear Federal approach — EU did it, we can too! Setting the 50 attorney generals on the case brings to mind the Keystone Cops: https://www.youtube.com/watch?v=m53jnZQP32g
By Mitchell P. Davis – CEO of The Privacy Rights Council
With Searchjacking, hackers can get people to land on bogus pages, where malicious cookies can be placed on the viewer's computer.
Then, with CookieJacking, the hackers, as they control the computers they have invaded, can identify the computers and with a tally of the cookies from the great number of hosted sites know demographically who the viewers are and how their politics lean. Although I don't know if Alex Jones and Rush Limbaugh place cookies on viewer's computer, it should be clear that those computers would not be a very good place for Bernie Sanders to advertise on — But conversely, it could be a good place to promote the Pizzagate controversy — https://en.wikipedia.org/wiki/Pizzagate_conspiracy_theory
Frankly, most computer users have no clue as to how many cookies are placed on their computers, nor how hackers can use them. But the ad networks know and they know the correlation of how all the cookies fit into a multidimensional Venn diagram.
And, the hackers know. They may not know the personal names of each viewer, but by tracking the cookies on a computer they know the correlation of viewers and can target ads based on whose sites they visited. If they liked Rush Limbaugh they may also have an Alex Jones cookie and be a total deplorable. But if there is a cookie from NPR, maybe they can be converted.
Three Twitter feeds to visit for the Council, Seachjacking & Cookiejacking.
https://twitter.com/RightsCouncil where we explain and advocate for a national privacy standard for the USA. Maybe not like GDPR in the European Union, but at least a standard so both users and providers can be guided by Uncle Sam and not the 50 Attorney Generals of the states. EU did it right by having their policies cover all of the Eurozone.
https://twitter.com/SearchJacking You'll find our Twitter feed with lots of posts on searchjacking.
https://twitter.com/CookieJacking Another Twitter feed where CookieJacking is related to Session Hijacking. See a good overview at this Wikepedia page: https://en.wikipedia.org/wiki/Session_hijacking
There is a clear and present danger to every American from this massive breach of security that has opened the door for the hackers to influence us. I don't know how to fix it, but 50 attorney generals is the wrong team to send in.
Questions?
Contact: Mitchell P. Davis
See my linkedIn profile at www.LinkedIN/com/in/ExpertClick
Office phone: (202) 333-5000 – has voice to text message service that texts messages to me.
Home phone: (202) 333-4904 – If I'm home I'll answer it.
Cell phone – (202)853-0420 - If phone is on I'll answer – no messages taken there.
The Privacy Right Council is a project of:
Broadcast Interview Source, Inc.
2500 Wisconsin Ave, NW
Washington, DC 20007
P.S. What's changed since Richard Viguerie ran the fundraising campaigns in the 1960s? https://en.wikipedia.org/wiki/Richard_Viguerie
Mail changed from snail mail to email — the primary port of entry changed from a mail slot to a computer. So just stop to think about how it worked then, in the 1960's, in a secure US Post Office system — to now the wild-west of the year 2020 internet. Cue the music to song: "Wells Fargo Wagon." https://www.youtube.com/watch?v=g8LHlJSBkg0
So let's compare the "old days" vrs. "today"
Old days: Campaigns rented mailing lists to each other — and if your read the Richard Viguerie Wikipedia page, you see he ran fast and loose with lists.
Today: Emails are the key and with all the privacy and opt-in rules is the harder for candidate who drops out the give "donation list" to his successor. ...or allow use.
Old days: The US Post Office didn't share who sent mail to each other.
Today: With tracking cookies and computer settings it is possible to granularly know the site visited (envelopes opened). In the 1960's you had to search their trash to find the envelopes that were opened.
….. and from all of this, there is clearly a business opportunity.
Old Days: Postal mailing lists we sold, traded and bartered. A conservatie pro-gun candidate could rent the mailing list from the magazine.
Today: It is no doubt buried in the terms and conditions that the donor list of a candidate who drops out can be sold/given to the other candidate, but what of all the cookies left behind?
Today with retargeting campaigns based on the cookies placed on computers — that's why you keep seeing the same ads — it is no doubt possible to have the conservative campaign rent access to the cookies to visitors of the American Rifleman website.
What is a retargeting campaign? A site leaves a cookie behind so when the person comes back to the website, they can serve another ad in the sequence. …. and clearly if the American Rifleman marketing team could "trade resources" by allowing their friends from Handguns Today — and in turn the guys from Handguns Today to show ads to cookies that American Rifleman left behind. (Note: This example is fiction, with names of the players made up — but you never know if the Russians trade cookies access with Ukraine?)
So where is the business opportunity. Just as there are
"Mailing List Brokers" — there could be "Cookie Brokers" who act as intermediaries when knowledge of where the cookies are placed. For each cookie is a tiny bit of buried treasure and the seller has the secret map he can sell the buyer.
….and of course there would be "Cookie Detectives" who specialize in the relationship and correlation of the cookies… ...you gotta think the NSA (... and Putin's Internet Research Bureau) are scanning computers looking for cookies left behind by 4Chan. https://en.wikipedia.org/wiki/4chan
Here's the Wikipedia page on The Internet Reseach Bureau https://en.wikipedia.org/wiki/Internet_Research_Agency