The Danger of Dashboards

The big story today is, of course, the Uber hack. There are a lot of hot takes right now covering all the cybersecurity aspects of the incident.

I'm not going to add to those. Instead, I want to examine one aspect which it seems others have missed.

Dashboard Danger

The Uber hack reveals the threat posed by dashboards. Dashboards summarise complex information to present in an easy-to-understand display. They highlight important information and bring together relevant data from a variety of sources. This is great for users. But, there is a dark side.

Dashboards make it easy to leak sensitive company data. The are designed to expose company data, presenting it as an easily digestible story. The problem, of course, is when that story is shared outside the company. And there's a reason dashboards are particularly damaging.

And it is due to the particular dynamics of hack and leak operations.

Hack and Leak Operations, in Theory and Practice

Effective data leaking is a lot harder than it appears. The goal of a leak is to get exposure, typically through wide media coverage. So the leaker's primary task is to ensure that the media covers the leak.

The theory and practice of good leak operations is just the elementary rules of pitching stories to journalists.

There are several hurdles that need to be overcome to get media coverage. Firstly the story must have one or more elements of newsworthiness. There are several variations of the exact ingredients, but this is a broad outline the general concepts:

  1. Relevance: it matters to the audience

  2. Timeliness: more recent is more newsworthy

  3. Proximity: physically closer is more important

  4. Impact: the consequences of the story

  5. Prominence: involving someone, something or somewhere famous

  6. Oddity: unusual or curious

  7. Conflict: audiences love conflicts

These classic elements of newsworthiness are vital to conducting a successful leak operation, but simply possessing them is not sufficient. Journalists and editors want to cover stories with high newsworthiness. But they need to know the stories are there.

They need the stories buried inside the data. The task of the information operator is to ensure the journalist can easily find the stories. They’re the real prize. The data leak itself is a single story which isn't that interesting unless there is something particularly unusual about it.

Journalists, as a rule, will not trawl through 82 GiB of random emails with a fine tooth comb on the off chance that an exciting story appears. No one has time for that sort of long-form investigation (there are exceptions, of course, but the prudent operator will not rely on the whims of journalists and editors.) The journalist needs processed and structured data.

The initial presentation of the leak must be easy to digest. It should have an obvious story. And it must be compelling. The easier it is for the journalist to find the story within the leak, the more likely they are to cover it. Journalists will do additional research after they have been convinced to work on the story.

Dashboards’ Dangerous Deception

There are many problems with dashboards that expose sensitive information.

  1. Dashboards are pre-processed data for a leak operation, making coverage of stories from the leak more enticing.

  2. Dashboards are deceptively simple. They make information easy to understand by hiding and abstracting raw data. A naive observer will believe they understand the information from dashboard because it is simple, even though they cannot understand the raw data. They will have false confidence in their understanding.

  3. Dashboards are compact enough to capture with a screenshot. Screenshots are easy to exfiltrate, manipulate, and share.

  4. Dashboards are easy to access yet contain sensitive information that would be rigorously protected in another context.

  5. Dashboards make the adversary’s job easier by summarising and collocating important information. The value and utility they provide to legitimate users is shared by illegitimate users.

Dashboards are dangerous because the make information operations easier by pre-processing lots of relevant data. Journalists are more likely to cover a story that is clearly presented and easy to understand. Dashboards do the heavy lifting to transform sensitive data into the elements of a story.

Dashboards are easy to understand and to misunderstand. They hide as well as reveal. They expose potentially sensitive data in a compelling format. Easy to capture and trivial to share on any platform. Sensitive information doesn't become less sensitive just because it's in a bar graph.

Acknowledgements:

A huge thanks to Dr Jack McDonald who was instrumental in the formation of this post. All errors and faults are of, course, my own.

Reply

or to participate.