How Easily Can Hackers Plant Evidence?

Editor’s Note: This article previously appeared in a different format as part of The Atlantic’s Notes section, retired in 2021.

Earlier this week on The Atlantic, security expert Bruce Schneier took stock of our collective anxieties in the wake of the Ashley Madison hack. Is our online activity ever really private? A reader takes that worry a step further:

In a non-material realm where all data can be fabricated and easily transferred, what’s to prevent hackers from framing people?

The example I keep returning to is Internet child porn. In the case of criminal offenses like that, the presumption of innocence tends to get hindered from the outset by the severity of the charge. The mere accusation is enough to put someone under a cloud of suspicion, or to impeach their credibility. And it seems to me that anyone who can hack a computer network can also compromise someone's home computer to plant files on it.

I have to say, I don’t know enough about either computers, the “cloud,” or the workings of child porn investigations to know whether it’s actually possible to frame someone for information found on their computer that’s put there without them suspecting it. I know even less about how much of a challenge that might present, or how to protect oneself against that vulnerability.

I only know that planting child porn, or terrorism-related information, or participation in some Darknet market illegal business, or adding someone’s personal info to a website like Ashley Madison without their knowledge, seems like an obvious gambit for a dirty trick.

In my observation, people who dismiss this possibility as mere paranoia are people who have never found themselves in the middle of a political controversy, or a nasty divorce, or cutthroat competition in business, or other sorts of professional or personal rivalries. Some people are up for soliciting murder, after all. It stands to reason that a somewhat larger number of people would be willing to ruin someone or eliminate them by planting evidence on their computer—or by hiring someone to do that—in a New York minute. After all, someone was willing to do this.

I’d be interested in learning anything more about that risk that I could find out from other readers.

Contact us at hello@theatlantic.com. Another reader adds:

The fact that many child porn cases are for “receiving” illegal material indicates that arranging for certain kinds of stuff to be emailed to a person might be enough to make trouble for that person. And since we all get tons of spam email offering us adulterous relationships, chemical aphrodisiacs, or genital enlargement, it seems like about 100 percent of people online could be smeared easily if someone was so inclined.

I have no idea how high the bar is set for legal action, but the stories you see in the news often sound like they contain much more outrage than innocence. However, legal action isn’t needed if your goal is to hound, humiliate, and harass some poor person over crap they “received” over the internet.