What Is Doxxing and Is It a Threat to Your Small Business?

, , Comments Off on What Is Doxxing and Is It a Threat to Your Small Business?

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

When it comes to privacy issues, much of the press focuses on companies like Facebook, Twitter, Google, etc. Unfortunately, that focus often ends up being a distraction from the real offenders. For the most part, we consider Facebook to be a self-inflicted wound since the content is typically posted by the individual themselves. However, it is the postings by others where these platforms like Twitter and Facebook can be very dangerous. We all know (or should know) not to post personal and private information online. These sources feed the practice of doxxing and can lead to many different types of assaults.

What is Doxxing?

The term Dox or Doxxing is derived from the word “Document.” It originates from the practice of researching information about an individual. Doxxing is often defined as an Internet-based practice of researching and broadcasting personally identifiable information (such as names, addresses, phone numbers, spouse, children, relatives, financial history and much more) about an individual. The practice of doxxing is not new. It actually dates back to the 1990s and was often used for constructive purposes such as helping law enforcement locate suspects and/or dangerous criminals, as well as in business analysis and in the legitimate vetting of individuals. Doxxing, however, strays into a very dark area when it is used for other purposes. In last 12 months, we have seen a huge spike in doxxing activity specifically related to individuals in the public safety arena.

The current trend we are seeing in the area of doxxing is mainly focused on confrontational interactions in high profile cases. It is often a situation where an individual is videotaping an incident and there is a specific interest in capturing the public safety individual as much as possible. You will often see that the individual recording the video will interact with public safety personnel in an attempt to get a name. Once they have that name, they are off to the races.

Unfortunately, the reality is that this information is already out there and readily available for the taking. Some of the companies doing this vast collection of public record information and selling it are names you have probably never heard of before such as; Intelius, BeenVerified, PeopleFinder, etc. These people finder websites gather information from a wide arrange of sources and make that information available for purchase to anyone. While there are over 200 companies out there doing this kind of activity, you need to be mostly concerned with 20 to 30 of them. I say this because there are plenty of companies that collect this detailed information for the sole purpose of sending you a coupon in the mail or displaying a pop-up advertisement on your computer screen. You could argue that this is creepy, but the good news is that these companies do not sell this information to individuals.

Doxxing As Used By Online Vigilantes

There are countless recent examples of doxxing that millions of Americans read about every day, often without realizing that doxxing is at the heart of what they are reading. In the last three years, the Social Security number of First Lady Michelle Obama, Beyonce’s home address, Aston Kutcher’s personal phone number and the credit report of Los Angeles PD chief Charlie Beck were all posted online following acts of doxxing. While these events were troubling enough to the individuals involved, the more recent use of doxxing has taken an even darker turn.

Following recent events in Ferguson, the group called Anonymous acquired the sensitive personal information of Colonel Ronald Replogle, posted it on the Internet and then tweeted the location of this information to thousands of people.

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

Literally anyone such as an ill-intended individual, gang member, escapee, former arrestee, protestor, etc. can follow the provided link to acquire a home address, phone number, email address and much more. These kinds of acts essentially put the individual involved and their family at immediate risk.

Erica Garner, the daughter of the man who died following an arrest by a New York City police officer, tweeted out the address of one of the officers present at the time (Justin D’Amico). Her Tweet linked to a web page with addresses for D’Amico and for “five” possible relatives. Erica Garner has more than 5,000 Twitter followers and her post was retweeted about 500 times.

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

Following the fatal shooting of a homeless man on Skid Row in Los Angeles in early March, LAPD confirmed that at least two police officers were the victims of doxxing. An unknown individual or group posted the officers’ names, addresses, and details about their kids’ schools on the Internet.

The Risks and Threats of Doxxing to Law Enforcement Officials

Law enforcement officials often find themselves in risky situations. It comes with the territory. Doxxing, however, is a new kind of threat and one that can manifest itself in many dimensions and extend the risk beyond the individual involved to include family members and relatives.

The bigger problem here, of course, is the ready availability of sensitive personal information on the Internet to feed the practice of doxxing. More than 50 entities, loosely defined as People Finder Sites or Data Brokers, have compiled comprehensive information profiles about most of us. This information is then made easily available for anyone to acquire on the Internet. These sources feed the practice of doxxing and can lead to many different types of assault including the following – which do not need to be life threatening to be debilitating:

  • Targeting
  • Physical stalking
  • Cyber stalking
  • Bullying
  • Harassment
  • Embarrassment
  • Identity Theft
  • Extortion
  • Coercion

Today anyone with a phone, computer or tablet can get almost immediate access to anyone’s personal and private information. We all know there are many, many companies out there databasing everything we buy, where we live and where we like to go. These same companies then take all this detailed information and create detailed reports on virtually every individual in the US.

Protecting Against Doxxing

With respect to protecting yourself against doxxing, and other misuses of your personal information, there’s lots of good advice out there regarding the use of the Internet, such as:

  • Never give out personal information like phone numbers or physical addresses;
  • Refrain from providing your first name. It makes it much harder to find the individual online with only a last name.
  • Run your own name on these sites and see how easy it is for you to be found.
  • Use a PO Box as a mailing address whenever possible.
  • Contact each data broker and request your information be removed from their site.

At the end of the day, while all of this is useful and well intended, the only practical solution is to remove your personal information from these sites. But, that task is easier said than done.

The unfortunate reality is that removing personal information from these sites is intentionally convoluted and difficult. While it is technically possible, most people do not have the time or patience to execute each of the following steps:

Step 1 – Identify all of the more than 200 sites that compile, maintain and sell personal information, and then zero in on the 50 that can really hurt you.

Step 2 – Dig through each of the sites to locate the particular set of instructions for opting out of that site.

Step 3 – Follow each of the required processes, prepare and submit the necessary form or forms, and provide the additional information necessary (including a photo ID in some cases) to complete the opt-out request.

Step 4 – After the full set of opt-out instructions have been submitted, revisit each of the sites to verify they have complied with the opt-out request.

Step 5 – More than a step, this is an on-going process. Even after many of these sites have complied with the initial removal instructions, they will repopulate personal information over time. So, periodically (at least every 30 days), it is necessary to return to Step 1 and repeat the entire process. Protecting your personal information in an on-line world is a never ending and time consuming, but very necessary process for individual and family safety – especially today.

The important takeaway is that virtually anyone can find just about everything they might want to know about you on the internet for any purpose – targeting, stalking, bullying, revenge, embarrassment, identity theft and much more.

Activities such as doxxing are not going away. If anything the problem is getting worse. From solo criminals to organized gangs, the data vigilantes are everywhere, operating throughout the world. The best way to deal with this growing problem is to protect yourself by removing your information online either manually as I covered in this article or through a service like ManageURiD, our data privacy company. Do this for yourself and your family before it happens to you.

Online Security Photo via Shutterstock

More in: Publisher Channel ContentComment ▼