TechViews News …..
Imagine if you will: there’s a knock at your door. “Pizza delivery!” It’s the fifth time in the last hour that you’ve had to say to a delivery-person: “No, I really didn’t order anything.” By now you know someone is pranking you.
Half an hour later, there’s another knock at the door. This time it’s a heavily armed and aggressive special response unit of your local police force. They’re responding to a tip of a domestic disturbance and shooting at your address.
Why is all this happening? Turns out, you’ve come to the attention of a cluster of mischief makers who thrive on harassing people online.
You’ve been “doxxed”. Your private information has been posted, perhaps by an anonymous imageboard user, who’s implored others to “do with it as you will”.
These sorts of internet-enabled attacks have become more frequent in recent years. In fact, the Federal Bureau of Investigation has been cautioning citizens about “swatting” (see below) since 2008.
It has become common to see articles about how these attacks have affected politicians (both Republican and Democrat in the US), celebrities, journalists, businesses, video game streamers and public servants.
What is doxxing?
Doxxing – named for “documents” or “docs” – is the act of release of someone’s personal and/or identifiable information without their consent. This can include things like their full legal name, social security numbers, home or work addresses, phone numbers and contact information.
There’s no set format for a “dox”; the doxxer simply publishes whatever information they’ve managed to turn up in their searches. Sometimes this even includes the names and details of their target’s family or close friends.
As a tactic of harassment, doxxing serves two purposes: it intimidates the people targeted by invading and disrupting their expectations of privacy; and it provides an avenue for the perpetuation of that person’s harassment by distributing information as a resource for future harassers to use.
Even worse, doxxers often are friends, jilted lovers, or disgruntled employees trying to ‘get back’ at someone for a perceived grievance. And just as often, that personal information is spread across social media in an attempt to influence others.
What is swatting?
Swatting – named for the US police Special Weapons And Tactics (SWAT) teams – is the act of making a false report to the police with the intention of having a heavily armed response team sent to the target’s home.
This is made even more problematic by the militarisation that local US police forces have undergone in the last decade.
How do these attacks happen?
Unfortunately, the technical barrier to doxxing or swatting a person is low. A doxxer can acquire information on their target through a variety of legitimate public sources. Or, more nefariously, through social engineering techniques.
And while people seem to thrive on posting their every move, every meal, every interest online, doxxers and swatters use that information to plan their nefarious activities.
Swatting often just requires the name, phone number and address of the intended target. Swatters often use cheap or freely available anonymising technology to disguise their identity, or to “spoof” the phone number of their target, when making their false report — a move that makes their crime difficult to police.
These attempts also prey on the good faith basis with which emergency responders treat their callers, and as a result valuable police time and resources are diverted away when they may be needed elsewhere.
How can you protect yourself?
If you find yourself at the receiving and of these forms of intimidation and abuse, you’ve likely done nothing wrong. People are doxxed and swatted for all sorts of imagined wrongs, as banal as having an opinion on the internet or playing video games.
Unfortunately, the prevalence of doxxing and swatting is, in part, born of a perfect storm in personal data insecurity and easily-abused systems for reporting crime. There are no perfect solutions for avoiding being doxxed or swatted except making yourself a more difficult target by adopting strong information security practices.
While the simplest solution for online security is not having online data, this is impractical in the digital age because major parts of our social and professional lives are intermediated through web services. That said, there are a few precautions you can take to increase the security of your data online.
One of the first steps in securing your personal details is discovering to what extent they’re already out-there and publicly available. If you find old accounts or websites you no longer want, sites like justdelete.me can provide information about having your account deleted from certain websites.
Don’t re-use passwords for multiple services
This can be difficult, as a new password for every service you use will be taxing to even the best of memories. The best, most complex passwords will be challenging to guess or to brute-force, but also difficult to remember.
Here’s where technology can make life easier; a password manager app can help you set unique, complex passwords for each service you use, and let you secure them behind a single, more memorable password.
Though password managers come with their own risks, I’d argue that the benefits of using complex passwords can outweigh these.
Turn on two-factor authentication
Two-factor authentication requires that people trying to access your account have access to a password as well as a “trusted device” – typically your mobile phone – in order to receive an authentication code before gaining access to your account.
You can find more information in advice from people who’ve experienced these attacks, and at websites like Crash Override Network, a support network for the targets of online abuse that provides some excellent guides on online security, and how to cope with doxxing and swatting attacks.
We at TechViews News have always had an uncomfortable attitude about people exposing their lives online. These are just two of the many reasons why.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.