Doxxing, swatting and the new trends in online harassment

April 22, 2015 by Andrew Quodling, The Conversation
When the SWAT team bursts into your bedroom, it’s not only unpleasant but potentially deadly. Credit: Jason Eppink/Flickr, CC BY

Imagine this: there's a knock at your door. "Pizza delivery!" It's the fifth time in the last hour that you've had to say to a delivery-person: "No, I really didn't order anything." That's irritating.

Half an hour later, there's another noise at the door. This time it's forced open as your house is stormed by the heavily armed and aggressive special response unit of your local police force. They're responding to a tip off that warned them of a hostage situation at your address. That's not just irritating. That's dangerous.

Why is all this happening? Turns out, you've come to the attention of a cluster of mischief makers and misanthropes in one of the internet's dank corners.

You've been "doxxed". Your private information has been posted, perhaps by an anonymous imageboard user, who's implored others to "do with it as you will".

This might sound far-fetched, but these sorts of internet-enabled attacks have become more frequent in recent years. In fact, the Federal Bureau of Investigation has been cautioning citizens about "swatting" (see below) since 2008.

It has become common to see articles about how these attacks have affected politicians (both Republican and Democrat in the US), celebrities, journalists, businesses, video game streamers and public servants.

What is doxxing?

Doxxing – named for "documents" or "docs" – is the act of release of someone's personal and/or identifiable information without their consent. This can include things like their full legal name, , home or work addresses and contact information.

There's no set format for a "dox"; the doxxer simply publishes whatever information they've managed to turn up in their searches. Sometimes this even includes the names and details of their target's family or close friends.

As a tactic of harassment, doxxing serves two purposes: it intimidates the people targeted by invading and disrupting their expectations of privacy; and it provides an avenue for the perpetuation of that person's harassment by distributing information as a resource for future harassers to use.

Technology and security expert Bruce Schneier argues that 2015 will see even more doxxings, as "everyone from political activists to hackers to government leaders has now learned how effective this attack is".

What is swatting?

Swatting – named for the US police Special Weapons And Tactics (SWAT) teams – is the act of making a false report to the police with the intention of having a heavily armed response team sent to the target's home.

This is made even more problematic by the militarisation that local US police forces have undergone in the last decade through initiatives like the Department of Defense's 1033 program, which allows the pentagon to provide military grade weapons and equipment to local police forces on a free, permanent loan.

Technology journalist Sarah Jeong describes this as "assault by proxy", as the police can cause serious injury to the targets of these swatting attacks.

How do these attacks happen?

Unfortunately, the technical barrier to doxxing or swatting a person is low. A doxxer can acquire information on their target through a variety of legitimate public sources. Or, more nefariously, through social engineering techniques.

Swatting often just requires the name, and address of the intended target. Swatters often use cheap or freely available anonymising technology to disguise their identity, or to "spoof" the phone number of their target, when making their false report—a move that makes their crime difficult to police.

These attempts also prey on the good faith basis with which emergency responders treat their callers, and as a result valuable police time and resources are diverted away when they may be needed elsewhere.

How can you protect yourself?

If you find yourself at the receiving and of these forms of intimidation and abuse, you've likely done nothing wrong. People are doxxed and swatted for all sorts of imagined wrongs, as banal as having an opinion on the internet or playing video games.

Unfortunately, the prevalence of doxxing and swatting is, in part, born of a perfect storm in personal data insecurity and easily-abused systems for reporting crime. There are no perfect solutions for avoiding being doxxed or swatted except making yourself a more difficult target by adopting strong information security practices.

While the simplest solution for online security is not having online data, this is impractical in the digital age because major parts of our social and professional lives are intermediated through web services. That said, there are a few precautions you can take to increase the security of your data online.

Google yourself

One of the first steps in securing your personal details is discovering to what extent they're already out-there and publicly available. If you find old accounts or websites you no longer want, sites like justdelete.me can provide information about having your account deleted from certain websites.

Don't re-use passwords for multiple services

This can be difficult, as a new password for every service you use will be taxing to even the best of memories. The best, most complex passwords will be challenging to guess or to brute-force, but also difficult to remember.

Here's where technology can make life easier; a password manager app, like LastPass, KeePass or 1Password can help you set unique, complex passwords for each service you use, and let you secure them behind a single, more memorable password.

Though password managers come with their own risks, I'd argue that the benefits of using complex passwords can outweigh these.

Turn on two-factor authentication

Two-factor authentication requires that people trying to access your account have access to a password as well as a "trusted device" – typically your mobile phone – in order to receive an authentication code before gaining access to your account. The Two Factor Auth website lists popular and their support (or lack of support) for two factor authentication.

You can find more information in advice from people who've experienced these attacks, and at websites like Crash Override Network, a support network for the targets of online abuse that provides some excellent guides on online security, and how to cope with doxxing and swatting attacks.

Explore further: Putting the password problem in perspective

Related Stories

UK arrests man in Sony Playstation and Xbox attack

January 16, 2015

Authorities in Britain have arrested an 18-year-old man accused of computer hacking offenses related to days of disruption on Sony's PlayStation Network and Microsoft's Xbox Live services last year.

3Qs: Password and cloud security

September 8, 2014

The recent news that hackers accessed celebrities' cloud accounts and released their intimate photos online has prompted many to question the security of sensitive data stored on people's own smartphones and in the cloud. ...

The quick brown fox can help secure your passwords online

October 28, 2014

In 2004 Bill Gates pronounced usernames and passwords dead. Gates, a man consistently thinking ahead of the crowd, was right. Most of us – including our employers and the online services we rely on – just haven't caught ...

Recommended for you

Researchers 3-D print electronics and cells directly on skin

April 25, 2018

In a groundbreaking new study, researchers at the University of Minnesota used a customized, low-cost 3D printer to print electronics on a real hand for the first time. The technology could be used by soldiers on the battlefield ...

Balancing nuclear and renewable energy

April 25, 2018

Nuclear power plants typically run either at full capacity or not at all. Yet the plants have the technical ability to adjust to the changing demand for power and thus better accommodate sources of renewable energy such as ...

Electrode shape improves neurostimulation for small targets

April 24, 2018

A cross-like shape helps the electrodes of implantable neurostimulation devices to deliver more charge to specific areas of the nervous system, possibly prolonging device life span, says research published in March in Scientific ...

China auto show highlights industry's electric ambitions

April 22, 2018

The biggest global auto show of the year showcases China's ambitions to become a leader in electric cars and the industry's multibillion-dollar scramble to roll out models that appeal to price-conscious but demanding Chinese ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.