Doxxing - Grayman Solutions to an OPSEC Nightmare

Your option to be Gray may be a necessity due to your job. Think offduty law enforcement or a defense attorney or a school principal. As such; the current climate, a criminal unhappy with the results of a case, or a student looking for revenge could be a threat if they know where you live or how to effect your life. Personally Identifiable Information (PII) can be leaked by doxxers putting you and your family at risk.

Doxxing is a #cyberattack that involves discovering the real identity of an Internet user. The attacker then reveals that person’s details so others can target them with #malicious attacks. #Doxxing is analyzing information posted online by the victim in order to identify and later harass that person.

If you make a politically motivated post or give an opinion about something in the current events you could be come a target. Any seemingly innocuous comment of yours has the potential to draw the anger of an internet mob. This could lead to anything from #creditcardtheft, fake complaints to your place of work, or even people showing up at your door.

Grayman and doxxing


Social Media: The more you share on social media or message boards the easier it is for your PII to be revealed. Let's think about location and how they can figure it it. You don’t even have to outright say where you live. Instead, it’s possible to roughly pinpoint your location by way of elimination. Maybe in one post you share a college football team's logo, in another you mention how you wish they had a Sheets Gas Station in your town. Then in another you mention how you want to visit a certain city thats only 2 hours away. Sooner or later they'll get your town and street address.
Solution: Create strict privacy controls, be cognizant of what info you share, don't interact with public social posts, turn off location sharing, etc.

Public Data Brokers: Spokeo, MyLife, Yellow Pages, and PeopleFinder collect and display your PII. Some offer additional information such as exact addresses, DOBs, and phone numbers for premium price.
Solution: Go to as many as you can and follow the steps to remove your info. Most offer the option but make it difficult to figure out the process. Don't fill out surveys to win prizes online, don't sign up for newsletters, be sure to uncheck boxes on forms that allow sharing, opt for websites not to sell your info.

Packet Sniffing: This is a hacking method where the #doxxer intercepts your Internet data looking for valuable information about you, such as emails, #passwords , credit card data and more all thru public #WiFi .
Solution: Don't connect to public WiFi. Use your phone's hotspot instead.

MetaData: If you share a document like Word, PowerPoint, or even an Image .Jpeg file it's got hidden Metadata. It has names and even GPS data.
Solution: Change your name in the application that creates the file, keep your location sharing off, and don't send files or share publicly.

Quick Login: Many websites allow you to bypass creating an account by instead letting you login with Facebook or Google. If the site isn't secure or is operated by a data seller then everything on #Google or #Facebook is theirs now.
Solution: Don't click those quick "login with" buttons. Create an account with a designated email account. 

Sign-ups: When you sign into a forum or website and all it asks for is an email and password it doesn't seem like a big breach of security but you've just given your personal email address out. That is the single easiest search term for them to run with to find more info on you. It's as unique of an identifier as your Social Security Number. You also just gave out probably your most used password, they can now copy it and use as an easy attempt on other accounts.
Solution: Use a separate designated email address reserved for non-important account sign-ups.

This isn't an exhaustive list of problems and solutions but hopefully it will get you thinking. Practice #OPSEC and safeguard your #PII . Your actions online definitely can impact your real life. A few simple steps can make a difference.


Leave a comment