Authorities and celebrities were grappling with how to respond to a website that posted what appears to be private financial information about top government officials and stars such as Jay-Z and Mel Gibson.
Doxxing or Doxing is the act of identifying a person from one or more pieces of information, such as an email address, and then collecting and publishing additional personal information on a victim. A “Doxer” uses a piece of information to find out phone numbers, addresses, real name, financial information and even social security numbers of the target. Doxing is “legal” as long as the “Doxer” is only finding publicy available information, but is illegal when the “Doxer” commits identity theft or stalks the person through online chat services, like Facebook, Twitter, Gmail Hotmail, and AOL, etc. Doxing is also illegal if it facilitates the action of other offenders to commit identity theft or harass victims.
The FBI is investigating whether the financial records and other personal information of leading political figures, including Vice President Biden and first lady Michelle Obama; and celebrities, including Mel Gibson, Kim Kardashian, Ashton Kutcher, Arnold Schwarzenegger, Beyonce and Jay-Z.
Much of the posted material was apparently obtained from credit reports from organizations such as TransUnion and Equifax. Many fields of information on individuals from credit bureaus are not considered public information.
Personal information of police officers has also been published. Last year the hacking group “Anonymous” published the names, addresses and police department affiliations of more than 700 police officers in Texas after the Texas Police Association website was hacked. The doxxing of police officers is a concern because of the possibility of retaliation by offenders or gang members.
In a controversial act of doxxing committed by media, Journal News released personal information of gun owners. On December 22, 2012 The Journal News published an interactive map displaying the names, addresses and home locations on maps of all handgun permit holders licensed in Westchester and Rockland counties in New York. The information was public for 27 days. The newspaper took down the data and maps on January 19, 2013 after new gun laws provided that gun owners can keep their information from public view.
On December 23, 2012, blogger Christopher Fountain published the names and addresses of the staffers at The Journal News, which responded by hiring armed security for its staff.
Michelle Obama is the latest victim of a group of hackers targeting celebrities. This time, they even hacked the organization that’s after them — Robert Mueller, the Director of the FBI!
Caller ID Spoofing is the practice of causing the telephone network to display a number on the recipient’s Caller ID display that is a different number and not the actual number of the caller. Some actions simply involve pranks with “no malicious intent” and Caller ID spoofing sounds like a harmless prank, but the crime is potentially malicious and a threat to identity security and financial security. Offenders can use illegal actions to pretend to be an electric utility, phone company, gas company, hospital phone number, a police headquarters phone number or other government number in an attempt to acquire private, personal information of a victim. For this reason, it is always best to return a phone call to a known published number to an agency claiming to need to communicate with you before you provide any information.
Under the Truth in Caller ID Act of 2009 (S.30), which also targets VOIP services, it is illegal “to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value….” Forfeiture penalties or criminal fines of up to $10,000 per violation (not to exceed $1,000,000) could be imposed. The bill maintains an exemption for blocking one’s own outgoing caller ID information, and law enforcement is exempt from the law. The U.S. government is known to have the capability of pretending to spoof IP addresses to throw off website managers or foreign governments that might be trying to monitor location and other information about viewers in situations of espionage, so it is not surprising that law might be given the capability to spoof suspects. The law went into affect after about five years of known cases of harmful spoofing.
It is still technically possible for offenders to spoof a victim. Well-known third party websites were at one time legal, and provided fee-for-services spoofing. The legal websites no longer exist, but the technical capability of spoofing still exists.
Email spoofing involves emails in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because email technology, known as Simple Mail Transfer Protocol (SMTP) doesn’t provide any authentication, it is easy to impersonate and send fraudulent emails. Email spoofing is often used during phishing attempts using fake bank log-in screens that can capture a victim’s user name and password if they fooled by the fake bank log-in screen. Emails often claim there is a problem with the account, and that a log-in is required to correct the problem. It may seem that people who fall for these attempts are very gullible, but circumstances such as fatigue, or rushing and haste, distractions, or coincidental recent communications or incidents with the agency that the offender is attempting to mimic can cause a person to fall victim to these type of scams.
SWATTING is an attempt to trick any emergency service (such as a 9-1-1 center and associated emergency services) into dispatching any emergency response based on a false reporting of an incident — usually a violent incident. SWATTING can be more credible when it is combined with the technique of spoofing. The offender makes a 9-1-1 call using a spoofed phone number that is likely the victim’s actual home phone number. It is possible to draw emergency authorities into responding to an address with a heavy police response or a SWAT team to an emergency that doesn’t exist. The offender can commit the crime from almost anywhere in the world.
Get updates from The Cardinal CRIME BLOG ‘Plus’ on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Crime & Forensics’ Page (become a fan of our page). The updates cover all posts in the 24/7 Crime Alerts! and sub-categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …