Protect Yourself from Doxxing

Since the earliest days of the second term of President Donald Trump, federal immigration law enforcement has been a priority. Trump and his Department of Homeland Security officials have been using Immigrations and Customs Enforcement agents to arrest people who are illegally in the United States.

Such actions have met with great resistance, civil disobedience, and even violence toward the agents. One of the most common complaints about the ICE operations is that the agents do not wear name tags and also often wear face masks. Activists and Trump opponents say that ICE agents are not identifying themselves as law enforcement (even though they wear vests that identify their agency) and are disguised, making them “secret police.” ICE agents say the masks and nameless uniforms are necessary to prevent “doxxing” that can reveal their home addresses and lead to harassment or even threats to themselves and more importantly their loved ones.

Originally called “document drop,” doxxing is a type of digital harassment where a person with easily available information about their target such as name and city of residence can quickly discover their home address, phone number, social media profiles, and more. They then “drop” that information on the web and encourage people to abuse them. In many states, doxxing is not against the law.

Anyone can be targeted by doxxing for a wide variety of reasons, ranging from personal grudges, to political disagreements, to video game disputes, or even posted comments on a fan site about sports or movies. Doxxing can lead to career problems, financial losses, identity theft, and even verbal and physical assaults.

It’s not uncommon for law enforcement officers to be targeted by these tactics after they become involved in a critical incident or just for something as common as citing someone for a traffic violation. Not only have officers been targeted and threatened by doxxers, so have their loved ones.

You are the Target

There have been numerous incidents of law enforcement officers being doxxed. Not all of them make the media. Here are a few that did.

Immediately after the Michael Brown incident, hackers threatened to release the names, addresses, and even Social Security numbers of all the Ferguson officers.

In 2018, an adjunct professor at New York University tried to release the names of 1,500 ICE agents that he pulled off of LinkedIn. The platform where he planned to release the information shut him down.

During the mayhem that occurred in Portland, Oregon, during the George Floyd riots and protests, 38 officers were doxxed in Portland. The targets included Portland Police officers who had been authorized to cover their names with tape. Federal officers who were working in Portland at the time were already hiding their identities to deter doxxing, but they were criticized for doing so by none other than their future boss: then Democratic presidential nominee Joe Biden.

Today, officers are still facing cyber threats from hacktivists and other anti-police individuals. Earlier this year, DHS reported that Immigration and Customs Enforcement agents were being doxxed in, you guessed it, Portland.

Even when officers take steps to avoid being identified in public because they work under cover or in sensitive enforcement areas, their agencies sometimes expose them. In April 2023, 321 LAPD officers who work undercover were exposed by their own agency when it received a request from a local progressive news outlet called Knock LA, according to a lawsuit filed against the city by the officers. The agency sent photos, names, ethnicity, rank, date of hire, badge numbers, and division assignment to the outlet. Then an activist group posted all that information on more than 9,300 officers in a searchable database. A city attorney had determined that California law required the release of the information, however, ABC7 reported thatthe undercover officers could have been legally omitted.

Hardening the Target

As you can see from the case studies, It’s hard for a public official like a law enforcement officer to prevent their name and likeness from being accessed by people who might want to dox them, so the best thing to do is to make it harder for them to get additional information that they can release online.

Social Media—The first thing is lock down your social media. A lot of information can be gleaned from your posts, including the names and ages of your children. First, be careful what you post. It’s not worth it to pick a fight with someone you don’t know online. Second, set the privacy settings on your social media accounts to friends only, not friends of friends. Be sure to have your children and your spouse or significant others do the same.

Phishing—Do not click on links in text messages or e-mails, unless you are sure they are safe. The message could be a phishing attack. If a company you patronize such as a store sends you an e-mail or text, don’t click on the link they provide. Look up the company’s actual URL and go to the website by typing it in or call the company’s number listed on its website, not the one in the text or e-mail. This is especially true if the company says it owes you a refund or wants to award you a special prize or says you owe money. Note: phishers are now using QR codes to take people to site where they can gain access of their devices.

You could end up being doxxed after a phishing attack. Phishers take as much data off of devices as they can. They then post that data on the dark web. Someone who has the name of Officer John Doe can search dark web data for doxxing info. Always remember that any cyberattack can be multilayered. For example, doxxing can lead to identity theft.

People Search Sites—There are dozens of websites that will help people search the background of a person. If they have your name, your approximate age, and a good idea of your city of residence, they can find you. If you are concerned, you can contact them and ask them to remove you. It’s going to require some effort.

Practice Good Cyber Hygiene—Use a virtual private network (VPN) to mask your IP address while visiting sites. Every site you visit can see your IP address. Don’t use public Wi-Fi networks. These sites are unencrypted and someone could be intercepting your data. Use strong passwords and don’t use the same one for every site. If you have trouble remembering passwords, you can use a password management tool.    

Antivirus Software—You may want to invest in antivirus software. Some can check the dark web for your information. They can also prevent malware such as spyware from activating on your device.

Lock Your Credit—By going to the websites of the three major credit monitoring companies, Equifax, Experian, and Transunion, you can temporarily lock your credit. This means if someone steals your identity, they will have a hard time opening accounts in your name. You can unlock the accounts when you need them.

How to Respond

If you discover you have been doxxed, the first thing you need to do is report it to your agency. A breach of your security could lead to a breach of the agency’s security.

Immediately change all passwords. Add dual-factor authentication to your accounts if it is available. Your goal is to reduce the damage.

Document all evidence you can find that you data has been released. You may need it for asking sites to remove your data. If doxxing is illegal in your state, you may need it so that other law enforcement officers can investigate and possibly prosecute.