Doxxing made easy: social media

By Mark Lanterman

In a recent article, I wrote about doxxing and the potentially unsolvable problems associated with trying to remove all of one’s personal information from the worldwide web. In the digital space we live in, where instant communication and the ability to share information within seconds is an ingrained reality, controlling our personal data online is difficult if not impossible. Even if someone were to go through the trouble of carefully combing through 50 sites’ (often confusing) opt-out pages and removing their information, there is no guarantee that another reseller website won’t pop up the next day with the same information—or that those 50 websites won’t simply repopulate within a few months’ time. Though we often forget—or deliberately ignore—the fact, anonymity on the internet simply does not exist. But perhaps more troubling is that anonymity in our “real” lives is greatly diminished as well as a result of what can be found online.

We do have a measure of control in one of the digital realms of greatest risk—our own social media accounts. A simple adage comes to mind: Think before you post. It’s often easier said than done. After all, some of our wittiest commentaries or observations beg to be shared quickly. Even though most people would likely admit to their lack of anonymity in the social media space, it is also true that many people post and forget. Or they believe that their social media presence is entirely distinct from their professional lives. Many job candidates are horrified to learn that their Facebook posts are up for review just as much as their painstakingly polished resumes. 

Those seeking positions with security clearances are even more at risk of having their social media presence factor into their assessment as job candidates. For up and coming generations that have used social media for the majority of their lives, it’s often a tough truth to accept that once something is “out there,” it’s never truly gone and might affect their real lives. Poor social media habits can spawn a wide variety of risks—and for lawyers, these risks can be especially damaging given the high standards to which they are held regarding confidentiality and privacy for clients. 

Within the legal community, a poorly worded post or an inappropriate picture can cost a firm in more than one way. A damaged reputation can cost a firm clients, and oversharing online can facilitate cyberattacks, as I have discussed in a previous article, “Social media and managing reputational risk.” Doxxing, the process by which personal information is gathered online—often with the intent to maliciously disseminate it—can start with a cybercriminal reviewing a target’s social media pages. A seemingly innocent post about going on vacation can be invaluable in personalizing a phishing attack or strengthening a social engineering scheme. Anything shared online can potentially be used to harm a firm financially, operationally, or reputationally. I frequently advise people to not post anything online that they wouldn’t want their moms to read. It might be better to also advise people not to post anything that they wouldn’t want a cybercriminal to read. 

Being mindful of our social media activities can seem overbearing and perhaps a bit paranoid. Surely, a little Tweet can’t be that big of a deal, right? Who cares? And maybe the majority of the time, nobody will care. But taking responsibility for the security of our organizations and firms requires an acknowledgement of the risks and threats that our digital lives present. With social media, people often end up their own worst enemies thanks to what they choose to share. Doxxing isn’t always a complicated treasure hunt that requires carefully surveying multiple reseller websites. It can also be a quick trip to the potential victim’s Facebook page. 

MARK LANTERMAN is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.