(U//FOUO) FBI Threat to Law Enforcement From “Doxing”

The following FBI bulletin was originally released by Anonymous on December 16, 2011.

Law Enforcement at Risk for Harassment and Identity Theft through “Doxing”

  • 6 pages
  • For Official Use Only
  • August 2, 2011


(U//FOUO) The FBI assesses with high confidence a that law enforcement personnel and hacking victims are at risk for identity theft and harassment through a cyber technique called “doxing.” “Doxing” is a common practice among hackers in which a hacker will publicly release identifying information including full name, date of birth, address, and pictures typically retrieved from the social networking site profiles of a targeted individual.

(U//FOUO) In response to law enforcement activities that have occurred against Anonymous and LulzSecc since January 2011, members of these groups have increased their interest in targeting law enforcement in retaliation for the arrests and searches conducted. Hackers and hacktivists—hackers who commit a computer crime for communicating a socially or politically motivated message—have been openly discussing these activities on Twitter and posting information pertaining to law enforcement on their Twitter accounts and Internet Relay Chat (IRC) channels.

• (U//FOUO) In June 2011 members of Anonymous and LulzSec discussed an identified FBI agent in the IRC channel #lulzsec. The detailed information included when he or she started working for the FBI, training, assignments, and previous employment. FBI analysis suggests that this information was derived from a 2009 affidavit that was available on the Wired.com Web site.

• (U//FOUO) On 26 July 2011 the Twitter account OpMonsanto, an account used by members of Anonymous, warned of the intention to “dox” FBI agents following the 19 July 2011 arrests of 16 individuals for their presumed role in Anonymous’ activities: “OpMonsanto: To any FBI agent involved in the continued unjust raiding of peaceful Anons: Expect us. You are no longer entitled to your privacy.”

• (U) On 31 July 2011 more than 70 law enforcement Web sites were hacked and large amounts of confidential data was exfiltrated. These Web sites included state and local police departments that were not associated with the takedowns. The data consisted of email addresses, usernames, Social Security numbers, home addresses, phone numbers, password dumps, internal training files, informant lists, jail inmate databases, and active warrant information. Operation AntiSecd claimed that the intrusion was in response to “bogus, trumped-up charges” against the individuals associated with Anonymous’ attacks on PayPal.

(U//FOUO) Recently, Anonymous members have also “doxed” the employees of companies that were victims of their previous attacks, who are perceived as working with law enforcement.

• (U) In July 2011 a sealed search warrant affidavit pertaining to the 19 July takedown was available on the Internet. The affidavit contained the personal information of employees of two US companies, as well as FBI personnel. The personal information consisted of names, units, and job titles.

(U) Outlook and Implications

(U//FOUO) The 19 July takedown of Anonymous and LulzSec members has increased members’ interest in targeting law enforcement in retaliation for the arrests and searches conducted. As more arrests are made against suspected members of Anonymous and LulzSec, the FBI expects hacking activities and “doxing” that targets law enforcement and government interests will continue. This could compromise investigations and result in harassment and identity theft of the individuals named in the “dox.”

(U//FOUO) Precautionary measures to mitigate potential harassment and identity theft risk to being “doxed” include:

o Safeguarding material containing personal information pertaining to officers and named victims;
o Changing passwords and do not reuse passwords for multiple accounts;
o Using strong passwords;
o Monitoring credit reports;
o Monitoring online personal information, including what others post about you on services such as social networking sites;
o Being careful when giving out contact information; and
o Being aware of social engineering tactics aimed at revealing sensitive information.

Share this: