Doxing (or doxxing) is in the news again, for an absolutely shocking story that ended with a man's death caused by a swatting attack. If you don't know what doxxing or swatting are, don’t worry. We’ll explain it all.
The doxing 101
Doxing someone is a technique going back to the 90s. Back then, everyone was typically very anonymous online and stripping that anonymity away was a powerful weapon.
I’d argue it really came to prominence in mainstream terms during the massive boom in social media. Bad people very quickly realised huge amounts of personal data was lurking on sites such as MySpace, just out of reach. Once obtained, chaos and mayhem were the inevitable end result. In that time period, roughly between 2007 to 2010, law enforcement was generally struggling to keep up. If you ended up in Internet trouble with trolls and / or doxers, you were essentially on your own.
Not a great position to be in.
The Swatting 101
Prank calls to emergency services have been around forever. The difference here is swatting calls come with the threat of injury or death. The technique involves calling emergency services and telling the operator someone is about to commit suicide, or a family is at risk from an intruder, or perhaps they’ve witnessed someone brandishing a weapon. Whatever it takes to get law enforcement to turn up expecting trouble.
The name swatting comes from the US-based Special Weapons and Tactics teams (SWAT) used to deal with violent and dangerous situations. Swatting became a go-to tactic in gaming circles. Aggrieved gamers would get busy doxing after fallouts over online matches, with inevitable consequences. As streaming is now a default for many gamers, more and more examples of swatting are caught on camera. Everyone from 12 year olds to people gaming in business premises are at risk.
The problem is so bad that law enforcement frequently create tactics to help mitigate the threat to innocent people. Real world pranking can range from mildly amusing to incredibly annoying, but the trouble is people can and do take it to extremes. Swatting is, as you'd guess, a "prank" at the absolute extreme end.
Jail time after man dies of swatting-induced heart attack
What happened here is an awful combination of threats, harassment, social engineering and swatting. A desire to obtain “rare” social media handles led individuals to pressure victims into handing them over. A lot of it sounds like the usual thing you’d expect from doxing: pizza delivered to the door, that kind of thing.
However, it quickly escalated into all manner of malicious tactics designed to steal away desirable usernames. Bomb threats, SIM swap attacks, and even fake dating meetings which involved unsuspecting dates walking into one victim’s home as if they were expected.
Eventually, one victim’s address was posted into a Discord chat. The inevitable swat attack took place, and they died of a heart attack after crawling under a fence at the behest of police officers.
60 months in prison is the end result for 18-year-old Tennessee man Shane Sonderman, one of the people involved in what the judge described as these "almost unspeakable" crimes, and the person who posted the victim's address to Discord. Sonderman's sentence is the maximum the law allows.
Steering clear of swatting
Protecting yourself from swatting isn’t exactly easy, and a lot depends on whether your local law enforcement regularly deploy with weaponry. There are certainly ways to minimise the threat in relation to personal information exposure. However, much of that is down to warding off social engineering attacks and good OPSEC. All the same, it’ll help in all situations including potential swat attempts so it’s win-win.
This story is a shocking reminder that far too many people out there are willing to casually endanger lives over nothing more than videogames, social media accounts, or even just plain old boredom. We need to do everything we can to ensure our risk from such attacks is as minimal as it can possibly be.