The FBI has issued an alert to all law enforcement personnel and high-profile public officials warning them that they could be the target of doxing and other attempts to expose their personal information by online hacker groups.
"Hacking collectives are effective at leveraging open source, publicly available information identifying officers and public officials, their employers or associates, and their families," said the alert. "With this in mind, officers and public officials should be highly aware of their email account security and their online presence and exposure. For example, posting images wearing uniforms displaying name tags or listing their police department on social media sites can increase an officer's risk of being targeted or attacked."
The warning, which was sent out by the FBI on November 18th, comes after the public doxing of CIA director John Brennan when a teenager belonging to the self-described hacktivist collective "Crackas With Attitude" posed as a Verizon employee, gained access to Brennan's AOL account, and compiled personal information from Brennan's emails - which was shared with the media and even posted to Wikileaks.
According to Kaspersky Lab's ThreatPost, the hacker gained access to Brennan's intimate personal information, including a full SF-86 application - a clearance form widely used by various government agencies to vet individuals for security clearance, which includes the full personal history of an individual.
The FBI's warning extends to all law enforcement personnel and public officials, and details the potential threat posed by an inability or refusal to properly secure personal information.
Many legitimate online posts are linked directly to personal social media accounts. Law enforcement personnel and public officials need to maintain an enhanced awareness of the content they post and how it may reflect on themselves, their family, and their employer, or how it could be used against them in court or during online attacks.
The FBI also included tips for LEOs and public officials on how to secure their personal information, including enabling additional security and privacy measures on email and social media, and paying close attention to links and emails to ensure they are not fraudulent or designed for phishing.
More broadly, the FBI warned officials to limit their social media and online footprint entirely, saying:
- Keep your social media footprint to a minimum, where possible, and actively monitor any accounts you maintain.
- When posting on social media sites, do not provide details regarding your workplace, work associates, official position, or duties.
- Do not promote your personal or professional importance in online profiles or postings, as this may make you a potential target for adversaries to exploit.
- Limit your personal postings on media sites and carefully consider your comments
While the threat of doxing for public officials and law enforcement officers is largely a function of poor personal security, the FBI has drastically increased its approach in reactively addressing all security threats, following a series of high-profile and tangentially related attacks on Sony and the Office of Personnel Management.