Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing Peopleâs Private Data WIRED

pWhen a privacy specialist at the legal response operations center of Charter Communications received an emergency data request via email on September 4 from Officer Jason Corse of the Jacksonville Sheriffâs Office it took her just minutes to respond with the name home address phone numbers and email address of the âtargetâppBut the email had not in fact come from Corse or anyone else at the Jacksonville Sheriffâs Office It was sent by a member of a hacking group that provides doxingasaservice to customers willing to pay for highly sensitive personal data held by tech companies in the United StatesppâThis took all of 20 minutesâ Exempt a member of the group that carried out the ploy told WIRED He claims that his group has been successful in extracting similar information from virtually every major US tech company including Apple and Amazon as well as more fringe platforms like videosharing site Rumble which is popular with farright influencersppExempt shared the information Charter Communications sent to the group with WIRED and explained that the victim was a âgamerâ from New York When asked if he worried about how the information he obtained was used against the target Exempt said âI usually do not careâppThe victim did not respond to WIREDâs requests for commentppâIt is definitely concerning to hear criminals impersonating officers in such a manner more so when they are claiming to be one of our employeesâ says Christian Hancock the media relations manager at the Jacksonville Sheriffâs Office Officer Corse declined to commentppCharter Communications declined to commentppThis method of tricking companies into handing over information that can be used to harass threaten and intimidate victims has been known about for years But WIRED has gained unprecedented insight into how one of these doxing groups operates and why despite years of warnings it is still happening so oftenppThe Charter Communications incident was one of up to 500 successful requests Exempt claims to have made in recent years To back up his claims the hacker shared multiple documents and recordings with WIRED including what he claimed were screenshots of email requests fake subpoenas responses from tech companies and even a video recording of a phone call with one companyâs law enforcement response team which was seeking to verify a request Exempt also shared evidence suggesting that a current law enforcement officer Exempt refused to provide the officerâs location or name was in contact with the group about allegedly working with them to submit requests from his own account in return for a cut of the profitsppâAll I need is an IP address which I can gain pretty easily and next thing you know I have names addresses emails and cell numbersâ says Exempt adding that he can then use that information to make emergency data requests âAnd with a subpoena and search warrant I can access DMs texts call logs Thatâs someoneâs full life in my hands in the space of hours depending on the response times of the company or providerâppThis type of doxing appears to be a lucrative business Exempt claims his group brought in over 18000 in the month of August alone In one case Exempt says he was paid 1200 for a single dox of a person who was supposedly âgrooming minors on an online gaming platform he owns The individual was then allegedly promptly swattedâppWIRED reviewed the information posted online about a 23yearold from the southwestern US which includes their home address phone number email addresses and social media accounts The person did not respond to WIREDâs request for comment WIRED was unable to independently confirm if the person was swattedppIn the US federal state and local law enforcement agencies who need to identify the owner of a social media account or details about a specific phone send the relevant company a subpoena or warrant requesting the informationppAll major companies operating in the US have departments and specific staff assigned to dealing with these requests which are typically sent via email The companies once they review the subpoena and see it has come from what looks like a law enforcement agency typically comply with the requests sometimes taking additional verification steps such as phoning the officer involved to confirm that they did indeed send the requestppBut officers can also make emergency data requests or EDRs in cases involving a threat of imminent harm or death These requests typically bypass any additional verification steps by the companies who are under pressure to fulfill the request as quickly as possibleppThis is the loophole that hackers like Exempt who says he is âa Gen Z male located within the Europe areaâ can exploitppThe problem partly stems from the fact that there are around 18000 individual law enforcement agencies in the US all of which use their own email naming conventions and domain registrations including us net org gov and comppThe hackers typically use one of two ways to trick companies into making them believe the emails are coming from real law enforcement agencies In some cases they use authentic law enforcement email accounts that they have compromised via social engineering or using credentials stolen in previous hacks Other times they create convincing fake domains that closely mimic legitimate police departmentsppâThis was an email address that looked like the real thingâ says Exempt explaining the mechanics of how he tricked Charter Communications âThe real domain of the Jacksonville Sheriffâs Office in Florida is jaxsherifforg We purchased jaxsheriffus and then spoofed our number as the departmentâs so that when we called them to verify receipt of the legal process when they searched the number it would come back to the sheriffâs office giving them no reason to doubt it We use real badge numbers and officer names as wellâppThe hackers also craft highly convincing fake official documents by mimicking official recordsppâWe look at real subpoenas through public records where available and use the legally correct wording and sections of the law in the subpoena so that everything is legally correct and binding so that we realistically have zero percent chance of them secondguessing itâ says Exempt This has worked in multiple states and courts in the US he claimsppâAs an extra verification step we sometimes check online to see if the named judge is actually in court that day so that if a company was to phone up and verify they would be in the building but most likely be too busy to be able to verify the singular documentâ says ExemptppIn many cases Exempt says the email and attached subpoena is enough to extract the information In one example shared with WIRED Exempt claims that his group which he says is made up of around nine people located across Europe and the US was able to obtain the information used to register the official Rumble account belonging to British farright activist Tommy RobinsonppRobinson and Rumble did not respond to requests for commentppEven in cases where companies do take additional steps to verify the subpoenas are coming from real officers the hackers are able to circumvent thisppIn a recording of a phone call shared with WIRED a representative from Amazonâs law enforcement response team called the number included in the faked email Exempt sent and spoke with Exempt to verify that they had received the documents she had sent him via an online portalppâAmazon identified and blocked someone that was requesting data from us while impersonating law enforcementâ says Adam Montgomery an Amazon spokesperson âThe impersonator received basic account data for fewer than 10 customers We quickly took steps to protect these customer accounts and have put additional safeguards in place to prevent this from happening againâppWhen asked for details of what those safeguards were Amazon declined to commentppWhile the hackers are clearly exploiting massive loopholes in the system in some cases the tech companies themselves have laid out stepbystep guides on how to craft these requestsppâIn order to request that Apple voluntarily disclose information on an emergency basis the requesting government or law enforcement ofïcer should complete the Emergency Government Law Enforcement Information Request form and transmit it directly from their ofïcial government or law enforcement email address to a specific applecom email address with the words âEmergency Requestâ in the subject lineâ Apple writesppExempt shared with WIRED an example of a request he made to Apple using a fake subpoena as well as the information Apple sent back to him that included an iCloud account holderâs home address cell phone number and email addresses Apple did not respond to a request for commentppOne online database maintained by SEARCH a nonprofit criminal justice support organization lists direct contact details for the law enforcement divisions of over 700 internet service providers and other online content providersppâThe core issue isnt companies being careless its that traditional communications channels like email werent built for the level of identity verification context evaluation and realtime decisioning that modern investigations and legal compliance requireâ says Matt Donahue a former FBI agent who left the agency in 2020 Soon after Donahue founded Kodex a company that works with business clients to build secure online portals that law enforcement can use to make data requestsppWhile technologies like Kodex provide a much safer alternative to email over 80 percent of the companies listed on the SEARCH database still accept emergency data requests via emails according to one review conducted by KodexppBut even those who only use Kodex are not in the clear Exempt claims that he was able to make requests through Kodex for a period of time using compromised law enforcement email accounts However because of Kodexâs enhanced safety features including whitelisting specific devices from which requests can be made Exempt and his group have now lost access to the systemppThe hacker claims however that they are now working to regain access via another avenueppâWe are in talks with a deputy from a large sheriffâs office â who we got paid to dox and who is now interested in either renting his Kodex account to us or he may submit the requests for us on his sideâ says Exempt âThis is in the very early stages of talks He would want a percentage of the money we make and his dox removed on a wellknown doxing siteâppTo back up his claim Exempt shared a screenshot of an alleged text exchange with the officer including a blurred image that he refers to as his ID card âYâall have the SSN and the rest of the info you need about me and my famâ the alleged officer wrote in a message âIâm on the fence about it right now but we will all get what we want out of this if we do a dealâppWhen asked if he thought it was possible the officer was trying to entrap them Exempt said probably not âjust for the fact he has been doxed and within that dox some pretty damning stuff about said officer came out which he clearly wants removed So Iâm pretty certain he is being honest about the fact he is considering itâppDonahue says Kodexâs system could flag such behavior because it is able to âpatternmatchâ the behavior of law enforcement agents and how they interact with companies that use the Kodek platform âWe can and do detect behavioral changes that allow us to protect our customers on a continuous basis as opposed to a onetime verificationâ says DonahueppWhile the hackers are taking advantage of the weakness in email security they are also taking advantage of companiesâ desire to help law enforcement save livesppâPublicprivatesector coordination is an incredibly complex and nuanced space that could very well be the difference between a kid being found in a trunk or notâ says Donahue âLawful government data requests sit at the very unique intersection of data privacy public safety security legal compliance and civil rights so anyone suggesting these requests are carelessly responded to in minutes has little to no understanding of the subject matterâppIn your inbox Upgrade your life with WIREDtested gearppThe three missing minutes of the FBIs Epstein prison videoppBig Story The baby died Whose fault is itppThe wild story behind Kendrick Lamarâs Super Bowl halftime showppWatch How online scammers use AI to steal your moneypppppp 2025 Condà Nast All rights reserved WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers The material on this site may not be reproduced distributed transmitted cached or otherwise used except with the prior written permission of Condà Nast Ad Choicesp