Doxers Posing as Cops Trick Big Tech Companies into Sharing People’s Private Data
When a privacy Specialist at Charter Communications’ Legal Response Operations Center received an emergency data request via email on September 4 from Officer Jason Corse of the Jacksonville Sheriff’s Office, and it took only minutes for him to respond with the “target’s” name, home address, phone number and email address.
But the email did not actually come from Kors or anyone else at the Jacksonville Sheriff’s Office. It was posted by a member of a hacker group that offers Doxing services to customers willing to pay for highly sensitive personal data held by tech companies in the United States.
“It took all of 20 minutes,” Exempt, a member of the group that pulled off the trick, told WIRED. He claims his group has been successful in extracting similar information from nearly every major US tech company, including Apple and Amazon, as well as fringe platforms such as the video-sharing site Rumble, which is popular with far-right influencers.
Exempt shared with WIRED the information Charter Communications sent to the group, explaining that the victim was an “actor” from New York. When asked if he was concerned about how the information he obtained could be used against a target, he said, “Normally I don’t care.”
The victim did not respond to WIRED’s requests for comment.
“It’s certainly troubling to hear about criminals impersonating officers, especially when they’re claiming to be one of our employees,” said Christine Hancock, director of media relations for the Jacksonville Sheriff’s Office. Corse’s officer declined to comment.
Charter Communications declined to comment.
This method of tricking companies into handing over information that can be used to harass, threaten and intimidate victims has been known for years. But WIRED has gained unprecedented insight into how one such doxing group operates and why it still happens so often despite years of warnings.
The Charter Communications incident was one of 500 successful requests for exempt claims filed in recent years. To back up his claims, the hacker shared numerous documents and recordings with WIRED, including what he claimed were screenshots of email requests, fake subpoenas, responses from tech companies and even a video recording of a phone call to a company’s law enforcement response team seeking to confirm a request. Maaf also shared evidence that a current law enforcement officer (Maaf declined to provide the officer’s location or name) was in contact with the group, who allegedly worked with them to send requests from his account in exchange for a cut of the profits.
