The Stalking, Swatting & Doxing Threat: How a Proactive Employee Protection Strategy is Key

I’m a panelist on an online monthly forum that is focused on safety—and sometimes security—in the utility industry. During the July session, someone asked what utilities are doing to prevent employees from being identified and harassed through trolling tactics such as stalking, swatting and doxing.

The discussion offered few effective methods for minimizing threats and improving employee anonymity. Today, I want to expand on the conversation and introduce a solid approach for reducing the targeting and harassment of utility employees and their families.

One option discussed during the session was to “sanitize” information displayed on uniforms, vehicles and equipment. In this context, the phrase means to remove or obscure any direct source of identification. While this might help reduce some level of information exposure, it’s not a complete solution. The term, as used in the discussion, was actually a misnomer. Fully sanitizing an informational profile is, in reality, a “gray man” tactic—and not something I recommend.

To sanitize all physical recognition markers, you must scrub primary data and eliminate traceable secondary data and positional indicators, which include anything that suggests a bias on social, political or religious issues. You’ll also need to remove any identifiable items such as logos or entertainment memorabilia. You’ll need to constantly conceal any tattoos or distinguishing features and wear a balaclava when leaving the office. However, all of this effort becomes somewhat pointless when you ride around in a bucket truck or other utility vehicle and then drive the same personal vehicle to and from home every day.

Today, it’s hard to hide your identity and remain an active member of society. It’s virtually impossible to remove all identification from vehicles and equipment. Employees must retain appropriate credentials, and a thorough physical identity scrubbing won’t eliminate your online presence.

The Bottom Line: in today’s digital world, scrubbing physical information won’t solve identification exposure problems. A simple internet search will yield all the information needed to wreak havoc.

So, how do we protect our employees and their families?

Protection from harassment and intimidation requires a proactive employee protection strategy. First, reconcile the fact that your ability to remain anonymous is limited. Next, learn the fundamentals of harassment tactics and the goals and objectives of trolls.

Harassment is a fluid practice that sprouts like dandelions; it appears without notice and multiplies quickly. But unlike dandelions, harassment can escalate into truly dangerous situations. Harassment tactics vary based on factors such as intent, experience and resources, ranging from attempts at embarrassment to lethal action. But while tactics vary, the underlying goals and objectives remain relatively constant.

The goals, or desired outcomes, typically focus on retribution for a real or perceived offense or on forcing the target (i.e., the organization or employee) to take some desired action favored by the perpetrator.

The objectives are those specific actions taken to accomplish a troll’s goals. The primary objective is to create an untenable situation for the target through harassment and intimidation that achieves the desired goal. This is often accomplished by identifying employees and leaking private information to those willing to act maliciously or surreptitiously—using tactics like swatting and hoping for a severe or even lethal outcome.

One practical approach is to employ risk profile techniques. Risk profiling is a multilayered effort that can appear complex at first. However, once you get the hang of it, you’ll realize that each layer is a manageable piece of a larger puzzle that can be used as a standalone protective element or integrated into a comprehensive response strategy.

Begin by completing a risk profile of your utility. An organizational risk profile assesses internal and external factors that can impact information access. While there are many elements to consider, key internal aspects will include identifying operational vulnerabilities that allow for information leaks, office practices that expose sensitive information, the organization’s social media presence, employee traits and any controversial positions it may hold.

There are also a myriad of external factors that need to be assessed, including the local area’s environment, service territory, population characteristics, governmental influences and broader civil and societal issues.

The organizational risk profile will identify vulnerabilities and opportunities to minimize information exposure, as well as provide intelligence needed for developing counter-surveillance and harassment mitigation strategies.

The next step is to develop personal risk profiles. This involves understanding how individual actions can inadvertently reveal identities and sensitive information. Creating an accurate risk profile requires honest self-assessment of everyday activities that can have unintended consequences.

When creating a risk profile, consider everything from lifestyle and work habits to daily routines and rituals, such as the sequence of events that take place when driving to work on a typical day. This process will reveal vulnerabilities stemming from social media use, off-time activities and regularly visited places. The risk profile review should extend to the activities of family members and even friends.

Creating a personal risk profile helps identify necessary lifestyle changes and helps determine what to modify, limit or remove. It also provides options for areas where change is unrealistic or unwanted.

So, how do you build a risk profile? Effective training is the key. Seek out a program that emphasizes practical skills and provides a clear, effective methodology. Then, put your newly acquired skills to work creating and implementing a risk profile strategy that covers both organizational and individual levels.

The end result of an effective risk profile exercise will be the assimilation of the intelligence needed to establish practical countermeasures against trolling tactics such as stalking, swatting and doxing.

About the Author:

Jim Willis is president of InDev Tactical, a security training and consulting firm. He is a utility engineer, credentialed homeland security specialist and anti-terrorism expert. If you would like to discuss utility-focused security training or consulting assistance, contact Jim at 703-623-6819 or jim.willis@indevtactical.net.