**Doxers Posing as Cops Are Tricking Big Tech Firms into Sharing People's Private Data**

As a journalist, I have investigated numerous cases of data breaches and cyber attacks. But one particular story caught my attention - how doxing groups are posing as law enforcement officers to trick big tech firms into sharing people's private data.

The case in question involves Charter Communications, a major cable and internet provider. On September 4th, a privacy specialist at the company received an emergency data request via email from Officer Jason Corse of the Jacksonville Sheriff's Office. The request was for sensitive personal information about a "gamer" from New York. What the specialist didn't know was that the email was not actually sent by Officer Corse or anyone else at the Jacksonville Sheriff's Office.

**The Hackers' Tactics**

Exempt, a member of the doxing group behind the ploy, told WIRED that his group had been successful in extracting similar information from virtually every major US tech company, including Apple and Amazon. The group uses two main methods to trick companies into handing over sensitive information: they either use authentic law enforcement email accounts that have been compromised via social engineering or stolen credentials, or create convincing fake domains that closely mimic legitimate police departments.

**The Loophole in the System**

The hackers are exploiting a loophole in the system that allows them to make emergency data requests without additional verification steps. These requests typically bypass any additional checks by companies who are under pressure to fulfill the request as quickly as possible.

In an interview with WIRED, Exempt explained how he uses this loophole to extract sensitive information: "All I need is an IP address, which I can gain pretty easily, [and] next thing you know I have names, addresses, emails, and cell numbers. And with a subpoena and search warrant, I can access DMs, texts, call logs. That's someone's full life in my hands in the space of hours, depending on the response times of the company or provider."

**The Business of Doxing**

Exempt claims that his group has brought in over $18,000 in the month of August alone. In one case, he was paid $1,200 for a single dox of a person who was allegedly "grooming minors on an online gaming platform he owns." The individual was then allegedly swatted.

**The Victims**

In many cases, the victims are unaware that their information has been compromised. WIRED reviewed the information posted online about a 23-year-old from the southwestern US, which includes their home address, phone number, email addresses, and social media accounts. The person did not respond to WIRED's request for comment.

**The Companies' Response**

Major companies like Amazon have acknowledged that they have been victims of these types of attacks. An Amazon spokesperson told WIRED: "Amazon identified and blocked someone that was requesting data from us while impersonating law enforcement... We quickly took steps to protect these customer accounts, and have put additional safeguards in place to prevent this from happening again."

**The Solution**

Experts like Matt Donahue, a former FBI agent who founded Kodex, a company that works with business clients to build secure online portals for law enforcement data requests, say that the problem is not just about companies being careless. "Traditional communications channels, like email, weren't built for the level of identity verification, context evaluation, and real-time decisioning that modern investigations and legal compliance require," he said.

**The Ongoing Battle**

While technologies like Kodex provide a safer alternative to email, over 80 percent of the companies listed on the SEARCH database still accept emergency data requests via emails. Exempt claims that his group has now lost access to Kodex due to its enhanced safety features, but they are working to regain access through another avenue.

This story highlights the ongoing battle between law enforcement and hackers who exploit loopholes in the system to extract sensitive information from big tech firms. As a journalist, it is my duty to shed light on this issue and raise awareness about the dangers of doxing and the importance of protecting people's private data.