Attackers hack the request process by compromising government emails and verifying their identity “on various social media platforms, law enforcement portals or other aggregated platforms where they can submit their own request and then receive that information,” Larsen said. “Service providers may later discover that the request was fraudulent, but by that point it’s too late.”

Service providers should implement robust verification processes, such as creating an approval list of authorized government employees or implementing a segregation of duties that requires additional approval for data requests, Larsen said. Individuals should make their personal security contingent on a perceived breach and secure their accounts with non-SMS-based MFA methods, including authentication apps or physical tokens, he said.

In this video interview with Information Security Media Group at Black Hat 2024, Larsen also discussed:

• How attackers use SIM swapping to intercept one-time passwords;
• Legal loopholes that allow doxing platforms to continue to operate;
• Physical threats associated with doxing, such as “violence-as-a-service” attacks.

Larsen leads a team of penetration testers who perform technical security assessments to secure customer applications and infrastructure. His areas of expertise include simulating cyberattacks to identify vulnerabilities in customer systems, as well as tracking initial access brokers, SIM swappers and doxers.