Doxxing is a form of cyberstalking that uses sensitive or even secret information, statements, and records of targets. The main purpose of this technique is to expose victims for intimidation or financial extortion.
Table of Contents
What is Doxxing?
The word “doxxing” (also spelled “doxing”) is derived from the term “dropping dox” which means “documents”. Doxxing refers to both the collection of personal information about individuals and its dissemination on the Internet.
Originally, doxxing was used by hackers among themselves, to take down the competition or to get revenge. But in recent years, it has largely taken on greater proportions. Doxxing now affects individuals, as well as businesses and organizations.
For a broader definition, it means to search, collecting and publicly sharing personal information Which may reveal the identity of the victim. The consequences of doxxing range from simple embarrassment to total disruption of the victim’s life.
Doxxing practice: for what purpose?
Some people practice doxxing just to to have fun. But others really set out to ruin the reputation or the life of someone, a company, an organization. The following is a non-exhaustive list of recurring reasons why an author would practice cyberbullying:
- to humiliate the victim
- satisfy a personal revenge
- intimidate the target
- show anger or disagreement with a community, cause, …
- exposing the target to legal action
Doxxing doesn’t have to involve hacking. For an attack on a private individual, for example, the perpetrator will simply collect all the information available on the Internet about his victim (photos, addresses, credit reports, telephone numbers, etc.).
A tool much appreciated by hacktivists
Hacktivists refer to hackers who practice hacking as part of an activist campaign. Hacktivist is a catch-all word combining hacker and activist. In recent years, these groups have made extensive use of doxxing to make their case.
These are people who refer to themselves as cyber warriors. They carry out attacks against organizations or individuals that they believe deserve to be punished. Anonymous, for example, has been doing a lot of doxxing since 2003.
Members of hacktivist groups may also conduct campaigns against commercial enterprises they deem dishonest by making financial (or other) information public, for example. Hacktivists generally use traditional hacking techniques to obtain sensitive corporate documents.
Doxxing and ransomware
With a ransomware attack, hackers encrypt the victim’s entire computer system. The hackers then demand a ransom (in crypto currency) in exchange for the decryption keys.
Some companies don’t pay the ransom. They wipe their systems and restore their data from backups. Those who refuse to pay are sometimes blackmailed.
To force them to pay, malicious actors use doxxing. They threaten to release sensitive and confidential corporate documents. These combined ransomware and doxxing attacks are becoming increasingly common.
Potential impacts of doxxing
To say that doxxing can ruin a person’s life is not an exaggeration. Doxxing attacks have caused victims to suffer public humiliation. These have resulted in job loss, divorce, bankruptcy, etc.
Some people have been driven into hiding as a result of such attacks. And there are worse things. Sometimes attackers have the wrong victim due to misidentification.
Some cases that made the news
In the United States, for example, a University of Arkansas professor was falsely named as a participant in a white supremacist rally in Charlottesville, Texas.
This was Professor Kyle Quinn, who bore a vague resemblance to one of the participants at the rally. The latter was wearing an Arkansas Engineering t-shirt. The professor was identified as the man in the photo.
As a result, his colleagues, friends and family were doxxed and bombarded with hate messages. The activists also sent a request for the professor’s dismissal to his university.
Fortunately, Professor Quinn was able to quickly and easily prove that he was not the man in the photo. He was indeed 1,000 miles away from the rally site at the time of the protest. But not everyone was.
Also in the United States, in Bethesda, Maryland, Peter Weinburg was misidentified by police as a cyclist who injured a child. The man was soon doxxed.
The public reaction was particularly strong. The police had to send a patrol to his home to ensure his safety. It is clear that the consequences of doxxing in the lives of the victims are very realand sometimes dangerous.
How doxxers get victims’ personal information?
Doxxing authors use several intelligence techniques to obtain personal information. They mainly use the following methods.
Open Source Intelligence
L’Open Source Intelligence Refers to any information obtained through the processing and analysis of public data sources. These sources include television, radio, social media and websites. These sources provide data in text, video, image and audio formats.
The data brokers or information brokers are companies that aggregate data before reselling it. They can collect themselves the data themselves or purchase it from third-party companies.
Data brokers most often deal with advertisers or companies wishing to set up a targeted advertising campaign. But thedoxxers are also part of their clientele.
Whois is a database containing contact and registration information for domain names. This is a useful tool for checking the availability of any domain name. However, some people sometimes use it for malicious purposes.
Some registrars offer to hide or restrict Whois data for a fee. But this service is not always available. Doxxers sometimes search for entries in the Whois database.
Some users post a lot of information on social networks. Family, location, address, first and last name, phone number, contacts, workplace, job, interests are all available information.
Doxxers can use this information to identify and initiate a doxxing attack against a target. Published photos and videos are all exploitable data. And each of these files still contains metadata (date and time of publication, location where the image was taken, …) that can also be exploited.
The data disclosed as a result of a breach contains a lot of information: name, password, social security number, postal address, bank details, credit card details, email addresses, phone numbers, … This information is most often available on the Dark Web.
On the Dark Web, doxxers also offer a service called Doxxing-as-a-Service. Providers conduct a doxxing attack against the victim for a fee.
Social engineering is the art of exploiting human psychology, rather than traditional hacking techniques, to gain access to data (or anything else). Instead of trying to find a software vulnerability, for example, a social engineer can call an employee and pretend to be an IT support person.
For the fraudster, the idea is to build trust and familiarity with their victim so they can discreetly extort information without their knowledge. For some criminals, it is generally easier toexploit people’s natural inclination to trust than discovering ways to hack into software.
How to protect yourself from doxxing?
Always keep in mind that malicious actors can harvest any information posted on the Internet. It is therefore particularly important toexercise extreme caution on the Web. To prevent personal information from being recovered, here are some good practices.
Avoid disclosing your true identity
On social networks, forums or any other online platform, it is best touse a pseudonym. This is one of the best ways to avoid being identified and doxxed.
Using a VPN
A VPN guarantees anonymity when surfing the Internet. With this tool, the IP address of the Internet user is not exposed to any of the sites or platforms to which he connects.
VPN also encrypts traffic. This will make using public Wi-Fi much more secure.
Caution with social networks
Almost all items published on social networks can constitute a clue to the user’s true identity. The photo of the front of a house, for example, allows doxxers to confirm a postal address.
Experts adviseuse privacy controls on social media platforms. This is to restrict access to posts as much as possible. It is equally prudent to refuse contact requests from strangers.
Request data deletion
Anyone can ask data brokers to delete personal information from their databases. It is equally possible to ask Google, Bing, Yahoo and other search engines to be removed from search results.
But this rule is not always followed, especially if the information serves a legitimate public interest. EU citizens, on the other hand, can request the deletion of data from any organisation that holds potentially identifiable personal information.
The General Data Protection Regulation gives every web user the right to see what data a company holds about them. If they wish, they can ask for it to be deleted.
And this doesn’t just apply to European organizations. The GDPR covers any organisation that processes, stores or transmits data of European citizens. And this is true regardless of its geographical location.
But even with the RGPD, the internet user does not have carte blanche when it comes to deleting his data. But he has the right to request it. For its part, an organization must have a compelling and valid reason to continue to retain the data in the event of a deletion request.
The Internet user can go around to websites to request the deletion of his or her data. Alternatively, they can use tools such as DeleteMe or Privacy Duck, which for a fee will remove a user’s personal information from all common data brokerage companies.
These will also remove data from web searches and other data trading companies. Objective: Minimize the digital footprint. of the Internet user.
Create disposable email addresses
When signing up for a social network, for example, it’s safer to use an email address created specifically for that purpose, via a free email provider. ProtonMail for example allows you to create an email address without providing an existing one during the process.
Victim of doxxing: what to do?
Any victim of doxxing should :
- Report the customer support of the platform on which the information was posted and request its removal.
- Contact the police in the event of threats or abuse as a result of doxxing.
- Record doxxing. Take screenshots, save abusive emails before they are deleted. This will provide evidence and information for the police investigation.
- Warn people around you: family, employer, colleagues, friends, … These can also be subject to hate mail and abuse simply by being contacts of the victim.
To protect yourself and your loved ones, it is essential to strengthen digital security. This eliminates or at least minimizes the risks of identification and sharing of data useful for doxxing.