The Internet is a double-edged sword: it is a great place for people to interact and share information on a global scale, but it is also used to troll, offend, and harass others. You may have heard of high-profile celebrities who have gone wild. So what is doxing and what does such an act entail? Can it happen to you too? And, most importantly, how can it be prevented? In this post we answer all these questions.
What is doxing?
Doxing is based on the collection of information on the Internet from people and companies. The word comes from “docs” (documents). You don’t need to know much about code or computers to doxing, but it could be tricky if done by computer analysts.
This technique is used by some journalists during their investigative activity, but also by governments or security forces when investigating cybercrime. Doxing is also used to reveal hidden identities on the Internet.
Doxing requires good intuition, but also knowing how to use the tools that are available to track information. Some of that information is found in open data sources like the WHOIS protocol (if it’s public, you can verify information about ownership of a domain name) and on social networks like Facebook. In addition, there is information about the documents that hackers or organizations like Anonymous had leaked after their attacks.
How do you get confidential or personal information?
As we mentioned above, on Doxing, someone leaks your sensitive information online without your knowledge or consent to get personal revenge on you or harass you.
First, the doxer (the person who implements doxing, also spelled “doxer”) collects your information as follows:
- extracting data from a leaky database,
- executing sophisticated phishing attacks to manipulate you into sharing your information,
- hacking into the system to gain unauthorized access to information/media stored on your PC or mobile device,
- stalking your and your friends/family’s social media profiles, or from online directories and public databases etc.
However, sometimes the doxer doesn’t need to look up your information online. In cases of personal revenge, the doxer may be someone you know personally, such as a friend, colleague, neighbor, etc., who already knows your phone number, home address, email address, etc.
The doxers then decide what information they want to disclose, on which platform, and the method of disclosure. They usually leak your personal information, such as:
- social Security number,
- physical address,
- payment card information,
- phone number,
- mortgage details,
- credit reports etc.
Doxing can permanently tarnish a victim’s reputation, cause job loss, or embarrassment in front of friends and family.
Victims will be vulnerable to various cyberattacks once their financial details or personal information becomes available online, even after such information is removed by the platform used for doxing.
What do cybercriminals use it for?
Unlike other cybercrimes, which are committed for financial gain, doxxing is often committed for the purpose of:
- Shaming the victim
- personal revenge,
- Demonstrating anger or disagreement with a particular community/cause, or
- scare or intimidate victims.
Doxing is not illegal if the exposed information is part of the public record. This includes arrest records, marriage certificates, major traffic violations, and divorce records. If someone posts these records, even without your consent, they are not doing anything illegal.
Doxing can be illegal if someone posts information that is not on the public record, such as your bank account information, credit card numbers, or birth certificate. The Doxers are acting illegally when they access this information and publish it.
However, doxing is always unethical, even if the perpetrators only traffic in information available through the public record.
Examples of doxing
To better understand and answer your question about “what to do?” and the motives behind this type of cybercrime, let’s explore some real-world examples:
It is not uncommon for journalists to find out the personal life information of a celebrity and post such gossip on their media platforms. However, doxing is not regular entertainment news. Here, the hacker posts the sensitive information of the celebrity, such as their payment card information, email address, social security number, or phone numbers.
Celebrities like Paris Hilton, Kim Kardashian, Joe Biden, Hillary Clinton, and President Donald Trump, as well as many others, have been doxxed.
Example: In 2013, TMZ reported that a group of Russian hackers duped 12 high-profile celebrities and politicians by posting their social security numbers, mortgage amounts, credit card information, car loans, banking and other information on a website.
Sometimes doxing is done by internet vigilantes who can’t be bothered to properly investigate their victims to make sure they have the right person. Instead, they mistakenly link people to activities or situations that are not related to them. Due to such “faulty” doxing, hence the name, innocent people face:
- loss of reputation,
- Job’s lose,
- physical damage, or
- loss of life
Let’s better understand faulty doxing with the following real life examples.
Example 1: In August 2017, neo-Nazi white nationalists held a march on the University of Virginia campus. Someone on social media incorrectly identified one of the participants as Kyle Quinn, a professor who runs an engineering lab in Arkansas. Throughout the night, thousands of people shared his image, and even his address, on social networks. They also sent him hate messages and demanded that he resign from his job at the university. Later, it is discovered that Quinn has nothing to do with the Virginia rally, and was just the victim of such flawed doxing.
Example 2: In 2013, some Reddit vigilantes mistakenly identified an innocent student, Sunil Tripathi, as a suspect in the Boston Marathon bombing. Tripathi disappeared and, according to her family’s social media page, her body was found in the water near a park in Rhode Island. His cause of death was ruled a suicide, which was believed to be the result of public embarrassment caused by faulty doxing.
Sometimes people use doxing as a means of getting revenge. They post publicly identifiable information about their enemies online to embarrass them.
Example: In March 2015, former Major League Baseball player Curt Schilling took revenge on people who posted sexually offensive comments about his daughter on Twitter. Schilling investigated the real faces behind Twitter troll profiles and doxxed them by posting their real identities online. As a result, one bully was fired from his job and another was suspended from his community college. Other thugs, whose identities were not released, were scared off by this doxing and posted apologetic messages. In this case, Schilling used doxing for online vigilante justice.
Another method of doxing is known as “punching.” This occurs when a person wrongfully accuses someone of a crime and sends the police to the victim’s address to harass them. However, this type of doxing can often prove fatal for the victim.
Example: In December 2017, while playing an online video game, Tyler Barriss was involved in a conflict between two other players, Casey Viner and Shane Gaskill. Viner asked Barriss to squash Gaskill, and Gaskill challenged him to do so, providing the address of his previous home, one now occupied by the family of a man named Andrew Finch.
Barriss tricked Gaskill by playing a prank on the police. Pretending to be him, Barriss told the police that he had killed his father and was holding the rest of his family hostage. Finch was killed by one of the responding police officers after being called outside. Barriss has since been sentenced to 20 years in prison for the hoax call.
- How can I unsubscribe from Reddit’s daily email roundups?
- Recover Your Gmail Password Without Recovery Email And Phone Number
- How to Extract Emails From LinkedIn
While beating is done for fun, there are some people who use doxing to execute serious crimes like murder. They reveal the personal information of their online enemies and cause others to harm them. The motive may be personal vendetta or to show disagreement or hatred towards any specific cause, religion, activity or race.
Example: In the late 1990s and early 2000s, anti-abortion activist Neal Horsley collected names, photos, and addresses of abortion providers and posted them on a website called the Nuremberg Files. He labeled that list a “hit list.” So far eight doctors from the Nuremberg lists have died. The website celebrated the death of such murders and encouraged pro-life activists to continue killing other doctors on the list of victims.