We’re always getting questions about doxxing (or doxing) and what it actually is. That’s the reason we’ve put together this short guide, along with some useful tips on ways to avoid doxxing.
If you’ve never heard of doxing, you’ll find this article offers the support needed to maintain privacy and online security.
What is doxing?
Doxing originates from the revenge attacks hackers used to use on rivals known as dropping dox. It relates to posting malicious data online. It is a form of cyber attack with the aim of finding out the real identities of internet users, whether they are private individuals or business organizations.
Once an attacker has discovered this information, it is broadcast online so that other users can potentially carry out malicious attacks.
What are the sources of personal information?
Although doxxing isn’t actually illegal, it can often involve some pretty shady practices. Some of the ways data is obtained about individuals and businesses include:
- searches of public databases
- checks of social media websites
- domain name searches based on individual IP addresses
- reverse phone lookup
Hacking is also a common doxxing method.
Once data and information on individuals and organizations is released into the public domain, they can be targeted for harassment in a variety of ways. Some hackers also use doxxing to find out about individuals in order to break into online accounts or use blackmail and extortion for financial, economic or political gain.
Some of the ways individuals and businesses experience doxing include packet sniffing, public wifi attacks, and analysis of the metadata contained in document files.
Many businesses and individuals that post regularly on social media platforms, message boards and online forums experience doxxing. This is because the greater levels of information posted mean there is far more chance of accidentally revealing personal data.
It can be remarkably easy to pinpoint the location of anybody posting on public forums of this nature. And, just entails trawling through all posts made and using a process of elimination to work out an exact or rough idea of location identity.
Packet sniffing entails the interception of your internet data in order to source personal information, such as passwords, bank details and personal emails. This involves the hacker breaking into wifi networks and intercepting all the data that is transmitted on the network.
Packet sniffing is a fairly common occurrence, often involving people that use public wifi networks regularly. Very often these hackers access the real-time data transmitted to or from your internet-enabled device, which is displayed on their own screens at the time of transmission. This can mean sensitive password data is revealed, giving easy and instant access to financial products like credit cards or personal bank accounts.
Analysis of metadata
Files such as Word documents and Excel spreadsheets contain linked metadata which is remarkably easy to access by simply right clicking the files. The sort of personal information provided by metadata access includes the name of the author, the originating IP address, the date the file was created, and possibly also the name of the business involved in the creation of the document.
Photo files also include significant amounts of metadata that can be used by doxxers, which can include locations.
Ways IP loggers are used in doxing
Some doxxing entails the use of IP loggers, which are sniffer tools used to dig out the IP address of individuals. They work by adding codes to messages or emails, then once recipients open the message this invisible coding tracks the IP address and it is transmitted back to IP loggers.
What kind of personal information is being collected?
The type of personal information collected by doxing includes:
- user name
- locational data
- phone numbers
- credit card data
- email addresses
- user images
Is doxing illegal?
As already noted, doxxing is not exactly illegal but it is considered shady. The collection of personal data on individuals and businesses has been going on for a long time. It has been used by journalists as part of their news gathering activities and companies that want to target products more accurately at their perceived customer base.
Many employers conduct doxing as a regular part of information gathering, particularly for HR purposes when making decisions on the suitability of candidates. It’s often the case that trawling Facebook and other social media accounts can provide a very accurate insight into job candidates, although many victims claim this is an invasion of privacy and can give misleading insights.
Just so long as doxxing is used for accessing information that’s already in the public domain it definitely isn’t illegal. However, if doxing is being carried out in order to commit crimes, it definitely does fall into the illegal bracket.
Furthermore, when comprehensive personal information on individuals or businesses is compiled by way of doxing it can lead to very serious consequences, as noted above. Of course, many of these consequences are crimes that would not have occurred if doxxing had not taken place.
Some consequences of doxxing
Being doxxed can be a very unpleasant experience. Some individuals and organisations face a lot of embarrassment and public shaming. Of course, it can also lead to physical attacks or stalking, which is a particular concern for celebrities and public figures who have been victims of doxing.
Private individuals can suffer a number of consequences from doxing. These can include:
- the loss of a job
- identity theft
- breakup of a relationship
- family problems, which can cause rifts
- health issues and emotional disturbance
- online or physical bullying
- physical attack and violence
Some victims of doxing attacks have been forced to go into hiding, and the side effects of being doxxed may include:
- Prank and nuisance calls
- Abusive emails and messages
- Mass campaigns targeted at email accounts or other online accounts
Doxing has been common since the 1990s. It can be very traumatic for victims and often means that any presumption of safety and anonymity online is a total myth. Some victims have their identities taken over by hackers in a form of attack known as Swatting.
Swatting entails adopting the persona of the targeted individual in order to post threats and attacks online or physically. Many of these victims have experienced the arrival of fully-armed SWAT teams in the United States, which is the reason the activity has been given the name Swatting. One famous Swatting case led to a victim’s death.
Famous doxing cases
There have been a number of famous doxing cases, and some of the celebrities that have been victims of doxxing are discussed below. Other famous cases include:
- A number of US senators who were doxxed in 2018
- The suicide of Canadian teen Amanda Todd as a result of doxing
- Publication of abortion providers in the 1990s, which may have led to some murders of abortion providers by terrorists
How to avoid doxxing
It is possible to avoid doxing, and this will entail taking strategic action. Some of the simple solutions include:
- ensuring the privacy of all social media accounts and avoiding revealing the sort of personal information that can be used against you in any way. This includes details such as your name, address, age or physical locations
- ensuring there are no compromising images of yourself online
- using a VPN for all data transmissions, which will encrypt all your communications. This is particularly important if you use wifi hotspots in public places, as packet sniffing can be a real problem on public networks
- VPNs also protect your IP address from detection as any IP logger attacks would be unable to access your real IP
As can be seen, doxxing is a very real problem for all internet consumers, whether they use the internet on a regular basis or just access the web now and again from mobile devices. Adding the protection of a VPN allows users to browse the internet safely and anonymously and provides essential IP protection that helps prevent malicious doxxing attacks.