Data privacy is a myth in the modern age where digitalization attracts more people to the internet. According to Statista, 4.66 billion people are on the internet. However, the amount of data shared on the internet is a significant risk due to massive cyber-attacks. Such attacks are often termed “Doxxing.”
Doxxing is a type of cyberattack where the personal information of anonymous internet users is exposed on the internet. It is a term experiencing an expansion with new threats and cyber threats.
Sony Pictures hack in 2014 is a famous example. A skeleton popped up on the Sony computers with a message of complete control of the internal data. There has been no evidence of the source of the cyberattack, but it had a massive impact on how Hollywood thought about cybersecurity.
However, this example trumps classic doxxing examples where it is all about unleashing the data on anonymous internet use; there is no denying that doxxing-type attacks are increasing, pushing the cybersecurity industry’s envelope.
So, here we are with everything you need to know about Doxxing and how it works.
What is Doxxing?
Doxxing is short for dropping drox or dox, which means documents. These documents can include the location of a user, workplace information, email, phone numbers, social security number, bank account number, private conversations, criminal history, photos, etc.
According to Douglas’s Topology, Doxxing is an intentional public release of personal information on the internet about an individual by any third party to humiliate, threaten, intimidate, or punish an anonymous person.
Over the years, there have been several definitions of the Doxxing practice that originated in the 1990s. However, with the advent of social media, more people are on the internet, and data is accessible.
This has inspired a new form of Doxxing, which is far more dangerous. For example, we see deep fake attacks or morphed images of individuals used to extort money and blackmail their loved ones.
So, how does doxxing work?
Doxxing is no different than hacking a device. The primary purpose, however, can be different from other cyber-attacks. The entire process revolves around information gathering to later disclose it on the internet.
There are different methods that hackers may use for doxxing like,
Public W2ifis are common in many countries. However, it is a vulnerable network due to free access. A doxxer can simply tap into the network to monitor your activities and gather specific information shared on the internet.
Especially user’s credentials like social login username, passwords, and other personal content can be exposed. It can lead to the doxxing of an individual’s details on the internet for intimidation or ransom.
According to a survey, 79% of public Wi-Fi users choose a network with higher internet intensity rather than choosing a safe one. This is why there is a higher risk of network sniffing by hackers.
Metadata exposure is inherent in the social media space. Many social media platforms need metadata for their algorithms to learn patterns. Take an example of the Exchangeable Image File Format(EXIF) data. It is a type of metadata embedded in every picture taken on your smartphone.
EXIF includes GPS coordinates, time, camera type, camera settings, and date. Fortunately, social media platforms like Instagram strip such data while you upload the picture. Unfortunately, not all social media platforms follow the same practice, so metadata exposure is always a risk.
However, there is a way to strip such data without using any third-party service. All you need is to go to the properties part of each image and remove personal information manually.
WHOIS search allows a domixxer to access an individual’s personal information from a registry associated with the domain name. While an individual registers the domain name, personal information is saved in the registry. Hackers can access this data unless users conceal it during domain registration.
IP logging is a practice where addresses are stored for analyzing the source of attacks and network misuse. However, if a doxxer gets hold of the IP address, there is a risk of social engineering attack.
It is a cyber-attack where hackers manipulate the user to execute specific tasks like clicking on a link or searching for a URL. These actions can lead to exposure of user information, and many times, hackers gain control of devices or financial accounts.
Data brokers are third-party services that provide users’ data in exchange for money. It is a big market where the data collection and selling are not just for doxxing but several other applications.
Such applications include marketing, data analytics, business intelligence, and more. The market is worth more than 200 billion per year.
Major data broking companies like Experian, Equifax, Acxiom, and others have been at the forefront of data aggregation, storage, and distribution.
Now that we know different methods, let us discuss some of the Doxxing examples.
Popular Doxxing examples
A case of mistaken identity
Kyle Quinn is a biomedical engineer targeted by doxxers due to mistaken identity. A person looking similar to Quinn attended a Neo-Nazi march in Charlottesville. This provoked doxxers to target Quinn.
Within no time, the entire internet was sharing his picture across platforms. It did not just stop at sharing photos; his employers were also asked to fire him by doxxers.
Fatal prank calls
Fake or crank calls are common among top authorities across the world. However, close to the doxxing practice, pranking with the SWAT team has been a popular prank. Unfortunately, such practices have led to many fatal incidents for innocent people.
For example, Andrew Finch was shot in 2017 at Kansas due to swatting by a prankster, Tyler Barriss. The twist to the story was a “dare!” Both Tyler and Finch used to play an online game, and Swatting was a part of the dare between the two players.
However, when the police officers came to Finch’s front porch, he was unarmed but due to swatting and a slight misunderstanding led to a fatality.
A date went wrong
Ashley Madison is a popular dating website where millions of users share their data in the hope of finding the right date. However, in 2015 doxxers targeted the Ashley Madison management for a ransom.
When the demands were not met, hackers released information about Ashley Madison’s users. Unfortunately, it included their data enough to cause humiliation, punishment, and professionally daunting to many users’ careers.
There are several other examples of doxxing, and it is not that easy to avoid it. Fortunately, there are simple steps to follow the prevention such incidents.
Top ways to avoid doxxing
There are many ways to reduce doxxing. From masking your IP address to restricting the data shared online, many approaches enable you with data protection.
Make sure that you use websites and social media platforms with the trusted sign of seal. One of the easiest ways to ensure that your data is secure while browsing the internet is to check for a padlock.
Websites with SSL certificates get this padlock as a sign of trust visible to users. In addition, SSL certificates secure the communication of the user’s device with the browser to avoid man-in-the-middle attacks leading to sniffing by doxxers. So, using a secured platform or website can mean a reduced risk of exposure.
IP masking is a trendy way to stay anonymous, primarily when doxxers target your IP address. It does not mean that you do not have an IP address. If you are surfing the internet or using an online network for any purpose, your IP address is quintessential. However, if you can hide your IP address behind a fake one, it can reduce the risks of doxxing.
One of the most popular and easy IP masking is using a Virtual Private Network(VPN). It allows you to mask the IP address and stay anonymous while using the online network.
When it comes to social media profiles, password protection is vital to protect your metadata. Not just your image, social media profiles can have personal information, phone number, email, and more. The most dangerous aspect is the risk of exposing private messages between you and your loved ones.
So, it is crucial to change your passwords regularly and leverage a strong passphrase. You can set a strong password by using special characters like @ or capitalization and numeric values.
Beware of social engineering attacks
Do not be that click-ready person. Clicking every link sent through emails or SMS can be risky. Doxxers use such click-ready people’s tendency and employ social engineering. Promotional offers, discounts, and other messages attract users to click and risk their credentials further. So, the best way is to reduce clicking on links in email from an unknown source or SMS.
There are third-party scrubbers in the market which help scrub personal information from data broking sites. However, if you want to do this without spending a penny, it can be tedious. First, you need to monitor each of the data broking databases regularly published.
If your information is on display, you need to contact the data broking company and ask to remove it. However, for Google search, removing the information is easy. All you need is to fill out a form and tell Google to remove it.
Doxxing is evolving. It has come a long way from the early 90s hacking attacks to modern deep fakes. Doxxers now have more ways to surface personal data on the internet and reveal the identity of anonymous users. However, for internet users, this means chaos and humiliation.
So, it is better to stay vigilant and use security best practices to protect your data from doxxers.
Recommended Reading :