What Is Doxxing?

Doxxing

The internet is a double-edged sword: it’s a wonderful place for people on a global scale to connect and exchange information, but it’s also used to spam, offend, and bully others. You’ve already read of high-profile celebrities that have been doxxed. So, what is doxxing and what does it mean in such an act? Is it likely that it would happen to you as well? And, most importantly, how are you going to avoid this?

We’ll answer all these burning questions in this post.

What is Doxxing, and why should I pay attention?

Doxxing, which stands for “docs” (sometimes written “doxing”), is a type of cybercrime involving the release of information from an individual without their permission online.

Doxxing, unlike other cybercrimes, is usually committed for the purpose of gaining financial benefit.

  • victim blaming,
  • personal retaliation,
  • publicity,
  • voicing outrage or dissatisfaction with a specific community/cause, or
  • scaring or threatening victims

People use doxing occasionally only for fun or to get sadistic gratification from harming others!

What Does it Mean to Get Doxxed?

As previously reported, doxxing is when someone leaks your personal details online without your permission or consent in order to exact personal vengeance, threaten you, or prove their point.

First of all, the doxer (the person who uses doxxing, also spelled “doxxer”) collects your data by gathering your information.

  • pulling data from a leaky database,
  • executing sophisticated phishing and spoofing attacks to manipulate you into sharing your information,
  • hacking the system to gain unauthorized access to information/media stored on your PC or mobile device,
  • stalking your and your friends/relatives’ social media profiles, or from physical stalking, online directories, and public databases, etc.

Nevertheless, often the Doxxer does not need to check for your data online. The Doxer may be someone you personally know in cases of personal retribution, such as a friend, colleague, neighbour, etc., who already knows your phone number, home address, email address, etc.

Then, on which forum, and the process of revelation, the doxxers determine what knowledge they want to disclose. They usually disclose personal details such as:

  • social security number (SSN),
  • physical address,
  • payment card information,
  • phone number,
  • pictures,
  • mortgage details,
  • credit reports, etc.

Doxxing in front of friends and family members can permanently tarnish the image of the perpetrator, cause job loss or embarrassment.

Once their financial details or PII are available online, victims will be vulnerable to numerous cyber-attacks, even after the site used for doxing removes such information.

The effects of doxing, as you can read later, can not only be detrimental to victims, but can also be deadly.

5 Examples of Doxxing

Let’s discuss some real-world examples to better understand and address your question about “what is doxxing?” and the reasons behind this form of cybercrime:

1. Celebrity Doxxing

It is not unusual for journalists to find knowledge about the personal life of a celebrity and post such gossip on their media outlets. Doxxing, on the other hand, isn’t your usual entertainment news. Here, the hacker publishes confidential details about the celebrity, such as their payment card information, email address, social security number or phone numbers.

Doxxing has influenced celebrities such as Paris Hilton, Kim Kardashian, Joe Biden, Hillary Clinton, and President Donald Trump, among many others.

A group of  hackers doxed 12 high-profile celebrities and politicians in 2013, according to TMZ, by publishing their SSNs, mortgage numbers, credit card details, car loans, banking, and other information on a website.

2. Faulty Doxxing

Doxxing is often carried out by internet vigilantes who are too lazy to thoroughly study or examine their goals to ensure they are dealing with the right individual. Alternatively, they mistakenly connect individuals to events or conditions that are unrelated to them. Because of such “faulty” doxing, hence the term, innocent individuals face:

  • reputation loss,
  • employment loss,
  • harassment,
  • physical harm, or
  • loss of life.

With the following real-life examples, let’s understand flawed doxing better.

Example 1: A march was organised on the University of Virginia campus by neo-Nazi white nationalists in August 2017. One of the participants was identified wrongly by someone on social media as Kyle Quinn, a professor operating an engineering laboratory in Arkansas. Thousands of people posted his image — and even his address — on social media all night. They also sent him messages of hate and ordered his resignation from his university work. It was later discovered that Quinn had nothing to do with the rally in Virginia, and that he was merely a victim of some kind of defective doxxing.

Example 2: In 2013, some vigilantes on Reddit wrongly named Sunil Tripathi, an innocent student, as a suspect in the Boston Marathon bombing. Tripathi went missing and his body was found in the water near a park in Rhode Island, according to his family’s social media page. A suicide, which was suspected to be the result of public shaming caused by faulty doxxing, was ruled his cause of death.

3. Revenge Doxxing

Sometimes, as a way of taking vengeance, individuals use doxing. To humiliate their rivals, they post publicly identifiable information about them on the internet.

For example, in March 2015, a former Major League Baseball player, Curt Schilling, took revenge on people who made sexually offensive comments on Twitter about his daughter. The actual faces behind the troll Twitter accounts were investigated and doxxed by Schilling by posting their real identities online. One bully was fired from his employment, and another was suspended from his community college as a result of the incident. Other bullies, whose names were not revealed, were terrified by the doxing, and posted notes of apology. In this case, for online vigilante justice, Schilling used doxing.

4. Swatting Doxxing

Swatting is a form of doxing that is similar to doxing. When someone falsely accuses someone of a crime, police (or a SWAT squad, thus “swatting”) are sent to the victim’s address to harass them. Doxxing, on the other hand, can also be fatal for the survivor.

Tyler Barriss was involved in a dispute with two other gamers, Casey Viner and Shane Gaskill, while playing an online video game in December 2017. Viner asked Barriss to swat Gaskill, according to NBC News, and Gaskill challenged him to do so, giving his former home address, one that was now occupied by a man’s family called Andrew Finch.

Barriss doxxed Gaskill by calling the cops on a prank call. Barriss claimed to be him and told the cops he’d murdered his father and was keeping the rest of his family hostage. After being called outside, Finch was killed by one of the responding police officers. Since then, Barriss has been sentenced for the phoney call to 20 years in jail.

5. Crime Doxxing

There are several individuals who use doxxing to carry out heinous crimes such as murder, while the swatting is done for fun. They post personal information about their enemies on the internet and inspire others to harm them. Personal vengeance or showing disagreement or hate for some particular reason, religion, behaviour or race may be the motive.

Example: Anti-abortion activist Neal Horsley gathered names, photographs, and home addresses of abortion providers in the late 90s and early 2000s and released them on a website called the Nuremberg Files. The list was named by him as a “hit list.” So far, eight Nuremberg-listed doctors have been killed. The website celebrated the deaths of these murders and urged pro-life advocates to try to kill other hit list physicians.

How to Prevent Doxxing

Nobody is resistant to a doxxing attack, as you can see. We are all at risk, whether it’s an average citizen like you and me or a major celebrity. This is why we must take care to safeguard ourselves.

Most of the time, attackers study the internet in order to collect personal information about their victims. Limiting what you post online is the safest way to stop getting doxxed.

How to Prevent Doxxing: A User’s Guide

Here are a few tips to help people secure their private data when using the internet:

  • Social networking: Don’t post social media and online platforms like Reddit, Quora, etc. with information about yourself.
  • Microsoft Office: If you’re exchanging Microsoft Word documents, Excel spreadsheets, PowerPoint slides, and other Microsoft Office files online, limit the metadata, which includes things like the author’s name, contributor’s name, document start date, revisions, and so on.
  • Passwords: Do not use easily guessed passwords that include your pet’s name or date of birth, spouse, parents, girlfriend, kids, etc. It is easy to access such information online, and anyone can guess them. Your other PII, personal conversations, or even financial information are open to them until the Doxxer breaks into your email address or social media profile.
  • Registration: If you want to use a new app or website, do not use the ‘Register with Gmail’ or ‘Register with Facebook’ options. It will grant access to your contact details, phone number, location, friends list, and other information to the app/website.
  • Online directories: You might not know it, but websites such as peoplefinder.com, whitepages.com, and others may have a lot of personal information about you. The information can be accessed by anyone on the internet for free or only by paying a small charge. You may request the removal of your details from their website through those sites and they are legally obligated to obey your privacy request.
  • Engines of search: Remove your activity history from Google and other browsers on a daily basis. Delete your data from the Google Maps Timeline as well.
  • IP address: To mask your IP address, use a virtual private network (VPN). A individual may find out a device’s geographical location, internet provider’s name, local time, and even the users’ web browsing habits simply by knowing an IP address.
  • WebRTC: If you use WebRTC, you should be aware that it has a bug that allows your true IP address to be exposed. You can instal an add-on or extension for your browser to minimise this vulnerability. Of course, the steps vary depending on which browser you’re using. So, the two key browsers, Mozilla Firefox and Google Chrome, will cover how to instal these components:

How to Install a WebRTC Extension or Add-on in Mozilla Firefox

  • In the Firefox address bar, type about:addons.
  • In the top search bar, type WebRTC and click Enter.
  • With a range of performance, a new tab will pop open. To view an individual page, pick one of the required add-ons, then add it to your Firefox browser by clicking + Add to Firefox.
  • After the add-on has been successfully mounted, activate it.

How to Install a WebRTC Extension or Add-on in Google Chrome

  • Go to the Chrome Web Store in your Chrome browser.
  • Look for WebRTC.
  • Pick the browser extension you want to use. After that, simply trigger it by pressing the Add to Chrome icon.

Using wisdom on the internet: Do not use the internet and anonymity as a way of bullying, insulting, or spreading hatred. You have the right to hold your opinions and views on various subjects. But do not engage yourself in needless debates on sensitive subjects such as religion, gender, politics, or race, if possible.

It can spread on the internet like a wildfire when you share something controversial online. You may think it’s just a tweet or “funny remark,” and you may see thousands of people getting upset by the same post just minutes later. These events allow individuals to carry out doxxing against you to take revenge or “win the argument.” One of the easiest ways to defend yourself from doxxing, therefore, is not to provoke anyone and protect your data as much as possible.

How to Prevent Doxxing: Website Owner’s Guide

Here are a few pointers for website owners who want to protect the personal details of their visitors:

  • Hide the WHOIS records: WHOIS records store the domain owner’s personal information, which is open to the public. Your domain provider can shield the information from WHOIS records if you purchase the “domain protection” service by paying a small fee.
  • Using cryptography. To protect your organisation from eavesdropping and data breaches via your website or email accounts, always use SSL/TLS certificates and email signing certificates. If financial information, personally identifying information, or confidential internal communications are leaked, the users or employees become vulnerable to doxxing attacks.
  • Train the workers. Provide the employees with cyber security training so that they do not fall into social engineering and phishing scams, etc.

Legal Protections Against Doxxing

Do you have the legal right to be covered from doxxing? Depending on where you live, of course! The General Data Protection Regulation (GDPR) of the European Union can help you reduce the amount of personal information that businesses have about you, and federal laws against stalking (18 U.S. Code 2261A) and provisions against making restricted personal information public (18 U.S. Code 119) can assist you in fighting back against doxxers.

Each state has its own public safety regulations, which could identify doxxing as cyber stalking, abuse or intimidation. If doxxer threatens you to leak your private details if money is not paid, you may also file lawsuit for extorting. You may also sue the doxxer in civil court.

Even, it will take a long court battle, potentially long enough for your knowledge to spread to a wide population and cause harm.

Vulnerability in Doxxing

Even if you take a few precautions to secure your personal details online, you’re still vulnerable to doxxing attacks due to one big source: data breaches.

Data Breaches

Your information is held on third-party websites where you participate in purchases, such as government departments, colleges, health-care organisations, or e-commerce sites. Not all of these sites are, sadly, serious about protecting your personal data.

Customers’ confidential information was leaked by companies in various cases, including the Capital One hack, Honda breach, First American Financial Company breach, and several others. And government agencies gamble carelessly when protecting the data of their people. Notable examples of such data breaches have exposed the personal data of

  • 20 million  citizens
  • 275 Indian citizens
  • 14 million Chilean citizens
  • Ecuador has a population of 20 million people.

Finally, if a doxer is tech-savvy, they can access the information through data leaks or by purchasing it on the dark web.

A Definitive Term

Since we have discovered that you are still open to doxxing, even though there are many things you might try to conceal your personal details online. When it comes to doxxing, avoidance is also preferable to cure. The best mitigation tip for doxxing might not be to provoke others online and stay away from divisive discussions.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.