What is Doxing – Definition and Explanation



Detailed Video is here:




Doxing definition

"Doxing" is short for "dropping dox," where "dox" is slang for papers. Doxing is typically a malevolent act committed against targets the hacker finds objectionable or disagreeable.

What is Doxing?

Doxing, sometimes spelled Doxxing, is the practice of disclosing personally identifiable information about an individual on the internet, including their true name, home address, place of employment, phone number, bank information, and other details. And without the victim's consent, that information is subsequently made public.

Although the act of disclosing private information without permission is not new, the term "doxing" originated in the 1990s among computer hackers, who valued anonymity above all else. Sometimes, opposing hackers would get into arguments and one of them would decide to "drop docs" on the other, who was only known to them by an alias or username. "Docs" developed into "dox" and finally stopped using the prefix "drop" to become a verb on its own.

In the recent past, rival hackers have turned doxing—exposing the beliefs of those on the other side—into a tactic in the culture wars. By disclosing details such as the following, doxers hope to take their battle with targets from the virtual world to the physical one.

  • Residence addresses
  • Details of the workplace
  • individual phone numbers
  • Numbers from Social Security
  • Information about a credit card or bank account
  • personal communication
  • Criminal past
  • individual pictures
  • obscene personal information

A person's family, workplace, identity theft, threats, other forms of cyberbullying, and even in-person harassment are examples of significantly more severe doxing attacks than seemingly insignificant ones like phony email sign-ups or pizza delivery.

The seemingly little, like phony email sign-ups or pizza delivery, to the far more hazardous, such identity theft, threats, and other forms of cyberbullying, or even in-person harassment, are examples of doxing attacks.

Those who have been doxed include politicians, journalists, and celebrities. As a result, they face threats to their lives, anxiety about their safety, and harassment from online communities. Prominent corporate executives have also been affected by the practice. For instance, Chief Brand Officer Marc Pritchard's LinkedIn profile was shared on 4chan after Proctor & Gamble's Gillette released its "We Believe" advertisement, which purported to target toxic masculinity. The poster encouraged others to send angry messages to Pritchard.

When the hacktivist group Anonymous released the personal data of 7,000 law enforcement officers in response to investigations into hacking operations, doxing became widely known in December 2011. Since then, Anonymous has exposed hundreds of purported KKK members; recently, they have targeted followers of Q-Anon.

The motivations at the back of doxing vary. People experience they were attacked or insulted through their goal and might be in search of revenge as a result. If a person turns into recognised for his or her debatable opinions, they might goal a person with opposing viewpoints. However, this has a tendency to be the case while the subject is specifically polarized, as opposed to ordinary political disagreements.

Intentionally revealing non-public data on line typically comes for you to punish, intimidate, or humiliate the sufferer in question. That said, doxers also can see their moves as a manner to proper perceived wrongs, convey a person to justice withinside the public eye, or screen an schedule that has formerly now no longer been publicly disclosed. 

Regardless of the motivation, the center reason of doxing is to violate privacy, and it could placed human beings in an uncomfortable situation — now and again with dire consequences.

How does doxing work

We stay in an age of huge information; there may be a giant ocean of private records at the internet, and those frequently have much less manage over it than they believe. This approach that absolutely everyone with the time, motivation, and hobby to achieve this can flip that information right into a weapon.

Some of the strategies used to dox humans include:

Tracking usernames

Many humans use the equal username throughout a extensive sort of services. This lets in capacity doxers to accumulate a photograph of the target`s pursuits and the way they spend their time at the internet.

Running a WHOIS search on a domain name

Anyone who owns a site call has their statistics saved in a registry this is frequently publicly to be had thru a WHOIS search. Suppose the person that offered the area call did now no longer difficult to understand their personal statistics at the acquisition time. In that case, individually figuring out statistics (which include their call, address, tele cell smartphone number, business, and electronic mail address) is to be had on-line for everyone to find.

Phishing

If the character makes use of an insecure electronic mail account or falls sufferer to a phishing scam, the hacker can discover touchy emails and submit them online.

Stalking social media

If your social media bills are public, everyone can discover facts approximately you through cyberstalking you. They can discover your location, workplace, friends, photos, likes and dislikes, locations you've got got visited, the names of your own circle of relatives members, the names of your pets, and so on. Using this facts, a doxer may also even exercise session the solutions in your safety questions — which could assist them damage into different on-line bills.

Sifting through government records

While maximum private statistics aren't to be had online, there's a honest quantity of statistics that may be gleaned on authorities websites. Examples consist of databases of commercial enterprise licenses, county statistics, marriage licenses, DMV statistics, and voter registration logs – all comprise private statistics.

Tracking IP addresses

Doxers can use diverse strategies to find out your IP cope with, that's related for your bodily location. Once they recognize it, they could then use social engineering hints to your net provider provider (ISP) to find out extra statistics approximately you. For example, they could document proceedings approximately at the proprietor of the IP cope with or try and hack into the network.

Reverse mobile phone lookup

Once hackers understand your cell telecell smartphone number, they are able to discover greater approximately you. For example, opposite telecell smartphone research offerings like White pages will let you kind in a cell telecell smartphone number — or any phone number — to discover the identification of the person that owns the number. Sites which includes White pages rate costs to offer facts past the town and country related to a cell telecell smartphone number. Though, the ones inclined to pay can find out extra private facts approximately you out of your cell telecell smartphone number.

Packet sniffing

The time period packet sniffing is once in a while used on the subject of doxing. This refers to doxers intercepting your net information, seeking out the entirety out of your passwords, credit score card numbers, and financial institution account data to vintage electronic mail messages. Doxers try this through connecting to an internet network, cracking its safety measures, after which taking pictures the information flowing into and out of the network. One manner to guard your self from packet sniffing is through the usage of a VPN.

Using data brokers

Data agents exist to gather statistics approximately humans and promote that statistics for profit. Data agents collect their information from publicly to be had information, loyalty cards (which song your on line and offline shopping for behavior), on line seek histories (the whole thing you seek, read, or download), and from different facts agents. Many facts agents promote their statistics to advertisers, however numerous humans-seek webweb sites provide complete information approximately people for noticeably small quantities of money. All a doxer has to do is to pay this small charge to reap sufficient statistics to dox a person.

By following breadcrumbs — small portions of statistics approximately a person — scattered throughout the internet, doxers can increase a photograph that results in uncovering the actual individual at the back of an alias, which include the individual`s name, bodily cope with, electronic mail cope with, telecellsmartphone wide variety, and greater. Doxers may purchase and promote non-public information at the darkish web.

The statistics located may be wielded in a threatening manner, for instance, tweeted at a person in reaction to a disagreement. Doxing may be much less approximately the supply of the statistics and greater approximately how it's far used to intimidate or harass a goal. For example, a person who has your cope with can find you or your family. Someone together along with your cellular telecellsmartphone wide variety or electronic mail can bombard you with messages that disrupt your capacity to talk together along with your aid network. Finally, a person together along with your name, date of birth, and Social Security wide variety may also hack into your bills or scouse borrow your identity.

Anyone who has the determination, time, get admission to to the internet, and motivation — may be capable of prepare a profile of a person. And if the goal of this doxing attempt has made their statistics noticeably reachable on line — that is made even easier.

Examples of doxing

The maximum not unusualplace doxing conditions have a tendency to fall into those 3 categories:

       Releasing an individual`s non-public, individually figuring out statistics on-line.

       Revealing formerly unknown statistics of a non-public man or woman on-line.

       Releasing statistics of a non-public man or woman on-line might be detrimental to their  recognition and people in their private and/or expert associates.

Some of the maximum well-known and usually noted examples of doxing include:

Ashley Madison

Ashley Madison become a web courting webweb page that catered in the direction of humans interested by courting out of doors of devoted relationships. A hacker organization made needs of the control in the back of Ashley Madison. When the ones needs have been now no longer met, the organization launched touchy person data, doxing hundreds of thousands of humans withinside the manner and inflicting humiliation, embarrassment, and the ability for damage to each private and expert reputations.

Cecil the Lion

A dentist from Minnesota illegally hunted and killed a lion dwelling in a blanketed recreation maintain in Zimbabwe. Some of his figuring out records turned into released, which ended in even greater non-public records publicly published on line through folks that have been disenchanted through his moves and desired to look him publicly punished.

Boston Marathon bombing

During the look for the Boston Marathon bombing perpetrators, heaps of customers withinside the Reddit network together scoured information and facts approximately the occasion and next investigation. They meant to offer facts to regulation enforcement that they may then use to are seeking justice. Instead, harmless folks that have been now no longer worried withinside the crimes have been outed, ensuing in a faulty witch hunt.

Is doxing illegal?

Doxing can break lives, as it may reveal focused people and their households to each on line and actual-global harassment. But is it illegal?

The solution is generally no: doxing has a tendency now no longer to be illegal, if the facts uncovered lies in the public domain, and it turned into received the use of criminal methods. That said, relying for your jurisdiction, doxing might also additionally fall foul of legal guidelines designed to combat stalking, harassment, and threats.

It additionally relies upon at the unique facts revealed. For example, disclosing someone`s actual call isn't always as extreme as revealing their domestic deal with or phone number. However, withinside the US, doxing a central authority worker falls beneath neath federal conspiracy legal guidelines and is visible as a federal offense. Because doxing is a quite current phenomenon, the legal guidelines round it are continuously evolving and aren't continually clean cut.

Regardless of the law, doxing violates many websites' phrases of carrier and, therefore, might also additionally bring about a ban. This is due to the fact doxing is generally visible as unethical and is in the main performed with malicious motive to intimidate, blackmail, and manipulate others. Exposing them to capability harassment, identification theft, humiliation, lack of jobs, and rejection from own circle of relatives and friends.

How to protect yourself from doxing

With the substantial array of seek equipment and statistics without difficulty to be had online, nearly all of us may be a doxing victim.

If you've got got ever published in a web forum, participated in a social media site, signed a web petition, or bought a property, your statistics is publicly to be had. Plus, big quantities of records are without difficulty to be had to all of us who searches for it in public databases, county records, kingdom records, seek engines, and different repositories. 

While this statistics is to be had to folks who really need to search for it, there are steps you may take to shield your statistics. These include:

Protecting your IP cope with via way of means of the usage of a VPN

A VPN or digital non-public community gives terrific safety in opposition to exposing IP addresses. A VPN takes the user`s net traffic, encrypts it, and sends it thru one of the service's servers earlier than heading out to the general public net – permitting you to browse the net anonymously. Kaspersky Secure Connection protects you on public Wi-Fi, continues your communications non-public, and guarantees which you aren't uncovered to phishing, malware, viruses, and different cyber threats.

Practice good cybersecurity

Anti-virus and malware detection software program can forestall doxers from stealing data thru malicious applications. Regularly up to date software program allows to save you any security `holes' that might cause you being hacked and doxed.

Use strong passwords

A robust password commonly consists of a mixture of uppercase and lowercase letters, plus numbers and symbols. Avoid the use of the equal password for a couple of accounts, and ensure you convert your passwords regularly. If you've got got issues remembering passwords, attempt the use of a password manager.

Use separate usernames for different platforms

If you're the usage of on-line boards like Reddit, 4Chan, Discord, YouTube, or others, ensure you operate one of a kind usernames and passwords for every service. By the usage of the equal ones, doxers should seek thru your feedback on one of a kind systems and use that records to collect an in depth photo of you. Using one of a kind usernames for one of a kind functions will make it extra tough for humans to song your actions throughout more than one sites.

Create separate email accounts for separate purposes

Consider preserving separate e mail bills for one of a kind purposes — expert, non-public, and junk mail. Your non-public e mail deal with may be reserved for personal correspondence with near friends, family, and different depended on contacts; keep away from publicly list this deal with. Your junk mail e mail may be used to enroll in bills, services, and promotions. Finally, your expert e mail deal with (whether or not you're a freelancer or affiliated with a specific organization) may be indexed publicly. As with public-going through social media bills, keep away from inclusive of too much-figuring out statistics for your e mail handle (for example, steer clean of firstname.lastname.dateofbirth@gmail.com).

Review and maximize your privacy settings on social media

Review the privateness settings for your social media profiles and ensure you're cushty with the quantity of statistics being shared and with whom.

Be strategic approximately which systems you operate for which purposes. If you're the usage of a platform for private reasons (like sharing photographs with buddies and own circle of relatives on Facebook or Instagram), tighten your privateness settings. Suppose you're the usage of a platform for expert purposes (including tracking breaking information on Twitter and tweeting hyperlinks in your work). In that case, you could determine to go away a number of the settings public — wherein case, keep away from inclusive of touchy private statistics and images.

Use multi-factor authentication

This approach that you — and every body else seeking to get right of entry to your account — will want as a minimum  portions of identity to log onto your site, normally your password and your tele cell smartphone number. It makes it tougher for hackers to get right of entry to a person`s gadgets or on-line money owed due to the fact understanding the victim's password on my own isn't always enough; they'll additionally want get right of entry to to a PIN number.

Get rid of obsolete profiles

Review what number of webweb sites have your information. While webweb sites like MySpace may also now be out of fashion, profiles that have been placed up over a decade in the past are nevertheless seen and publicly accessible. This applies to any web website online which you may have previously been energetic on. Try to delete out of date and old/unused profiles in case you can.

Be alert for phishing emails

Doxers would possibly use phishing scams to trick you into disclosing your own home address, Social Security number, or maybe passwords. Be cautious every time you acquire a message that supposedly comes from a financial institution or credit score card organization and requests your private records. Financial establishments will in no way ask for this records through email.

Hide domain registration information from WHOIS

WHOIS is a database of all registered domains at the web. This public check in may be used to decide the character or enterprise that owns a given area, their bodily address, and different touch records.

If you intend to run a internet site anonymously with out disclosing your actual identity, make certain your non-public records is non-public and hidden from the WHOIS database. Domain registrars have controls over those privateness settings, so that you will want to invite your area registration business enterprise approximately the way to do so.

Ask Google to remove information

If private data seems in Google seek results, people can request its elimination from the hunt engine. Google makes this a easy method via a web form. Many facts agents placed this kind of facts online, typically for history tests or crime take a look at data.

Scrub your data

You can take away your statistics from records dealer sites. If you need to do it your self with out incurring costs, it may be labor-intensive. If you've got got restrained time, begin with the 3 most important wholesalers: Epsilon, Oracle, and Acxiom.

You will want to frequently test those databases due to the fact your statistics may be republished even after being removed. You also can pay a service like DeleteMePrivacyDuck, or  Reputation Defender to do this for you.

Be wary of online quizzes and app permissions

Online quizzes may also appear harmless, however they're frequently wealthy reassets of private statistics which you thankfully offer with out wondering twice. Some elements of a quiz may also even function safety inquiries to your passwords. Since many quizzes ask for permission to look your social media statistics or your electronic mail cope with earlier than displaying you the quiz results, they are able to without difficulty accomplice this statistics together along with your actual identity, with out an awful lot context on who's launching the quiz and why it's far nice to keep away from taking them altogether.

Mobile apps also are re-assets of private records. Many apps ask for get admission to permissions on your records or tool that have to now no longer difficulty the app software program at all. For example, an photograph enhancing app has no logical use on your contacts. If it's far soliciting for get admission to on your digital digicam or photos, that makes sense. But if it additionally desires to examine your contacts, GPS location, and social media profiles, then continue with caution.

Avoid disclosing certain types of information

Wherever possible, keep away from disclosing sure portions of records in public, which include your Social Security number, domestic address, driver`s license number, and any records concerning financial institution bills or credit score card numbers. Remember, hackers should intercept e-mail messages, so that you must now no longer consist of non-public info in yours.

Check how easy it is to dox yourself

The exceptional defence is to make it more difficult for abusers to music down your non-public records. You can discover how clean it's miles to dox your self with the aid of using checking what records may be observed out approximately you. For example:

  • Google yourself.
  • Carry out a opposite photo search.
  • Audit your social media profiles, which include privateness settings.
  • Check to look if any of your e-mail bills have been a part of a primary records breach with the aid of using the use of a website consisting of Haveibeenpwned.com.
  • Check CVs, bios, and private web sites to look what private records your expert presence conveys. If you've got got PDFs of CVs online, make certain to exclude information like your own home address, private e-mail, and cellular tele cell smartphone number (or update them with public-going through variations of that records).

Set up Google alerts

Set up Google indicators on your complete name, telecellsmartphone number, domestic address, or different non-public records you're worried approximately so that you recognize if it all of sudden seems online, it can suggest you've got got been doxed.

Avoid giving hackers a reason to dox you

Be cautious what you submit online, and in no way proportion personal records on forums, message boards, or social media sites. It is straightforward to suppose that the net offers humans the liberty to say — or type — anything they want. People can also additionally trust that growing nameless identities offers them the risk to explicit anything critiques they want, irrespective of how controversial, without a risk of them being traced. But as we've seen, that isn't always the case – so it's far clever to be cautious approximately what you assert online.

What to do if you become a doxing victim

The most common response to being doxed is fear, if not outright panic. Feeling vulnerable is understandable. Doxing is intentionally designed to violate your sense of security and cause you to panic, lash out, or shut down. If you become a doxing victim, here are steps you can take:

Report it

Report the attack to the platforms on which your personal information has been posted. Search the relevant platform's terms of service or community guidelines to determine their reporting process for this type of attack and follow it. While filling a form out once, save it for the future (so you do not have to repeat yourself). This is the first step to stop the spread of your personal information.

Involve law enforcement

If a doxer makes personal threats against you, contact your local police department. Any information pointing to your home address or financial information should be treated as a top priority, especially if there are credible threats attached.

Document it

Take screenshots or download pages on which your information has been posted. Try to ensure that the date and URL are visible. This evidence is essential for your own reference and can help law enforcement or other agencies involved.

Protect your financial accounts

If doxers have published your bank account or credit card numbers, report this immediately to your financial institutions(s). Your credit card provider will likely cancel your card and send you a new one. You will also need to change the passwords for your online bank and credit card accounts.

Lock down your accounts

Change your passwords, use a password manager, enable multi-factor authentication where possible, and strengthen your privacy settings on every account you use.