With the advancement of digital technologies on a
global level, and the ability of the vast majority of users to connect to the
Internet at more advanced speeds than we used before, the pros and cons of this
progress increase as well. Now, we consider the Internet as a whole integrated
world, suitable for various purposes of business and entertainment as well.
Doxing is one of the negative aspects mentioned in technical progress in the
new world.
What are defamatory doxing attacks? How are defamatory
duxing attacks done? What are the negative effects and how do you protect
yourself from defamatory doxing attacks? Read this report to find out all the
information about duxing attacks and hacks.
Douxing Definition
Linguistically, the term Doxing consists of two words,
"Dropping Dox". Dox is a colloquial abbreviation for files or
documents. Doxing is usually practiced by hackers versus users who are not in
agreement with them or are outright hostile to them.
Doxing refers to the large-scale collection and
dissemination of all data and information about a user on the Internet. This
data may include: real name, home address, phone numbers, contact numbers,
place of work, complete financial position, and other purely personal
information. Then, that information is spread by the hackers without the
victim's permission for sure.
The emergence of the term “Doxing” was not limited to
the stage after the emergence and spread of the Internet, as is usual these
days. In the nineties, the privacy of data and information on the Internet was
sacred, and it was rare for a person to reveal himself and all the information
about himself that we mentioned above. Back then, hackers or friends were
taking revenge on each other by posting all the information about them online
and exposing the true identity behind their nicknames.
.webp "Douxing Definition")
As the days passed, the true definition of Doxing
expanded to other segments of users after it was limited to hackers and people
who used to hide their data on the Internet. Now, the aspect of announcing
their true identity has become a rarity since all the users around the world
are declaring their true identity online like Facebook for example.
In recent times, defamation has become a tool of
revenge, especially when talking about personal wars on a particular level or
systematic cultural wars in general. Doxers aim to escalate their disputes with
users - whatever their identity - into the real world rather than just the
virtual world.
To complete this escalation, Doxers leak victims'
identities which may include: home addresses, workplace details, personal phone
numbers, ID and passport numbers, bank or credit card information, private
electronic correspondence, security or criminal history, Private profile
pictures with inappropriate content for posting, and embarrassing personal
details.
Douxing can be harmful to some insignificant things,
such as fake subscriptions to email lists or home delivery services. Doxing can
also result in leaking confidential personal information, harassing specific
people, and entire families, or engaging in any acts of bullying on social
networks.
Politicians, artists, and celebrities may join the
lists of DDoxing attacks. Recently, those social groups and others who are more
vulnerable to targeting have begun to suffer from Doxing attacks. Leaking their
private and personal information may lead to some troubles and scandals at the
general social level.
For example, P&G recently launched an advertising
campaign under the slogan "We Believe" for Gillette. This advertising
campaign did not satisfy many customers, which resulted in the publication of
the brand manager's accounts on social media networks. As a result, Mark
Pichard - the aforementioned brand manager - received insulting and threatening
letters in numbers that exceeded those that could be counted or mentioned.
Among some similar examples is that the famous hacker
network Anonymous, in December of 2011 published detailed information about
7,000 active members of the KKK terrorist group who were at the same time
belonging to the law enforcement forces which undermines the principle of
fairness in the implementation of anti-KKK laws.
Since then, Anonymous has released detailed personal
information on each of the 7,000 members mentioned. These leaks included some
supporters of Q-Anon of the American far-right.
There are many motives that may stand behind the
activities of Doxing, and let us stress that the actions of Doxing are not the
preserve of hackers or hackers only; Normal people can do these activities as
well. Among those motives is that the perpetrators of these activities feel
that they have been harassed by the victims of defamation. If someone is known
to have controversial opinions, they can also join the target list for duxing
activities.
Despite the long list of potential victims, social
duxing attacks tend to target some people on a personal level for personal and
undisclosed reasons. It is possible that a fleeting personal dispute between
any two people is the reason for one of them to be targeted by a doxing attack
on the Internet. It is also possible that these attacks are orchestrated by the
hackers due to their wide ability to gain access to some very confidential
information in the life of any person they would like to hack.
It is also possible for a person to be defamed because
of wrongdoing on the part of the victim, and with the aim of humiliating or
intimidating her. However, many duxing instigators tend to expose certain
people to social ostracism or to allow law enforcement to punish and prosecute,
such as when an influential employee is bribed.
Regardless of the motive, the primary purpose of
doxing or defamation is to invade privacy, and it can put people in a very
uncomfortable situation. Sometimes this has serious consequences, like ruining
a public person's life after publishing a few secrets about their private life.
How do douxing attacks happen?
We now live in the age of big data. Accordingly, there
is a huge amount of our personal information on the internet, with a near-zero
level of control over it. Accordingly, also, any person, if he has the will,
can slander any person and direct his personal life into a complete and
complete weapon against him, which he can completely destroy.
There are some methods used in constructing and
launching defamatory attacks (Doxing), which are as follows:
Keep track of usernames
There are people who use the same username on
different social media platforms. This behavior allows the trackers and
initiators of Dxing attacks to track victims on various social media platforms.
Perform a WHOIS search
.webp "Perform a WHOIS search")
If the victim owns a website and does not buy a
privacy package to block his data, anyone around the world can search for the
victim’s domain, and then he can know all the available details about him such
as phone numbers, work, home address, work address, and a lot of other data.
phishing scam
It is possible that a fraudulent message will be
received on the victim's email, which may contain malware or malicious code.
This software then allows the hacker to gain unsuspecting access to the
victim's computer, and then he can track his public and private electronic
activities.
Social media tracking
If your social media accounts have general privacy
settings, anyone can find out information about you by stalking you online.
They can know your location, where you work, your friends, your photos, your
likes, preferences, and dislikes, the places you've visited, the names of your
family members, the names of your close people, etc. Using this information,
hackers may come up with a social engineering facility, enabling them to gain
answers to your security questions, helping them hack your other online
accounts.
Sorting government records
Although government records are not fully available on
the Internet, hackers are often able to penetrate government databases of any
country and any government. Then, they can get whatever information they want
about a particular person.
Tracking IP Addresses
Hackers can use different methods to find out your IP
address, which is associated with your physical location. Once they know this,
they can use social engineering tricks on your Internet Service Provider (ISP)
to find out more information about you. For example, they can file complaints
about the owner of a particular IP address and try to hack the network while
doing this.
Reverse phone number lookup
After they discover your phone numbers, hackers can
search for it on various levels, and then gain access to some other details of
your true identity. After that, they will be able to gather a greater amount of
information about you.
Internet communications interception
Hackers can intercept your internet connection data,
allowing them to track all your activities and collect a huge amount of
confidential information like credit card numbers for example. However, a good
VPN service provider can protect users from this.
Heading to data brokers
There are data brokers all over the world, and they
are people or entities that can penetrate the Internet and collect a lot of
information about a particular person. This information includes his online
activity logs, his preferences, the websites he visits, and lots and lots of
other data.
Many websites offer their user records for sale, which
is another way to leak users' data. With the collection of this data, the
hackers can solve the puzzle and get a complete picture of the potential victim
with all its data and information related to it.
Examples of Doxing Attacks
.webp "Examples of Doxing Attacks")
There are a lot of examples that express and explain
the various types of doxing attacks. However, there are three types that are
most common among all victims: Publishing personal data and government personal
information that is not disclosed to the public, Publishing some of the
individual personal secrets to the public, and Publishing personal information
that would harm a person's professional or social reputation.
Although doxing attacks are common, there are some of
the most famous examples of victims of these attacks, which have been widely
covered in the media and in several countries. Below we explain some examples
of Doxing attacks, for example, but not limited to:
Boston Marathon bombing, USA
While searching for the people involved in the 2013
Boston Marathon bombing, there were some activists on Reddit trying to find the
real culprits. With the intention of providing the information they had access
to the police, this did not happen. After accessing some information, the
identities of the suspicious people were exposed at a mass level which led to
them being tracked, personally threatened and subjected to numerous acts of
harm.
Cecil the lion
On a visit to a nature reserve in Zimbabwe, an
American dentist from Minnesota illegally hunted and killed a lion. Then, after
his arrest, some information from his personal identity was leaked and made
public at a wide level. After that, this doctor was tracked electronically and
realistically, with widespread claims to be imprisoned, with several
harassments in his normal life.
Are Doxing Attacks Illegal?
Doxing attacks can destroy the life of one or several
people, whether online or in real life. Aside from exposing some of their
information, a Daxing can destroy the families around any victim of a Daxing
attack. Amidst many questions about the legality of doxing attacks or not,
international laws have not settled on a specific classification for these attacks;
Due to their diversity and the variety of materials and information published
in them.
And the answer to the question about the legality of
DXing attacks, the answer is often "no." Defamation or attempted
defamation usually does not qualify as unlawful. If the leaked information is
in the public domain and was obtained by legal means, the attacks would not be
unlawful. However, depending on the type of data published, duxing attacks may
conflict with laws designed to combat bullying, harassment, and threats.
As mentioned above, the legality of DXing attacks
depends on the type of information published. For example, revealing someone's
real name is not as dangerous as revealing their home address or phone number.
However, in some countries, the deception of public officials falls under
criminal conspiracy laws and is viewed as an actual crime. Since duxing attacks
are a relatively recent phenomenon, the laws surrounding them are constantly
evolving and they are not always well-defined.
Regardless of the laws, DXing's attacks violate many
websites' terms of service and may result in bans for those seeking to do so.
Defamation is often seen as an immoral act and is often carried out with
malicious intent to intimidate, blackmail, control, and subject others to
social harassment, personal identity theft, humiliation, job loss, and
rejection by family and friends.
Protection from Doxing Attacks
With a plethora of data and information scavenging
tools available online, almost anyone can be a victim of a potential Doxing
attack. If you have previously posted in an online forum, participated in a
social network, signed an online petition, or purchased a property, your
information will be publicly available.
In addition, large amounts of data are readily
available to anyone who searches for it in public databases, government
records, and search engines. While this information is available to those who
want to search for it, there are steps you can take to protect your
information, which includes:
Use a VPN service
VPN services provide excellent protection against
exposing users' IP addresses to exposure. VPN services take a user's internet
traffic, encrypt it and send it through one of the service's servers before
heading to the public internet, allowing you to surf the internet anonymously.
VPN services protect you when you join a public Wi-Fi network, keep your
communications private, and ensure you're not exposed to phishing, malware,
viruses, and other cyber threats.
cyber security practices
Antivirus and malware detection software can prevent
phishers from stealing information through malicious applications. A regularly
updated virus detector app helps prevent any security "holes" that
could lead to you being hacked and scammed.
Use strong passwords
A strong password usually includes a combination of
uppercase and lowercase letters as well as numbers and symbols. Avoid using the
same password for multiple accounts, and be sure to change your passwords
regularly. If you are having problems remembering passwords, try using a
password manager.
Use different aliases for each different website
If you use online forums like Reddit, Discord, or
others, be sure to use different usernames and passwords for each account.
Using account names, implementers can search your comments on different
platforms and use this information to compile a detailed picture of you. Using
different usernames will make it more difficult for people to track your
movements across multiple sites.
Create separate email accounts for different purposes
Consider keeping separate email accounts for various
purposes, professional, personal, and other purposes. Your personal email
address can be reserved for private correspondence with close friends, family,
and other trusted contacts, so avoid trading this address publicly. Your spam
email can be used to sign up for accounts on different sites, other services,
and promotions.
Finally, your professional (your workplace) email
address can also be included when used publicly and randomly. Avoid including
too much personally identifiable information in your email address such as your
first and last name and date of birth for example.
Check your privacy settings on social networks
Review the privacy settings on your social networking
profiles and make sure the amount of information being shared is appropriate.
Use different authentication and authentication methods
This means that you or anyone else trying to access
your account will need at least two pieces of authentication to log into your
account, usually your password and phone number. This makes it more difficult
for hackers to gain access to a person's devices or online accounts because
knowing the victim's password alone is not enough. They will also need to
access the authentication number.
Get rid of unused personal files
See how many sites have your information. While sites
like MySpace are now outdated, profiles that were set up over 10 years ago are
still visible and publicly accessible. This applies to any site you were
previously active on. Try deleting old/unused profiles if you can.
scam emails
Doxing attackers may use phishing tricks to trick you
into revealing your home address, Social Security number, or even passwords. Be
careful when you receive a message that is supposed to come from a bank or
credit card company asking for your personal information. Financial
institutions will never request this information via email.
Hide domain registration information from WHOIS
WHOIS is a database of all domain names registered on
the web. This public record can be used to identify the person or organization
that owns a particular domain, their physical address, and other contact
information. So, choose an anonymity package when purchasing or renewing the
purchase of any web domain.
Ask Google not to keep your information
If personal information appears in Google search
results, individuals can request that it be removed from the search engine.
Google makes this process simple by filling out an online form. Many data
brokers put this type of data traded online.
Constantly checking databases
You can use services like DeleteMe, PrivacyDuck, and
Reputation Defender to delete any data about you available on the internet.
Beware of short surveys and web app permissions
Online quizzes may seem harmless, but they are often
rich sources of personal information that you easily provide without thinking.
Some parts of the test may be security questions for your passwords. Since many
tests ask for permission to see your social media information or email address
before viewing test results, they can easily associate this information with
your real identity.
Beware of mobile apps that ask for many permissions
Many apps ask for permission to access your data or
device which should not be related to the true functionality of the app. For
example, a photo editing app has no logical use for seeing your contacts. If
you ask for access to the camera or photos, that makes sense. But if he also
wants to look at your contacts, GPS location, or some other function, don't
allow it.
Check how easy it is to attack yourself
The best defense in these phases is to make it difficult
for attackers to track down your private information. You can find out how easy
it is to do this by checking the information that can be found about you
online. For example: search for yourself on Google, upload one of your photos
and search it in Google, check the Haveibeenpwned tool if you have been hacked,
make sure you copy your CV, and make sure you don't mention it.
Set Google Alerts
Set up Google alerts about your full name, phone
number, home address, or any other private data you're concerned about so you
know if it suddenly appears online, it could mean you've been attacked.
Don't give attackers a reason to target you
Be careful what you post online, and never share
private information on forums or social media. It's easy to think that the
Internet gives people the freedom to say or write whatever they want. People
may think that creating anonymous identities gives them the opportunity to
express whatever opinions they want to publish, however controversial, with no
chance of being tracked down. But as mentioned, this is not the current
situation, so it is wise to be careful about what you say online.
First moves when you become a victim
.webp "First moves when you become a victim")
Don't worry if you feel anxious or afraid when you
have a doxing attack. Doxing attacks are basically intentionally designed to
violate your sense of security and cause you to panic, criticize, or ostracize
you. If you have become a victim of a DXing, here are some steps you can take:
Report
Report the attack on the platforms where your personal
information has been posted. Research relevant platforms' terms of service or
usage guidelines to identify ways to report and follow up on this type of
attack. While filling out a notification form for the first time, memorize it
so you don't have to repeat what you say. This is the first step to stopping
the spread of your personal information.
Involve law enforcement
If the attacker threatens you personally, contact your
local police department or relevant police branch. Any information pointing to
your home address or financial information should be treated as a top priority,
especially if there are serious threats.
documentation
Take screenshots or download the pages where your
information is posted. Try to make sure the date and URL are visible. This
guide is essential as your reference and can assist law enforcement or other
relevant organizations.
Protect your bank accounts
If attackers release your bank account or credit card
numbers, report it immediately to your relevant banking institutions. Your
credit card provider will likely cancel your card and send you a new one. You
will also need to change the passwords for your online bank accounts and credit
cards.
close your accounts
Change your passwords, use a password manager, enable
multi-factor authentication as much as possible, and enhance your privacy
settings on every account you use on all platforms.
Ask for support
Douxing attacks can be emotionally exhausting. Ask
someone you trust to help you work through the problem, so you don't have to
deal with it alone.
There is no doubt that DXing is a serious problem that
is made more possible by easy access to personal information over the Internet.
Staying safe in an online world is no longer easy. But following the best
cybersecurity practices can help. We recommend the use of comprehensive
security solutions from corporate cybersecurity service providers.
These practices protect you from viruses on your
computer, secure and store your passwords and private documents, and encrypt
the data you send and receive over the Internet using VPN services.