Doxing comes from the word Dox (initially “docs” from the word “documents”). It refers to the searching and online publishing of private or identifiable information about a particular individual or an organization. Doxing in most cases is carried out with malicious intent. And, it may take the form of hacking, searching social media pages or publicly available databases, or even social engineering.
Doxing is not something new. As a matter of fact, the hacker culture of the 1990’s embraced ‘dropping dox’ as a method of revenge. Hackers would search and post private information about their rivals or enemies. Since their targets prized their anonymity, it was the cruelest way of attacking them.
Online Doxing is a wide-spread CyberCrime that’s ruining many people’s lives
Online Doxing is a cyber-attack that aims at funning hate campaigns from the public towards the target. In fact, the attackers go through the targets social pages and any other online platforms. They use the information that they get to harass the target or direct and encourage others to cyberbully the target.
In some cases, the attackers give out false information about their target. The aim is to fuel hatred and brutal online attacks directed at the target. They also publish the targets residential address, business address or sensitive information about the target’s family. Such doxing exposes the target to psychological torture or in the worst case mob attacks.
So, how do doxing attackers get your private information to dox you?
1. Social Media
Social Media is the number one culprit when it comes to exposing our personal information. In fact, most of us do it unconsciously. People like posting the happenings in their lives online. They post about where they reside, where they work, and even where their kids go to school. The problem is that should a doxer zero-in on you, it’d take a couple of minutes, and they’d be knowing you like the back of their hand.
2. Data brokers may be the lose-end in your privacy protection strategy
Maybe you are a pro when it comes to social media anonymity. But did you know that anything you do interests someone else? Indeed, you might come about free online services which require you to sign up with your email. That could be the catch. Ask yourself, if they are offering purely free services, how’d they meet their ends? They could be selling your information to data brokers.
In case you don’t know, Advertisers, marketers, Newsletters services, law firms and many other entities need your information. Doxing attackers like targeting such huge data banks as opposed to hacking an individual. You see, there could be data on you stored somewhere online and which can fall in the wrong hands.
Websites you access could giveaway your data
Be careful about tracking cookies, small pieces of code that websites attach to your computer to store your online activities. They could sell your information to Data broker sites without your consent.
When you register a domain name, you provide to the registrar your name, residential address, and email address. All the data you give during the registration is readily accessible at the WHOIS site. Hence, doxers can get the initial information that can lead them to more sensitive information.
4. Doxware- a deadly variation of Ransomware
You must have heard about Ransomware. It is a malware that uses a broad-scale phishing technique to accesses a target’s data. The malware makes it impossible for the victim to access his data. Doxware also referred to as extortionware is a new Ransomware variation. After accessing the target’s data, Doxware further exfiltrates the data to establish potential doxing targets. After a successful attack, the hackers usually demand payment, or they publish the information.
5. IP address logging can give you a way to Doxers
Your IP Address is your digital footprint. The Internet Protocol Address is the number assigned to each device connected to a computer network. Here the hackers use an IP Logger. They send an invisible code to you via an email or message to try and sniff your IP Address. Once you open the message, your IP address is sent back to the hacker. Your IP address can be used by hackers to track all your online activities. It’s easy to find the geo-location (geographical location) of an IP address including the longitude, latitude, country, city, and region.
6. Organizational Doxing
Organizational doxing involves the stealing of an organizations data and indiscriminately publishing it over the internet. Let’s face it; we continually provide our sensitive data to organizations. Though the organizations promise the highest degrees of data protection, what if we get caught in a larger-scale breach? It happened in the Ashley Madison scandal (I’ll expound on this later), and millions of people were affected.
7. Reverse Telephone Lookup
A reverse telephone lookup is a doxing tool that uses the targets cell phone number to find an individual’s personal details. A targets name, sex, age, email address, and other personal details can help hackers carry out a successful doxing attack.
8. Email Tracking
Most websites that you visit for services require you to sign up with your email address. The problem is that some websites could be doxing harvesting sites. Such websites could provide doxers with your personally identifiable data which could lead to a successful dox attack.
Real life examples of Doxing that affected and even ruined the victim’s lives
1. The Boston Marathon bombing
Reddit falsely linked Sunil Tripathi, a missing Brown University student as a Boston Marathon Bomber. The internet went on fire, and Sunil was accepted as suspect No. 2. NBC’s Pete Williams helped clear Sunil’s name. However, Sunil’s family disclosed that they had received hundreds of threatening and anti-Islam messages even though they weren’t Muslims.
2. The Ashley Madison Scandal
The Ashley Madison scandal is an excellent example of organizational Doxing. Hackers made demands on the management of Ashley Madison, a dating site that provides infidelity, and married dating. The management of the dating site refused to yield to the demands of hackers who threatened to post sensitive data on their users online. The hackers made good their threat by releasing 9.7 gigabytes of data on its estimated 40 million users.
The information revealed millions of cheating husbands and wives. The hackers published names, email addresses, passwords, street address, and telephone numbers submitted by the website users. The leak revealed millions of transactions giving the amount paid for each transaction and the last four credit card numbers.
3. Felicia Day was doxed after describing her Gamergate fears
Felicia Gate, an actress famous for appearing in the TV series Buffy the Vampire Slayer, as well as Supernatural got doxed. This was immediately after Day spoke out on her Gamergate fears. She avoided speaking out on GamerGate for fear that she’d be doxed. True to her fears, she was doxed with her personal details being posted online immediately after she spoke out publicly about Gamergate.
Gamergate is an event that began in 2014 as an attack on Quinn, the developer of Depression Quest. Her game received a backlash from those who believed that it went against typical game formats by introducing politics as opposed to violence and skill. After releasing Depression Quest, Quinn received lots of threats including rape and even death threats. When Quinn revealed to the media about the attacks she was receiving, she was doxed with the posting of her house address online which saw her flee.
Other doxing victims of Gamergate were video game developer Phil Fish who ended up selling his company and calling it quits, as well as Anita Sarkeesian.
How to avoid being a victim of doxing attacks
1. Increase Privacy on Social Platforms
Social platforms like Facebook, Twitter, Instagram, and Quora provide the easiest way for a dox attacker to harvest your personal information. Here are steps you can take to increase your privacy on social media:
- Begin by making your profile unsearchable to everyone
- Change your friends’ list to private
- Always use a professional profile picture just in case it gets published somewhere else
- Set all your former profile pictures to private
- Get rid of any featured photos
- In the case of Instagram, it is advisable to set your Instagram feed private as your photos could reveal your location. It’s also wise to select who can follow you and view your photos.
2. Be careful of the information you share and submit online
Another best practice to avoid doxing attacks is to be cautious about the information that you share online. Avoid posting details about where you reside, where you work, where your kids go to school and any other personal identifying information. Also, be mindful of the information you submit to organizations. Such information can be fodder for hungry dox attackers.
3. Always Use Strong passwords for all your online accounts
Strong passwords go a long way to protecting your sensitive data online. They can help to protect your email accounts, online banking accounts, social media accounts, and any other accounts you may be having online.
Some of the things to avoid when creating a password are as follows:
- Avoid using names such as your personal or spouses name, your kids, or even pets name as a hacker can easily guess them
- Do not use personal information such as your date of birth, or your car’s plate number
- Avoid words found in the dictionary as they are common
- Desist from using sequences or repeated characters such as aaaaaa. They are easy to guess
Best Password practices include:
- Keeping your password to yourself
- Not using a single password across several online platforms
- Changing your password periodically
- When you signup to any website or online service, you usually are provided with a default system password. Always change the default systems password immediately at your first login.
- Make a point of enabling two-factor authentication-Also referred to as second step verification, this provides an added layer of security in that anytime time you enter your password, a one-time code is sent to your phone, and you must enter the code to successfully login to your account. This means that even where a hacker gets your password, they can’t get into your account because they won’t have the code that’s sent to your phone.
4. Use an Anonymous email address
Since most websites ask us to provide our email address so as to join or receive certain services, you’d rather provide them with an anonymous email address. The best anonymous email service omits typically its user’s email address, the reply address, the path that can connect the receiver to the sender, as well the time stamps that can reveal when the email was sent.
You can generate a disposable (temporary) email address from an anonymous email service provider which you can use to sign up to a website and dispose of it after that. You can also use a permanent shielded (fake) email address from an anonymous email provider to sign up for an online task instead of using your real email address.
5. Remove your information from Google and Data Broker Sites
It’s advisable to check your information that’s available online. You can start by searching for your name on Google. This way, you can find out your data that’s available on message boards, social media networks, internet forums, and many other online portals. You can proceed to delete not only the information that you find online but also the accounts that you no longer use.
Also, remove your information from Data Broker Sites. This you can do by contacting them and requesting them to delete your information. However, most of them have put in a lengthy information deletion process to discourage you.
If that’s the case, you can resort to the following services to remove your personal information on the internet:
- Instant Checkmate
Furthermore, you should remove the cookies stored on your browser regularly.
6. Protect the data on your device against Doxware
Doxware, as I’ve already explained above, is a variation of Ransomware. Hackers use it to sniff and harvest the data on your computer devices. The best way of protecting against a Doxware attack is by installing a powerful antivirus to protect all your devices. Make sure to routinely use the antivirus software to scan your devices. Also, ensure that the software automatically installs updates.
7. Protect your online data and Hide your IP Address with a VPN
You can use a Competent VPN (Virtual Private Network) service to hide your IP address and browse the internet anonymously. Also, the best VPN will encrypt all your data to ensure that a hacker cannot intercept it as it transits on the internet. Furthermore, A VPN can also spoof your location so that you appear in a different place other than your real position. Not knowing your real location can prevent a potential doxing attack.
Other notable features worth mentioning is that VPN apps have an inbuilt anti-malware to guard against phishing attacks. They also provide an ad-blocker to protect you from being bombarded by annoying ads. On the same token, a VPN also comes with a NAT (Network Address Translation) Firewall as an added layer of protection as it helps to filter out a lot of potential threats.
You can protect your online data and guard against tracking and Identity Theft by using TRACKOFF privacy software.
TRACKOFF WILL HELP YOU
- Stop bombardment with annoying ads
- Achieve a truly private online browsing
- Remove super-cookies
- Prevent the stealing of your identity (Identity Theft)
Wrapping it up
A Doxing attack is a real threat that waits to happen especially in the advent of the Doxmalware. Reading and observing the advice in this article can reduce the chances of you getting doxed. You must always be extra careful about the information you post or provide online. Always pause and ask yourself, can this information be used against me? I’m I about to provide sensitive information that can injure myself, my loved ones, or my interests? Your answers to the two questions can help you make the right decision before you click the ‘Submit’ button.