Doxxing attacks turn personal data into a cyber weapon for blackmail, threats or humiliation. This is what you need to know about this topic.

Doxxing, which was once a kind of “sport” among hackers, has now become a dangerous phenomenon that affects not only public figures.

The term “doxxing” originated in the golden era of the internet: the 1990s. At the time, maintaining anonymity was considered a top priority among hackers and geeks — the true identities of online users typically remained hidden.

Unless personal animosity between hackers led to them trying to expose each other. At that time, this was done through the publication of paper documents (“drop docs”). Over time, Docs became Dox and eventually doxing.

Today, doxxing has expanded beyond the hacker niche, and the definition of the term has also changed. While in the early days of the Internet it was only about revealing the identities of competing users, today doxxing is primarily understood as the disclosure of personal information about individual users.

This data could be, for example, home addresses, employer information, private correspondence or other personal data, the publication of which would entail unpleasant consequences. Attackers pursue different goals. Typically, they want to humiliate or humiliate their victims on a personal, professional or even physical level.

Doxxers use a variety of methods to reveal personal information. They can mainly be divided into two categories.

Legal methods

If the attacker knows the full name, a lot of information can be obtained from legitimate sources: social networks, public databases, tenant registration offices - in many cases, a simple Google search can provide a lot of information.

If doxxers target people connected to a specific internet domain, a Whois search will often help them determine the victim's name, address, and phone number. Reason: Many domain owners don't know that this information can be hidden.

If the victim is an active member of a forum or online community, a lot of information may also be visible there (or after registration). Administrators of such portals also have access to other information not intended for public access.

To be able to link an online alias to a real person, doxxers often use OPSEC techniques: since many people use the same or similar aliases for multiple online accounts, breadcrumbs between accounts may not be collected. It is enough to combine personal information to create a personal profile.

Vivid examples of this approach are the disclosed “secret” Twitter profiles of former FBI Director James Comey and American politician Mitt Romney.

Another way to access personal data is through metadata, such as Microsoft Office. Word documents contain, among other things, information about the user who created them. The same goes for photos: embedded EXIF data can provide information about exactly where the photo was taken. Since most photographs are taken at or near home, this is often a quick way to find out where a person lives.

Illegal methods

Doxxers are not necessarily limited to legal methods. This is mainly because illegal routes often lead attackers to their targets much faster. For example, personal data can be easily purchased on darknet marketplaces.

If data sets can be linked to existing information, a relatively complete picture of a person can emerge. Additionally, doxxing-as-a-service offerings have long been available on underground marketplaces. In addition to this, doxxing attacks also use “conventional” methods used by criminal hackers, such as IP address logging or packet sniffing.

It is impossible to completely remove personal data from the online world. However, there are a few tips to help you minimize your attack surface and thus prevent doxxing attacks as much as possible:

Keep your data under control:

- Avoid posting identifying information online.

- Keep your social media accounts as private as possible and don't accept friend requests from people you don't know.

- Configure applications so that no personal information is contained in documents or photos.

- Use a disposable email address to register for accounts that should not be associated with your real name.

- If you are the owner of the domain, pay attention to the Whois directory.

- Send a request to Google to delete your personal data.

Rely on best security practices:

- Switch to an email provider that offers built-in message encryption.

- Use different usernames and strong passwords.

Become your own doxxer:

- Attack is the best defense. Only if you know how doxxers think and act can you act on your own.

- Prepare a guide to help you initiate a doxxing attack against yourself.

Mainton Company - custom software development and testing, DevOps and SRE, SEO and online advertising since 2004.