What Is Doxing?

Doxing, also known as “doxxing” or “d0xing”, is a cyber-attack tactic involving the collection and dissemination of personal information with malicious intent. Doxing attacks are carried out to embarrass or harm the target by publicly exposing sensitive data, such as social security numbers, addresses, phone numbers, credit card details, and other private information. Doxers use this data to threaten the victim in some way, whether through blackmail or extortion.

The term “dox” comes from the slang word for “documents” (or doc), as historically, doxers would typically search online databases like public records websites and social media platforms to collect personal information about their victims. Doxers may also try to get more data on their target by contacting external sources, such as people close to the victim. Once they have gathered enough information on their victim, they will post it online directly or via a link-sharing portal.

Doxing can range from personal pranks, such as revealing someone's phone number without permission, to more serious offences like identity theft and fraud. Technological advancements have made it easier for attackers to pinpoint potential victims on the web, even if those people are not intentionally searching for attention. As a result, many organisations now take proactive steps towards protecting against doxing attacks by investing in robust cybersecurity measures like firewalls and encryption software that help safeguard against potential threats posed by doxers.

Doxing is an illicit digital practice that victimises people, corporations, and even nations. By understanding the different types of doxing techniques available, IT teams and cybersecurity professionals can take steps to protect their networks from potential threats.

Doxing is a cyber assault that unearths and publicises personal data about an individual or entity. The aim of doxing is to shame or discredit the target by divulging sensitive data. It can be broken down into two primary types.

Physical Doxing

Physical doxing is when someone visits a location to gather personal data on their target. This could include taking pictures of the property or snooping around for documents with identifying information. In some cases, physical doxers may also use GPS tracking devices to follow their targets’ movements. An example was seen during the Hong Kong protests, where Chinese authorities placed GPS trackers on protesters' phones and vehicles to identify them in surveillance footage later.

Online Doxing

Online doxing is when someone collects personal data from online sources such as social media accounts and websites to reveal details about a person's identity or activities without their consent. For example, if you have ever posted your address online, it would be easy for someone with malicious intent to discover where you live just by searching through your posts and profile pictures.

Doxing can take many forms, from gathering publicly-available information to more advanced techniques like social engineering. Doxing is a major concern and must not be disregarded. Once the information is released into cyberspace, the consequences can be far-reaching and potentially damaging to the reputations of people and businesses.

Examples of doxing can range from trivial pranks to serious invasions of privacy. It’s a form of cyber harassment that has become increasingly common in recent years.

Doxing on Social Media

One typical example is when someone posts unsolicited personal information, such as a home address, phone number, email address, or other sensitive data online. This is often done by creating fake social media accounts specifically designed to target individuals for harassment and humiliation purposes.

Doxing by Association

Another example is “doxing by association”, which involves gathering personal information about someone based on their connection to a targeted doxing victim.

For instance, if a hacker were targeting an employee at a company, they might try to find out more about their family members or friends to gain access to confidential data related to the company itself.

Doxware

A third type of doxing is called “doxware”, where hackers demand payment from victims in exchange for not publicly releasing their sensitive data.

Hackers may also threaten victims with legal action if they don't comply with demands – making it particularly dangerous and difficult for victims to fight back against these types of attacks without putting themselves at risk further down the line.

Hacktivism

Finally, there are instances where people use doxing as part of political activism campaigns known as “hacktivism”. This is where activists seek justice through public shaming tactics like posting private documents online related to corporations or government officials involved in unethical activities such as corruption scandals.

Hacktivism can have far-reaching consequences beyond just embarrassing those responsible. It can also potentially damage reputations and businesses depending on how widely shared the information becomes once released into cyberspace.

Legally, doxing can be a complicated and contentious matter. Doxing is considered a cyber crime characterised by researching and broadcasting private information about an individual online. However, the legality of doxing depends on the type and source of shared information.

In most places, releasing confidential details without the proprietor’s authorisation is illegal. This includes personal data, such as addresses, phone numbers, email addresses, bank account details, etc. Some countries have laws that make sharing certain types of sensitive data (such as medical records) illegal, even if they have been made public by another source. However, in certain situations where private data has been circulated for a long time, it may not be seen as infringing upon privacy regulations.

The US Computer Fraud and Abuse Act penalises those who access computers without permission or surpass authorised entry with malicious intent or for personal benefit. Depending on the severity of the act committed, penalties for this type of crime can range from hefty fines of up to $500k to lengthy prison sentences. Therefore, it's imperative to recognise that activities like illegally accessing databases or utilising malicious software/spyware programmes to breach protected networks are strictly prohibited by law and can result in severe penalties for participants.

In Europe, GDPR (General Data Protection Regulation) legislation provides individuals with rights over their personal data. This includes how companies collect, store, process, use, share, delete, transfer, and dispose of personal data. Under GDPR, any organisation found guilty of violating these regulations could face fines of up to €20 million or 4% of global annual turnover, whichever is higher.

In the U.S., states have adopted legislation to penalise menacing activity conducted electronically, including emails, texts, and social media posts – as part of doxing assaults against persons. Even though we don’t always hear about these cases, there are legal repercussions associated with carrying out such activities, and in most scenarios, doxing is considered an illegal, punishable activity.

The repercussions of doxing can be extensive, leaving those affected in psychological distress from the fear of being tracked or threatened by strangers who possess their private information. Reputational damage is also possible should employers or associates stumble upon sensitive details made public without consent. Moreover, the financial cost of recovering from damages due to identity theft and credit card fraud may leave one feeling like they are between a rock and a hard place.

Cyberbullying via direct messages containing threats and insults on social media platforms could create an atmosphere where individuals feel belittled amongst peers who become privy to these posts. Furthermore, divulging home address data makes offline stalking possible, potentially putting people at physical risk.

If you are doxed, it is critical to promptly take action to safeguard you or your organisation from further harm.

Notify Authorities

The first step when responding to a doxer is to notify law enforcement authorities. Depending on the severity of the attack and potential threats, legal action may be necessary; thus, it's recommended to contact local police for further assistance. Legal action may be required in cases with grounds for filing criminal charges against attackers.

Monitor Online Activity

It’s also critical to monitor social media accounts associated with your business or brand in case attackers post defamatory content about you or your organisation online. If this happens, immediately report offensive posts or comments and remove them from all platforms. Set up Google Alerts to be notified when content related to your name appears online, allowing you to stay ahead of potential attackers.

Secure Your Data

You should also secure any exposed data by changing passwords across all accounts associated with an affected user profile (email addresses included). Also, ensure all sensitive information stored on company servers is encrypted using strong encryption protocols. This helps prevent unauthorised access even if hackers manage to breach IT-implemented data security measures within organisations. Finally, keep track of IP addresses that have recently accessed corporate networks to help detect suspicious activity before it causes serious harm.

Employ Prevention Policies and Systems

Remember that prevention is always better than a cure when dealing with cybersecurity threats like doxing. Invest time in creating robust employee data management policies and regularly reviewing the company's security systems. By doing so, organisations can minimise their chances of falling victim to future attacks launched by determined adversaries looking for weaknesses within networks that could be exploited.

It is imperative to be watchful and take the essential measures when reacting to a doxer. Once vigilance is achieved, learning how to thwart doxing can be the next step in safeguarding yourself.

To guard against doxing, bolster your online security and restrict how much personal data is publicly accessible. Multiple strategies can help achieve this.

Secure Password Protection

Strong passwords are critical for protecting against doxing attacks. For optimal security, passwords should contain a combination of uppercase and lowercase letters, numbers, and symbols with at least 8 characters in length. Using distinct passwords for each account is vital to ensure that if one password is exposed, other accounts remain secure.

Check out our blog post for password best practices.

Multifactor Authentication

Two-factor authentication (2FA) and multifactor authentication (MFA) add extra layers of security by requiring users to provide a username/password combination and another form of verification, such as a code sent via text message or email, before they can access their account. This makes it much more difficult for attackers to gain unauthorised access, even if they manage to get hold of someone’s credentials through doxing or other means.

Limit Information Shared Online

Another way to protect yourself from doxers is by limiting the personal information you share online, particularly on public forums, social media sites, or discussion boards where people may search for targets using keywords related to location, job title, or interests. Be mindful when posting photos, too – avoid including details that could identify where you live or work unless absolutely necessary.

Not only is it essential to safeguard your information but also that of those around you. Friends and family members who might not understand how easy it can be for malicious actors to find their personal details should also be educated about good digital hygiene practices.

Detecting doxers is a critical part of protecting against cyber-attacks. IT personnel, cyber security experts, business owners, and corporate leaders must comprehend doxer tactics to effectively detect and address potential threats.

Security Monitoring

One way to detect potential doxers is by monitoring social media accounts and other online platforms. This includes regularly checking profiles for suspicious activity, such as new followers or posts with personal information about an individual or organisation. Any dubious conduct should be quickly reported to allow for suitable measures if necessary. Additionally, security audits should be conducted regularly to identify any vulnerabilities that may have been overlooked previously.

Analyse Traffic Logs

Another method of detecting doxers is analysing network traffic logs for unusual patterns or activities that could indicate malicious intent from outside sources. For example, large amounts of data sent out from a single source could suggest an unauthorised attempt to collect sensitive information about an organisation's systems and networks. Monitoring these types of activities can help IT teams identify potential threats before they become serious problems for the company’s security posture.

Employee Training and Education

To safeguard against doxing, companies should educate their employees on the importance of refraining from sharing too much personal information online and using strong passwords when accessing sensitive accounts, for example, on financial institution websites. Employees should be advised not to click on links sent by unfamiliar senders, as this could put them at risk of identity theft or other cyber offences like phishing.

Doxing is a serious threat to online security and privacy. To mitigate the risk of doxing, it is essential to take measures such as regularly changing and reinforcing passwords, using multifactor authentication, monitoring online presence, and keeping employees trained to detect doxing acts.

Proofpoint is a global cybersecurity leader that can help employ such measures to protect against cyber crime acts like doxing. Learn more about Proofpoint and its AI-powered technologies and defence platforms can prevent doxing, data loss, and other security threats.