Doxxing, weaponising your data.
What is Doxxing?
Doxxing or Doxing is an abbreviation of Documents or Docs. Doxxing is sharing a persons or a company’s private or identifying information, this is usually online but can also take a physical form such as graffiti or in newsprint.
Doxxing is a weapon which is used by people with a variety of intentions, from addressing social injustices to attacking someone with the aim of inciting physical harm against them. The information shared through doxxing is generally meant to expose, embarrass, extort or endanger the person being doxxed. This information can include phone numbers, email addresses, home addresses, photographs or any other identifying information which the victim of doxing would not voluntarily place in the public domain, or in the context used by the doxxer.
The main attraction of doxxing is to inflict a monumental level of pain or harassment against someone without leaving home or being easily detected as the perpetrator or instigator of the attack.
What are the origins of doxxing?
Doxxing was originally known as Dropping Docs and was initially a method used by hackers and gamers to take revenge against opponents. An early example involved the details of white supremacists being doxed on UseNet. It has evolved into a modern-day method of attack used by a range of people. Anyone with access to an online platform such as Facebook or Twitter can publish information about someone else in a basic form of doxxing. Dedicated Doxxing sites hosted on both the surface and the dark web go a stage further and are designed as a platform for information to be revealed, shared and acted upon.
What do doxxers hope to achieve?
On dedicated doxxing platforms, the victim’s details are often published with a rough description of what they are accused of such as paedophilia, cheating, child or animal abuse in the hope that other people will subject them to harassment, ranging from using their details to sign up to junk mail services to physical abuse or even swatting attacks.
Swatting takes doxxing to another level, generally seen in America, this is a method of using the victim’s information to call a swat team claiming that an armed or hostage situation is underway. The aim is that the swat team causes severe distress or even shoots the person being doxxed.
Examples of doxxing include:
An instance in the late 90’s and early 2000’s where an anti-abortion campaigner published a list of abortion providers forming a hit list. People’s names were annotated if they had been hurt or killed. To date eight people from that list have been killed.
In 2013 a student was misidentified and doxxed on Reddit as a suspect of the Boston Marathon bombing. After a considerable amount of abuse, he was found dead. His death was ruled as a suicide, believed to be as a result of doxxing.
Over the last three years we have seen a steep rise in clients experiencing problems relating to doxxing. We have helped a client who after ending a relationship was doxxed by his previous partner. He was wrongly listed as a paedophile on a number of websites. Our investigation was able to produce evidence linking his former partner to the accounts sharing the information. Another case involved the distribution of revenge porn against a teenage girl which was being widely shared via social media. The images were actually deepfakes, her Image had been superimposed on another person’s body, however this was deeply embarrassing for both her and her family. After some work we were able to identify the source of the images and eventually remove the content.
Is Doxxing Illegal?
Different countries have different laws regarding doxxing. At present in the UK there is not a law dedicated to doxxing however most cases will fall under the data protection act, the protection from harassment act or the computer misuse act. The problems generally lie with enforcing these legalities as most doxxers are very tech savvy and will hide behind several layers of protection and aliases.
Can doxxing be prevented?
People can protect themselves to an extent, we recommend the following:
- Don’t overshare, this relates to social media. Consider your posts and comments and the consequences of them. Keep your accounts locked down and limit the information which you provide.
- Do not make your phone number visible on social media sites, consider using a secondary disposable number for account set up.
- Opt out of the open electoral register.
- Use a virtual private network (VPN) to mask your computers IP address
- Consider who you provide you address, phone number and email address to. Set up secondary email accounts for online shopping and services which request your delivery details. You can gain additional protection by arranging to pick deliveries up from collection points, this is recommended when using services such as eBay where subsequent disputes are common.
- Only provide your home address when you really need to, don’t fill out surveys or prize giving questionnaires, most of that information eventually works its way into the public domain either through mailing list sales or data breaches.
Most importantly, audit yourself, check your own online identity by running your name and partial details trough a range of search engines. See what information about you is easy to find.
Alternatively, our online profiling service can save you the time and do this on your behalf. We will compile a report detailing what information about you or your business can be easily located, our experienced team can then execute a process to remove this information where possible.
For more information or to discover our other services including, physical penetration testing, surveillance, close protection, investigations and due diligence visit our website.