What is Doxing? How it Works & Protection
Doxing (or Doxxing) is derived from the word “Dropping dox” i.e. “Dropping documents”. Doxing is a form of cyberbullying in which previously private personal information of an individual or organization is publicly released. Hackers usually reveal some personal information like chats, videos, or any private file all over the internet with intentions of financial harm, harassment, or exposure of the victim. Michelle Obama, Donald Trump, and even Beyonce have all been the victim of “doxing”. But how is doxing done? Is it legal? And can it be dangerous?
How does Doxing work?
Doxing involves the use of data that we all have floating around on the internet on different sites, on social media accounts, in online games, on blogs, etc. Hackers target an individual to access their information from different sources and use that information against them. Some of the ways used by hackers to access the information are:
Tracking Username
Most people use the same or similar names to make their accounts on different websites and web applications. Thereby it makes the hackers work easier to pinpoint all the accounts that belong to the user. Data from these accounts help hackers to get ideas about user’s interests.
The WHOIS search on a Domain Name
If a person owns a domain name then all the information regarding him is saved in a registry. That registry is oftentimes available to anyone by doing a WHOIS search. Usually, there is an option for hiding information while signing up for a domain. If you do not opt for privacy then your personally identifying information (such as name, address, phone number, business, and email address) will be available publicly.
Phishing
If a person ever falls for a phishing scam or uses insecure email, then the hackers can retrieve the email and can use the sensitive or personal emails for doxing.
Stalking on Social Media
If you have made your social media accounts public then be careful, because in public profiles all the photos, status updates, check-ins, and other personal details are visible to everyone. Hackers can take advantage in many ways like breaking your security questions such as What is the name of your favorite pet? or Who is your favorite man? etc.
Shifting through Government Records
Most people are aware of their privacy but few of their details can be retrieved from some government-operated websites like the Department of Motor Vehicles (DMV), and few sites which hold country records, marriage licenses, business licenses, voter registration, etc.
Tracking IP Addresses
Doxers uses different tricks to track your Internet Protocol (IP) Address and after that, it could be misused. For example, they with the use of some social engineering tricks can reach out to your Internet Service Provider (ISP) and can pretend to be you and ask questions to ISP to retrieve your personal information.
Reverse Mobile Phone Lookup
If a doxer knows the phone number of a person, he can dig more information from a single phone number. Like he can use the reverse mobile phone lookup services to find the details of the owner. For example, Whitepages is a reverse phone lookup service, although it is a paid service to find numbers outside the city yet provides all the details of the owner.
Packet Sniffing
While doxing, packet sniffing is one of their greatest tools. Data is transferred in the form of packets over the internet. When a packet is sniffed, attackers can find what type of information is within it. In this way, they can take advantage.
Data Brokers
As the name itself suggests, Data Brokers sell their details to others for their profit. He collects information from different sources and sells it on the dark web.
Example of Doxing
There are many examples of doxing. It takes on many different forms. The most common situations in which several people tend to fall are:
- Releasing one’s private, personally identifying information on the internet.
- Revealing some unknown private information of a person online.
- Releasing personal details of an organization.
- Releasing information of an organization related to secret files or missions etc.
Is doxing illegal?
Doxxing, by exposing targeted individuals and even their families to both online as well as real-word harassment could be life-threatening. So, should it be legal?
It depends on the situation, it is not illegal if the exposed information lies within the public domain. This includes arrest records, marriage certificates, traffic violation records, divorce records, etc. If someone publishes this even without your contest, they won’t be doing anything illegal.
Doxing would be called illegal if someone publishes something which is not in the public record, such as credit card details, bank account details, birth certificates, etc.
Even though the retrieved information lies within the public domain, Doxxing is always considered to be unethical.
How to protect yourself from Doxing
There is no guarantee that one won’t be doxed, it’s nearly impossible. The only thing we can do is to follow some strategies to lessen the odds. Some strategies are:
Use a VPN
A VPN or virtual private network can shield your private information. When you connect to the internet by first using VPN, your real IP address will be hidden. VPN encrypts your internet transmissions so knowing information is not possible unless you know the description code.
Use Strong Passwords
A weak password such as your name, predictable series of numbers, or a word is very easy for doxers to guess. A strong password includes the combination of uppercase and lowercase letters with few numerics and some special characters.
Keep changing your privacy setting time-to-time
If you use social media and post potentially sensitive and private information, then after a regular time interval you should keep changing your privacy settings and passwords.
Be alert for Phishing Emails
You should always read the email carefully before taking any action, it could be a trap for you. Don’t give your passwords or CVV no. is asked because the authorized bodies never ask for this information.
Create separate Emails for separate purposes
Instead of signing up on all the sites with one email id, it is better to use different emails for different purposes. It will lower the risk of doxing.
What to do in case you are Doxed?
If you are ever doxed, these are the steps that can lower the damage:
- Report It – Report about the attack on the platform on which your information has been posted.
- Involve Law Enforcement – If the attack involves personal threats, inform the local police department.
- Document What Happened – Take screenshots or download pages on which your information is posted. This could be helpful during the investigation.
- Protect Financial Accounts – If the boxer has leaked your bank details, immediately contact your bank, tell them about what happened and ask them to freeze your account.
- Increase Your Privacy Setting – Uphold your privacy setting, change all the passwords of all the possible accounts, especially those where the leaked information can be used.
Conclusion
As we know, nowadays we are much more dependent on the web for our necessities. So we will need to upload our few private pieces of information on the web. The only thing we can do to avoid Doxing is to be very careful from our side and read all the terms and conditions of each website before allowing it to access our private details. Do not take browsers warning lightly, if the browser sends any warning to think about it.