Doxing – The Danger Of Excess Information On Web
Stealing of someone’s personal information from various Internet sources and publishes them on the web is known as Doxing. How dangerous can it be to reveal personal information on the Internet? Politicians and celebrities experience it more and more in their own flesh. Criminals, online stalkers and other people with defamatory intentions collect and publish the most intimate information of the victim and, therefore, generate substantial damages. It is said that criminals doxing their victims. What does this mean and why do criminals do it?
What Is Doxing? Definition And Explanation Of Cyberattacks?
Doxing: When a cybercriminal wants to dox his victims, he searches for their personal data from various Internet sources and publishes them on the web. This can cause considerable damage to the victims. Hostilities can become physical aggression.
Many cyberattacks are carried out by so-called hackers. These program viruses, take advantage of security holes and carry out software-based attacks. In these cases, criminals are specialists with computer skills and programming at the highest level. However, in most cases, doxing perpetrators do not require specific knowledge. His tools are perseverance, motivation and desire to commit a crime.
Doxing attacks always take place in two stages: data collection and publication. In the first step, the attackers collect all available information from the victim. This includes private addresses, including email addresses, phone numbers, family member’s names, social media accounts, private photos and sometimes bank details. The data is as diverse as the places where it is obtained.
Social networks: people publish many photos and also very personal information on social networks, where they are visible to everyone.
Websites: the imprint of a website or blog contains specific data of people and companies.Addresses and telephone directories: databases with addresses and telephone numbers can also be found online.
Pirated databases: in this mode, attackers hack databases in the cloud or protected and obtain sensitive information from them. This data can then be put up for sale on the darknet, where they are acquired by doxing attackers.
Social engineering: attackers pose as trusted people on the Internet and manipulate victims and their families to voluntarily deliver the information.
Many doxing attacks take place exclusively with freely available information. By associating the data and the context in which the publication takes place, information about the victim that can be used for prejudice is revealed.
In the second step, the information collected is disseminated so that it reaches as many people as possible. To this end, the attackers create fake accounts on social media and publish the documents on anonymous platforms. Its objective is that as many people as possible have access to this information and disseminate it to increase the damage. Often, the publication is associated with threats that are also visible to other users and that may also leave the Internet.
Also Read: Machine Learning: What Is Machine Learning?
Why Doxing Is Made? Reasons, Victims, And Consequences
Doxing is rarely intended to blackmail, attackers often do not seek money. The information collected is usually not explosive enough for this. In most cases, the attackers just want to hurt the victims. The main reasons are, therefore, in most cases, revenge, extrajudicial justice or damage to political opponents. Therefore, the victims are often politicians, journalists or prominent personalities who have expressed themselves politically. Doxing is also used as a weapon in personal conflicts. In these cases, it is mostly about breaking the anonymity of the opponent.
In these cases, the main motivation is hate: the perpetrators do not want to enrich themselves, but simply harm the victim. The publication of the data puts pressure on the victims. It conveys to these the message that the person is in the spotlight of the opponents and that they are also willing to use illegal means. It is also done to incite other like-minded people to take things further, from threatening letters, swatting (false complaints to the police against the victim) to actual acts of violence. The goal is to intimidate victims to the point that they are afraid of appearing in public.
Often, doxing perpetrators try to gain recognition in the scene in which they move. It is not uncommon for attackers to boast about their actions, of course, behind a pseudonym.
In December 2018, one of the most notable doxing attacks in Europe took place in Germany. A Twitter user posted data on politicians, journalists, presenters, YouTubers, musicians, and actors. In some cases, the information disseminated was relatively harmless or outdated, but in many of them private email addresses and telephone numbers, home addresses and even bank details were published. The attack also included private conversations, for example, Facebook Messenger chats. The alleged author was captured, among other things, because he boasted on the Internet of having committed the crimes.
Even activists of the Anonymous collective acknowledge having used this practice against political opponents in the past. Motivations include committing self-righteousness, public humiliation, and intimidation.
What Measures Can Be Taken To Protect Against Doxing?
In principle, all Internet users are vulnerable to a doxing attack. People who are involved in political activities on the Internet or who express themselves politically in blogs, videos or publications on social networks are particularly vulnerable to this. In the course of an online harassment campaign, attackers can also resort to doxing.
As some of the criminals choose victims randomly, all Internet users are likely to fall into these attacks, so it is important to present only the essential information about oneself and follow the principles of the so-called data economy. If the attackers do not find any personal data, they are unlikely to attack.
If you are a victim of doxing and receive threats and insults, you should go to the police and file a complaint. You can also proactively contact the platforms where the information was published and request that the data be deleted. Before reporting, it is recommended to take screenshots.