Table of contentsClick link to navigate to the desired location
This content has been automatically translated from Ukrainian.
Doxing (sometimes referred to as "doxxing") (from English "doxing" or "doxxing") is the practice of collecting, publishing, and disseminating private information about a person without their consent, with the intent to cause harm, intimidate, or create inconvenience. The word "doxing" comes from the term "documents," indicating the disclosure of personal data. Doxing has gained popularity on the internet, where confidential information can quickly spread and be used against victims.
How does doxing work?
Doxing can involve collecting various information: real (full) name, address, phone number, email, workplace, financial data, photographs, or other personal information. In some cases, doxxers may even find or publish details about the victim's family. Using this information, malicious actors can threaten, blackmail, discredit, or even put their targets in physical danger.
Popular example of doxing (in the West): In 2014, during a conflict in the gaming community known as "Gamergate," several women who spoke out against sexism in the video game industry became victims of doxing. Their personal data, including addresses and phone numbers, were publicly disclosed, leading to threats and attacks.
Tools and techniques of doxing
- Social media: A doxxer can find information on Facebook, Twitter, LinkedIn, and other platforms. By browsing posts, photos, or geolocation tags, a malicious actor can gather a lot of private data.
- Search engines: A simple search on Google or other search engines can reveal a lot of information if it has been previously published online. For example, old posts on forums or comments on news sites.
- Account hacking: Using phishing or other hacking methods, a doxxer can gain access to the victim's personal email or social media accounts, where a lot of confidential information is often stored.
- Databases and search sites: There are specialized sites that collect and sell personal data. Some even specialize in finding people by last name, phone number, or other identifiers.
- Metadata analysis: Sometimes, metadata from images or documents may contain information that the user did not intend to disclose, such as shooting location coordinates.
How to protect yourself from doxing?
- Privacy on social media: Limit access to your profiles to friends or a selected circle of people. Avoid posting information that could be used against you, such as your address, phone number, or workplace.
- Password security: Use complex passwords and two-factor authentication to protect your accounts. This reduces the risk of hacking and unauthorized access to your data.
- Limiting the publication of personal data: Try to avoid spreading your personal data online. It is important to be aware that any information posted publicly can be used against you.
- Monitoring your data: Regularly check what information about you is available online and take steps to delete or protect it. You can use specialized services that notify you of data leaks or the appearance of new information about you online.
- Encryption: Use encryption to protect confidential data, such as emails or files containing important information. This will help prevent unauthorized access to your data in case of theft.
In simple terms - do not publish publicly what can be used against you. Even information from private conversations can be obtained by malicious actors (either side of the conversation process can be hacked or compromised).
Doxing in the crypto sphere
The crypto sphere is one of the most confidential and secure areas, as anonymity is key for many participants. However, even here, cases of doxing are not uncommon.
For example, in 2014, a well-known developer behind a popular cryptocurrency project became a victim of doxing. An anonymous hacker was able to discover the developer's real name, place of residence, and other personal data. After that, the hacker published this information online, leading to threats against the developer. It is important to note that in the crypto sphere, such cases can not only harm reputation but also jeopardize the security of the entire platform being developed by the person who became a victim of doxing.
Doxing in the crypto sphere can also have serious consequences for users, as hackers may attempt to gain access to cryptocurrency wallets using information obtained during attacks. In cryptocurrency transactions, where transactions are irreversible, this can lead to significant financial losses.
But it can also work the other way around. For example, when an anonymous project decides to run away with the money (perform a rug pull) - investigators may dox those same fraudsters and try to recover the investors' money.
Doxing of adult content creators
Creators of adult content who work on platforms like OnlyFans or similar often face the risk of doxing. The disclosure of their personal data can have catastrophic consequences, including public condemnation, job loss, or even physical danger.
For example, in 2020, there was a massive attack on the OnlyFans platform, during which personal data and photos of thousands of users were leaked. This data fell into the hands of malicious actors who then began to blackmail the victims, threatening to disclose information to their relatives or at their workplaces. Many models experienced severe emotional stress, and some even ceased their activities due to fear of further attacks.
This type of doxing usually aims to discredit or even ruin the life of the victim, using moral and social prejudices against the adult industry.
Beneficial doxing (possibly even ethical)
Sometimes doxing can have a positive impact. Bot farms are automated networks of accounts used to spread misinformation, spam, or manipulate public opinion on social media. Owners and operators of such farms usually try to remain anonymous, as their activities are illegal or morally condemned.
In Ukraine, OSINT (open source intelligence) and doxing are sometimes used as a powerful tool in the fight against enemy propaganda. A vivid example is a video from the Telebachennya Toronto project about "General Pekinesik" (caution, pekinesik is a euphemism).
Doxing can be part of journalistic investigations to expose corruption or criminal activity. Good examples are the projects bihus.info and Nashi Hroshi.
Example of using software for doxing
Imagine a situation where a malicious actor is trying to find confidential information about a certain person who actively blogs in the crypto community. Their goal is to reveal the identity of the blogger, who was previously anonymous, for the purpose of blackmail or discrediting.
Using OSINT tools (Open Source Intelligence):
The malicious actor starts by gathering information from open sources, using tools like Maltego or Recon-ng. These programs allow extracting data from social networks, forums, and other open sources to create a complete profile of the victim. The collected information may include aliases, email addresses, and even geolocation from photographs.
Email search:
If the malicious actor found the victim's email address, they can use services like Have I Been Pwned or Dehashed to check if this data has been compromised in previous leaks. This may provide additional information, such as passwords or other related accounts. After checking on Dehashed, the malicious actor discovers that the victim's email has been compromised in several data leaks. Using this information, they gain access to old accounts that the victim no longer uses but which may contain important data.
Using social engineering:
Having gathered enough information, the malicious actor may use social engineering to trick the victim into revealing more details. This could be, for example, a phone call or an email that appears to be an official request from a bank or another institution.
For example, posing as a support staff member of a crypto platform, the malicious actor calls the victim, using the gathered information, and forces them to disclose more personal data, such as their date of birth or full address.
Accessing private accounts through password leaks:
After gathering a large amount of information, the malicious actor uses tools for automated password cracking (such as Hydra or John the Ripper) on the victim's accounts. Using a combination of cracked passwords and guessing, the malicious actor gains access to the victim's accounts on various platforms where confidential information is stored.
Analyzing cryptocurrency transactions:
If the victim actively uses cryptocurrency, the malicious actor may use blockchain analyzers, such as Chainalysis or CipherTrace, to track transactions and identify the real person behind anonymous wallets. The malicious actor can use Chainalysis to analyze the victim's transactions to find connections between anonymous addresses and real identifiers, such as exchanges or other services where the victim's real data is indicated.
This post doesn't have any additions from the author yet.
